Abstract
Sometimes, in contemporary society, it can seem like the subject of cyberspace security is everywhere. The recent theatrical release of the Oscar winning documentary Citizenfour – with the Edward Snowden case as its central subject matter – reminded audiences of the extent to which internet freedoms have been compromised, perhaps irrevocably, by Western security and intelligence agencies. Not to be outdone, and in true idiosyncratic fashion, North Korea demonstrated its offensive capabilities (and its capability to be offended) by cyberhacking Sony Pictures Entertainment to prevent the release of a comedy movie – The Interview – that parodied the Communist regime. Even non-state actors have been getting in on the cyberspace security game: on the same day as President Obama delivered a speech on cybersecurity, hackers supporting the terrorist group Islamic State took control of United States (US) military YouTube and Twitter accounts and posted both videos supporting terrorism and messages threatening attacks on American military personnel. In light of such developments it may be more accurate to suggest that cyberspace security, and insecurity, are everywhere.
It was following these events that I approached the Giampero Giacomello edited volume Security in Cyberspace. Most of the nine chapters in this book can be traced to a series of lectures delivered at a conference on ‘Security in Cyberspace’ held in Italy in early 2012. These lectures had a broad and diverse scope, covering topics such as cyberwarfare, cyberterrorism, privacy, freedom of speech and organised crime, and WikiLeaks (p. xvi). This diversity is reflected in the range of contributions to this volume. Sensibly, Security in Cyberspace begins with an introduction by the editor that discusses three important areas: the key concepts in this field; an appraisal of the recent literature on the subject matter; and an overview of the structure of the book.
Security in Cyberspace comprises nine substantive chapters divided into two sections: ‘The Nation’ and ‘The Infrastructure and the Individual’. The first section situates the role of state actors in this rapidly developing space. The contributions here cover a range of topics and perspectives. Sensibly, the section begins with a chapter, written by Rossella Mattioli, that traces the meanings of cyberspace and cybersecurity and their impact at the national, organizational, and individual levels. This first section then moves to discuss an array of interesting cybersecurity topics: from WikiLeaks and the role of the state (Chapter 3) to the critical subject of communications and nuclear weapons (Chapter 4). Perhaps the most challenging chapter in this section, however, is the closing contribution.
Written by the Chinese scholar Chunmei Kang the concluding chapter to the first section of Security in Cyberspace deals with cybersecurity in a context that is familiar to scholars and students of international relations: the ‘China threat’ (see Roy, 1996). This chapter does well to recognise that whilst some may seek to construct China as an offensive or aggressive actor in cyberspace – for example through Chinese state involvement in (or support or facilitation of) distributed denial-of-service (DDoS) attacks – it also remains vulnerable as a target for cyberattack. In fact, Kang explicitly remarks that ‘China as a developing country is far less capable of maintaining Internet security than developed countries’ (p. 114). This construction of China’s vulnerability to cyberattack – particularly from cybercriminals – is a useful additional to our understanding of Chinese capabilities, and limitations, in cyberspace. Kang’s argument here is also supported by the provision of evidence on the frequency and geography of cyberattacks against China.
Nevertheless, the central tenet of Kang’s argument – of the move from shared vulnerabilities to international norms that may restrain behaviour – is less convincingly argued. The Snowden case (as depicted in Citizenfour) reveals the extent to which the US and its allies spied on Chinese communications and created plans for ‘future dominance’ in cyberspace in the context of a ‘digital arms race’. It would be naive to suggest that such behaviours have ceased following the Snowden revelations. Under such conditions, establishing international norms in cyberspace is likely to prove extremely difficult. Take, for example, participation in the International Multilateral Partnership Against Cyber Threats (IMPACT), a United Nations specialised agency that seeks to ensure the safety of cyberspace ‘for everyone’. 1 None of the Five Eyes states (US, United Kingdom, Canada, Australia, and New Zealand), and neither China nor Russia, are actively involved in IMPACT, despite the extensive cyber capabilities of these states. The unambitious scope of Kang’s proposed international norms – peace, sovereignty, rule of law, and standards of technical governance (pp. 120–122) – implicitly recognises the significant challenges in this area. Ultimately, and reflecting the realpolitik of the current situation, her claim that ‘cyberspace should not become a new battlefield’ (p. 120) can only be considered as aspirational.
Following Kang’s contribution, Security in Cyberspace progresses to discuss ‘The Infrastructure and the Individual’. The multifaceted chapters in this second section reflect what the editor considers to be a set of areas that are even more complex than the challenges of cybersecurity at the state level. In fact, Giacomello contends that the infrastructure and the individual present a ‘very grey area’ where property rights and commercial public interests and individuals’ privacy and freedom of speech overlap but do not always coincide (pp. 12–13). In a section characterised by excellent and exciting research, it is again the concluding chapter that offers (arguably) the most engaging analysis.
In this last chapter Andra Siibak presents an exploration of the changes in the self-presentation practices of extreme nationalist users of an Estonian-language social networking site – Rate – in the period from 2007 to 2011. Siibak has an established track record in examining visual self-presentations of young men on Estonian social networking websites (see Siibak, 2010), and she extends this to a unique ideological group. Siibak’s research indicates that, compared to 2007, extreme nationalist users of Rate have started to use increasingly complex strategies for introducing their ideology. The comparison to 2007 was particularly well justified given that it was in this year that a period of unrest, known as the ‘Bronze Night’ or ‘April Unrest’, occurred following a decision to relocate a Soviet era World War II memorial. Moreover, Siibak’s chosen research focus resonates with recent and significant international events, including both the ‘Arab Spring’ and the Russian annexation of Crimea.
One of the most intriguing aspects of Siibak’s analysis is the indication of the use of ‘social steganography’ by her research subjects. Siibak recognises how this social steganography – understood as use of secret codes in public (cyber)spaces – has also evolved over time. She highlights how such practices have become more complex, with codes from 2011 almost unrecognisable compared to those used in 2007. This evolution indicates how ‘the profiles and posts made by the extreme nationalist users are mainly targeted to their peers and those individuals who share and hence are able to interpret their worldviews’ (p. 223). In this sense the self-presentation practices of extreme nationalist users of Rate constitute a form of community-building, deepening the social capital between like-minded users and increasingly excluding ‘outside’ communities. Sensibly, Siibak agrees that there remains a pressing requirement to decipher the social steganography and secret codes used by online extremists. This is an important insight. Cybersecurity is often understood as the development and implementation of automated, autonomous, and unaccountable information technologies for the purposes of mass surveillance or intrusion. However, Siibak’s work recognises the requirement for law enforcement agencies and intelligence services to invest in their cultural and linguistic capacities – in human analysts – to assess the significance of online extremism. Here we see how the adaptability of online extremist content discloses the limitations of algorithms alone in providing cybersecurity in our contemporary world.
Security in Cyberspace certainly provides the reader with a plethora of specialist knowledge from a diverse range of perspectives. It lacks, however, a concluding chapter to pull together the themes that are common to the separate contributions. The provision of such a chapter would also have assisted in assessing the ‘state-of-the-field’ in this new, exciting, and rapidly developing area of academic inquiry. Security in Cyberspace could have been more strident in drawing together the strands of existing research and indicating the possibilities for future research pathways. In lieu of this, the reader is left in limbo, only to guess at where the gaps in knowledge may be and as to how the field may best proceed. Nevertheless, Security in Cyberspace does provide the engaged researcher with a range of perspectives from which they may further develop their own research interests. In this sense this book makes a valuable contribution to the academic study of security, and insecurity, in cyberspace.