Motivating Cybersecurity: Assessing the Status of Critical Infrastructure as an Object of Cyber Threats

Background

This chapter is informed by the results of an ongoing research project that is monitoring, documenting, and analyzing the evolving public policy discourse about cybersecurity in the United States. Previous studies of U.S. cybersecurity discourse (discussed in more detail below) have noted that perceptions of cyber threats have changed over time. With renewed interest in cybersecurity coinciding with several well-publicized cyber attacks and the election of a new president in the United States, this project has worked to determine the degree to which dominant perceptions of cyber threats may have changed across a number key categories. This chapter focuses on the relationship of critical infrastructure to two of those categories: the object and impact of cyber threats.

This chapter is based on an analysis of what have been called “discourse events.” Discourse events are documents or statements that are reflective of or have the power to shape the overall public policy debate about cybersecurity in the United States. While there are thousands of news stories, blog posts, discussion forum posts, and more each week about cybersecurity, these are not necessarily representative of dominant perceptions of cyber threats, and very few have the power to shape the overall discussion of the issue. They do not count as discourse events. Discourse events are produced by high-ranking policymakers, military leaders, Internet security companies, security experts, or veteran journalists and include accounts from influential media sources, government policy documents, industry and think-tank reports, military strategy and doctrine publications, and speeches, op-eds, or Congressional testimony by civilian policymakers, military leaders, or experts. This chapter is informed by the collection and analysis of over one hundred such documents since 2009.