The peculiarities of securitising cyberspace: a multi-actor analysis of the construction of cyber threats in the US (2003-2016)

The rapid development of information and communication technologies rendered cybersecurity an integral aspect of contemporary security discourses and practices in different fields. Yet, despite the obvious intellectual demands of the field, most academic literature on cybersecurity in international relations and security studies remain policy-oriented and under-theorised. One of the few exceptions are studies utilising the Copenhagen school’s securitisation theory to studying discourses and practices of cybersecurity, particularly in the US. Nevertheless, the cyber securitisation literature is still limited in its engagement with the complexity of cybersecurity. One important aspect of this limitation is their focus on official and government’s discourses; an approach that is not applicable with a multi-stakeholder, privately-dominated cyberspace. This state-centric approach does not reflect the diversity of cybersecurity discourses by highlighting only the militarised, geopolitical narratives, adopted by some policy makers. Besides, it overlooks the nuances in threat perceptions, not just between the private and the public sectors, but also among different agencies inside the government. Therefore, focusing on the US as a case study, this paper will employ the securitisation theory’s sectoral analysis for studying the process of securitisation in the field of cybersecurity, using a multi-actor approach which considers the role of several state and nonstate actors in producing and managing cybersecurity discourses, and how complex public-private relationships influence cybersecurity policies and practices. The paper uses the method of discourse analysis in studying cybersecurity discourses of the government, private sector, and media in the US, by examining multiple resources, including official policy documents, congressional hearings, and opinion articles. The analysis covers the period from 2003, when the first cybersecurity strategy was announced, until the end of the Obama administration in 2016. The arguments presented by this paper contribute to the theorisation of the complex conceptual and policy problems of cybersecurity and of cyber securitisation processes through an inductive approach that develops an understanding of the logics and politics of security and risk as contextuallybound and sector-dependent