01498nas a2200253 4500000000100000000000100001008004100002260000900043653001300052653002400065653002000089653001700109653003800126653002300164653001800187653004100205653002400246653003800270100001800308245009000326300001100416490000600427520081100433 2001 d c200110acyberwar10aInformation society10arisk perception10arisk society10acyber risks: physical vs. virtual10aUS policy response10acyber attacks10acritical information infrastructures10ainformation warfare10apublic-private sector partnership1 aRalf Bendrath00aThe Cyberwar Debate: Perception and Politics in US Critical Infrastructure Protection a80-1030 v73 a
When combating the risk of cyber attacks on critical infrastructures was adopted as part of the political agenda of the US, it was framed mostly in military terms like “cyberwar” or “information warfare.” The security strategy implemented in 1998 and elaborated in the “National Plan for Information Systems Protection” in January 2000 shows a very different direction. Instead of a military approach, it consists of law enforcement, private-public partnership, and private and public self-help. Three factors led to this outcome: Differing risk perceptions in law enforcement and the private sector, private control over the technical resources, and constraining cultural and legal norms. The American policy against cyber attacks, thus, is an example for a failed “securitization.”