Abstract
The US billion dollars investments in cyber security are creating a securitisation of cyberspace. What has happened meanwhile in Europe? The argument is threefold. First, cyber threats were raised to the national threat level in Germany (2006), France (2008) and the UK (2008), but the justifications put forward for such an upgrade did not hold, as well as invested resources at that point in time. Second, cyber security strategy followed up this upgrade and designed a framework to tackle the threat that was found coherent with the assessment of the respective national security strategies. Third, cyber insecurity stemmed from criminals operating in cyberspace. Therefore, deterring criminals should have been at the core of tackling cyber insecurity but the defence strategies of France, Germany and the UK were instead focused on mitigating the effects of cyber attacks.
Acknowledgements
The author would like to thank Thomas Rid for his very valuable comments and suggestions on the earlier versions of this article. Peter McBurney and Fiona Gamble have also helped in reviewing the article.
Notes
1. The budget was approximated by taking the percentage of full time employee of the overseeing body of the central agency for the security of information systems (direction centrale de la sécurité des systèmes d'information), the secretariat-general for national defence and security (secrétariat général de la défense et de la sécurité nationale), and by applying it to the budget of the secretariat-general for national defence and security.
2. The UK had also published a cyber security strategy in 2009. Far from dismissing it, its outcomes are considered to help understand the current cyber security situation.
3. See in the UK the Regulation of Investigatory Powers Act 2000 and in Germany the Law for the restriction of the letter, post office and communications secret (Gesetz zur Beschränkung des Brief-, Post- und Fernmeldegeheimnisses).