Cyber securitization or cyberization of conflict? – the militarization of Cyber Security in Estonia

Abstract

In 2007, Estonia became one of the first countries to face severe cyber-attacks, which it represented as being Web War I. This discourse of cyberwar has been contested by scholars and professionals: in reality the event was nothing close to a war and therefore there also did not have to be military retaliation from NATO. By studying the event using Copenhagen School Securitization theory, it seems like it constitutes a failed or partially successful securitizing move i.e. an attempt at assigning an issue the identity of existential threat in order to legitimize extraordinary measures. This thesis, arguing from a post-structuralist position, views securitization as a gradual, long term process in constituted out of both discursive (speech act) and non-discursive -practices (extraordinary measures). The central question that the thesis seeks to answer is: How has a securitizing discourse on cyber threats legitimized the militarization of cyberspace in Estonia after the country experienced cyber-attacks in 2007? By making use of discourse analysis, this thesis argues that the discourse of cyberwar – or the militarization of cyber security – was shaped through its repetition over a longer time that make the immaterial/ virtual visible. The military securitizing practices reinforced and disseminated the idea of the cyber-threat and cyberwar narrative, but were also only possible because they were legitimized through this securitizing narrative. Simultaneously, these practices imbued the securitizing narrative with the material and thereby stabilized the discourse. Instead of treating securitization according to a sequential causality, it is a co-constitutive process in which the ideational and material interact and complement each other.