Security and safety: An introduction
Bibi van den Berg & Pauline Hutten
*
Abstract A handbook on cybersecurity must begin with an explanation of the
underlying concepts of security and safety, charting their historical and cultural de-
velopment, exploring their meaning, and explaining our current understanding of
responsibilities with respect to these concepts. This discussion will set the stage for
a solid understanding of the notion of cybersecurity.
1 Introduction
Before you lies a handbook on cybersecurity, that begins with a chapter on safety
and security. Why? The answer is obvious. The editors and authors of this book feel
that we cannot begin to delve into the topic of cybersecurity without a proper un-
derstanding of the concepts that underlie this domain: safety and security. Students
in cybersecurity ought to have an understanding of the cultural and historical devel-
opment, the meaning and the importance of security and safety at the dawn of the
twenty-first century. This chapter seeks to deliver just that.
At the dawn of the twenty-first century we live in an increasingly interconnected
world, with ever growing global flows of capital, people, commodities, images and
ideologies. This increased interconnectedness has led to an increased volume of
cultural interaction, to growing interdependencies and to changing concepts of time
and space. Some would argue that it has led to the rise of the so-called ‘global vil-
lage’(McLuhan 1962), the contraction of the globe to the size of a single village in
the wake of the possibilities that novel information and communication technolo-
gies offer. These technologies bring information, messages and media from around
the globe into the home with a single click of the mouse, instantaneously and
twenty-four/seven. This development has brought people and cultures closer to-
gether. At the same time, and by the same token, it has also led to increased (cul-
tural, normative) conflict. Cultures that were previously separated from each other
* Bibi van den Berg and Pauline Hutten work at Leiden University, Faculty of Governance and
Global Affairs, Institute of Security and Global Affairs, The Hague, the Netherlands
isga@fgga.leidenuniv.nl
2
can now easily connect and collide. Moreover, while the world is at our fingertips
when using modern technologies, at the same time the invasion of the global into
our local, everyday lives has also contributed to feelings of loss, a lowered sense of
belonging, and a hightened sense of instability in many people’s lives. New tech-
nologies have opened up our lives to the world, but at the same time have opened
us up to the world as well.
Technological change is at the heart of the process of globalisation, which in turn
has a huge impact on political, economic, and cultural developments (Cohen and
Kennedy 2007; Xavier and Rosaldo 2008). On the one hand globalisation and the
technological revolution that drives it have triggered numerous positives changes.
Think, for example, of increased wealth and production, the improvement of com-
munication systems and the rise of living conditions. On the other hand, they have
also led to a set of novel challenges that have become equally global in their impact
and effects as the positive changes that globalisation has brought about. This is why
we can speak of ‘global challenges’. Examples of such global challenges abound.
For one, there is the proliferation of intra- and inter-state conflict, an increase in
political violence and civil war. These, in turn, have led to a significant expansion
of (forced) migration all over the world. Environmental and economic issues related
to climate change and a shortage of resources have contributed to even more large-
scale migration flows. This in turn has led to increasing concerns about the link
between the mobility of people and, for example, organised crime, radicalisation
and the rise of international terrorism (Schmid 2016).
The key concepts underlying all of these challenges are security and safety. Be-
cause of their global scope, many of the challenges mentioned above may now di-
rectly impact the lives of every citizen, leading to feelings of unsafety and of inse-
curity. After all, in our increasingly interconnected world the choices we make may
directly affect the lives of others far away. Furthermore, the range of topics that can
be labelled as ‘security and safety issues’ is broadening, due to the complex nature
of this century’s problems.
Safety and security have now become buzz words for society, marking the top
of the agendas of politicians and policy makers worldwide. The issue of security
ranks high in both the public conscience and in governmental policies: citizens are
frightened by threats of terrorism, the fear for crime is high and disasters, whether
man-made or natural, are widely covered by various media. These policies, head-
lines and political actions do not merely inform the public about potential risks and
threats. The approaches of the media, and all other actors involved, in turn also
shape the security agenda. By using specific words, developing specific policies, or
by covering specific subjects they generate attention for specific types of risks, and
thus have an impact on what we perceive as risks. By doing so, citizens can be taken
beyond or outside ‘normal’ politics, constructing these challenges as security issues
(McDonald 2008). This process is called ‘securitization’ (Buzan, Wæver, and Wilde
1998).
S
ECURITIZATION
refers to the process of labeling challenges, issues or subjects
as security issues. In the process of doing so they may become politicised
3
them. This means that they gain political priority and prominence. This, in
turn, may legitimate using measures and responses for these challenges, issues
or subject that exceed the ordinary.
Securitization can thus lead to a larger prioritization of security topics on the agenda
of all actors involved. These topics have become vital concerns for all levels of
governance, ranging from the international to the regional (e.g. the EU), and from
the nation state to local governments, or to the level of communities and individuals.
Moreover, not only does this process influence the priorities of security and safety
subject to governments, but also to businesses and a wide variety of other actors,
including citizens/consumers and non-governmental organizations.
What this entails is the following: we have established that safety and security have
become key concepts in our modern world. More and more of the complex chal-
lenges we face today are labelled as such. But we must be aware of the fact that
there is a dynamic in labelling issues and challenges as (instances of) safety and
security risks. What safety and security mean is not set in stone. Both concepts are
politicised: saying that an issue is a safety or security risks gives the issue political
impetus. In turn, once issues have gained prominence by framing them as safety and
security challenges, they have an impact on the meaning of the concepts of safety
and security. The challenges we face today shape our understanding of safety and
security, just as our understanding of safety and security shapes how we view these
challenges. In short, safety and security challenges are defined, and understood,
through a process of mutual shaping.
2 A history of safety and security
Security and safety have always been fundamental drivers for human beings and
all other living beings; they are vital in ensuring survival (Slovic 1987). Being safe
and secure is amongst the most elementary forces of life. It starts with primary safe-
guards, such as having shelter, access to food and drink to sustain physical health,
and being protected from violence or natural disasters. For human beings these pri-
mary safeguards are complemented with secondary and tertiary ones. These include
generating the societal bonds without which life would be “solitary, poor, nasty,
brutish, and short” (Hobbes 1651: 78), and having a sense of belonging: the safety
and security that flow from social relationships with others, such as family and
friends. Moreover, they involve a sense of existential security, the idea that one can
develop and maintain a sense of identity and self-actualisation within a safe and
stable (social) environment.
Note that there are objective and subjective sides to security and safety (Wolfers
1952; Litfin 1999; Schäfer 2013; Zedner 2002; Zedner 2003).
O
BJECTIVE SECURITY AND SAFETY
refer to the fact that the things that human
beings value or hold dear are not actually, factually threatened.
4
S
UBJECTIVE SECURITY AND SAFETY
, by contrast, is about people’s mental states,
and more specifically about their fears. It revolves around “feeling safe [or
free] from anxiety or apprehension […]. Neither of these subjective condi-
tions makes any reference to the objective reality to which the feeling may or
may not pertain: they describe feelings alone.” (Zedner 2002: 155)
Security and safety are only achieved when “both components exist.” (Schäfer
2013: 5) What the distinction between objective and subjective security and safety
reveals is that both concepts are closely related to hazards, threats and vulnerabili-
ties (Schäfer 2013), and to risk and the perceptions thereof (Giddens 1999; Deibert
and Rohozinski 2010; Slovic 1987; Beck 1992; Jarvis 2007; Beck 2008b). Notions
of safety and security always presume a conception of the harm(s) that can be done
to the things that human beings value, be they material or immaterial. Of course
what human beings value is both historically and culturally contingent. This also
impacts what they consider to be risks, threats and vulnerabilities.
For many centuries humans considered almost all threats to safety and security to
be acts of (super)natural forces. Such threats were external (Giddens 1999: 4). The
notion of ‘risk’ did not even exist at the time, precisely because all hazards (and
there were plenty of them) were taken as a given. Gradually, however, mankind
created more and more protective measures, for instance through inventions in med-
icine, housing, infrastructure, financial systems and so on and so forth. These in-
ventions led to an increased sense of awareness of (in)security, and a gradual change
of attitude with respect to humans’ abilities to – at least partially – control aspects
of safety and security in everyday life. In the wake of the explosion of technological
and economic innovations since the beginning of the Industrial Revolution – and
especially since the twentieth century – new, man-made risks emerged, reshaping
our perspective on risk, and by extension on security and safety. In contrast to the
external risks of the previous ages, these risks could be labelled as manufactured:
“Manufactured risk is risk created by the very progression of human development,
especially by the progression of science and technology. Manufactured risk refers
to new risk environments for which history provides us with very little previous
experience. We often don’t really know what the risks are, let alone how to calculate
them accurately in terms of probability tables.” (Giddens 1999: 4). Because risk has
become such a dominant theme in our time, some have argued that it has, in fact,
become the defining feature of the age, the “leitmotif of contemporary society”
(Schäfer 2013: 13). They label our society as the ‘risk society’ (Beck 1992; Beck
2006; Beck 2008b; Beck 2008a).
The lesson to take away from this historical analysis of the concepts of safety and
security is that both concepts have come to take centre stage because of a single
complex dynamic that runs in two directions. On the one hand the level of control
we have reached over our lives and livelihood has increased dramatically since the
start of the Industrial Revolution through all the technological and economic inno-
vations we’ve generated since then. On the other hand, each innovation has also led
to new risks, threats and potential harms, which in turn have made us more vulner-
able and insecure. This dynamic is made even more complicated by the changes in
5
perception of, and the value we attach to, safety and security. As our lives became
safer and more secure, more and more importance was attached to safety and secu-
rity. This, in turn, had an impact on our views on risk and (in)security, both for
individuals and society at large. Our intolerance for insecurity has increased dra-
matically as life became more insulated and protected. This, in turn, has made iden-
tifying, assessing, mitigating and managing risk an ever more vital activity in mod-
ern society (Wynne 1992; Feintuck 2005).
R
ISK IDENTIFICATION
can be defined as the ability to define instances or situa-
tions as a risk and to categorize them as such.
R
ISK ASSESSMENT
can be defined as the ability to establish the size and impact
of specific risks.
R
ISK MITIGATION
can be defined as the ability to develop measures and inter-
ventions to reduce risks to acceptable levels.
R
ISK MANAGEMENT
can be defined the umbrella term that covers the activities
of identifying, assessing and mitigating risk.
Risk assessment, risk mitigation and risk management have come to be used in a
wide variety of societal, economic and technological sectors in our modern-day
times. What is interesting is that the “dominant perception [amongst citizens] is that
they face more risk today than in the past and that future risk will be even greater
than today’s” (Slovic 1987: 280). This contrasts sharply with the views of profes-
sionals who engage in risk management. Objectively speaking individual citizens
live much safer and more secure lives than in previous times – if only for the fact
that our modern lives are insulated from risk through myriad forms of physical,
financial, symbolic and structural protection. However, the impact that specific in-
stances of manufactured risk and insecurity may have on society is significant, de-
spite the fact that their probability may be low. Moreover, precisely because of the
technological advancements humans have made in reducing risk the intolerance for
the materialisation of hazards has decreased, leading to what Slovic calls a ‘zero-
risk society’ (1987: 280).
3 Defining safety and security
Safety and security are, and always have been, essential aspects of life. However,
what the previous section showed is that what we mean by these concepts has
changed quite dramatically throughout history. Moreover, what has changed is our
perception of who in society is expected to have key responsibilities in providing
safety and security. We’ll delve into this point in more detail below (see page 8).
We have also seen that, in light of the rise of the risk society, defining, understand-
ing and managing risk has become a central topic for society. Moreover, the study
6
of what security and safety are, and how these pan out in the globalized, complex
and risk-saturated world that we live in has become a vibrant research theme in
academia. Demarcating and defining security and safety is no easy feat. Both are
elusive, so-called ‘contested’ concepts (Baldwin 1997; Nissenbaum 2005; Nunes
2012; Transnational Terrorism Security and the Rule of Law 2007; Zedner 2002).
One of the most often cited definitions of security is that it revolves around “a low
probability of damage to acquired values” (Baldwin 1997: 13; Wolfers 1952: 484).
While safety and security are sometimes used interchangeably, generally, defini-
tions of security tend to focus on the fact that harm to acquired values is the result
of intentional actions by humans, that is, the damage referred to in this definition is
human-induced. Threats to safety, by contrast, can be viewed as the result of acci-
dental flaws or mistakes.
S
ECURITY
can be defined as the condition of being protected from harm (or
other non-desirable outcomes) caused by intentional human actions or behav-
iours.
S
AFETY
can be defined as the condition of being protected from harm (or other
non-desirable outcomes) caused by non-intentional failure of technical, hu-
man or organisational factors. (Maurice et al. 2001: 238)
4 Security and safety in the twenty-first century: Connected con-
cepts
Throughout the twentieth century, it has gradually become clear that making a
sharp distinction between safety issues on the one hand and security issues on the
other is no longer easy, or even a wise thing to do. The current challenges that so-
cieties face do not fall neatly along the dividing lines of ‘security’ on the one hand
and ‘safety’ on the other. This is due to the complexity of the global challenges that
we’ve discussed at the beginning of this chapter (see page 1). This complexity stems
from a number of developments, including the rise of globalisation, fundamental
changes in international relations that affect the nature and face of war, conflict and
peace-building, the rise of international terrorism, the spread of networked and hy-
per-connected technologies, mass migration, new environmental challenges such as
the struggle for scarce resources and climate change, and so on (Burke, Lee-koo,
and Mcdonald 2016; Carpenter 2016; Litfin 1999; Transnational Terrorism Security
and the Rule of Law 2007; Western 2016). Each of these challenges has effects on
a grand, and in some cases global scale and each can be qualified as involving sys-
temic risks. Each, moreover, can be labelled as a ‘wicked problem’ (Rittel and
Webber 1973; Burke, Lee-koo, and Mcdonald 2016; Singer and Friedman 2013;
Taipale 2004).
7
W
ICKED PROBLEMS
are “well known in public policy and are generally prob-
lems with no correct solution. Wicked problems reveal additional complexity
with each attempt at resolution and have infinite potential outcomes and no
stopping rule – that is, the process ends when you run out of resources not
when you reach the correct solution. [...] Wicked problems occur in a social
context and the wickedness of the problem reflects the diversity of interests
among the stakeholders. Resolving wicked problems requires an informed de-
bate in which the nature of the problem is understood in the context of those
interests, the technologies at hand for resolution, and the existing resource
constraints.” (Taipale 2004: 127-128)
So what makes these modern-day safety and security challenges global? As Jon
Western explains, some current-day security challenges are global in terms of
scale: they are “worldwide in either cause or effect and are the product of, or pro-
duce effects on, all, or nearly all, of the globe. […] No one on the planet—or very
few—can escape from these issues.” (Western 2016: 100) A prime example of this
category of challenges is climate change. Many other modern-day challenges are
global in terms of their reach: they “have the potential to reach almost any part of
the globe, though, unlike those issues that are global in scale, when they do occur,
their impact is usually local or regional.” (Western 2016: 100) Terrorism, war and
conflict and cybersecurity risks all fall in this category.
Note that challenges that start locally or regionally may have cascading effects
that increase their impact dramatically in terms of scale. Mass migration across the
globe resulting from war and conflict in specific regions is an example in case. One
of the most important aspects of all of these modern-day challenges is that each of
them contains aspects of both security and safety. In all of these challenges inten-
tional harms may interact with a variety of unintentional hazards, thus complicating
the disentanglement of the causes of a chain of events when disaster strikes. This is
why, security and safety are nowadays considered to be closely connected.
We argue that it is important to study safety and security scientifically in con-
junction. We call this the ‘integrative perspective on security and safety’. This per-
spective stipulates that risks, threats, hazards and incidents require a multi-discipli-
nary, or even an interdisciplinary approach. In such an approach knowledge – think
of theories, insights, concepts, and methods – from different academic disciplines
must be combined and integrated. Only then can we properly untangle the intricate
and multi-faceted knots of many of these risks and threats. This entails, for instance,
that technical experts work together with public policy makers and legal profession-
als, or that economists cooperate with historians and experts in management and
organization when they research safety and security challenges.
The
INTEGRATIVE PERSPECTIVE ON SECURITY AND SAFETY
starts from the obser-
vation that risks and harms in our current world are almost always character-
ised by a mixture of safety and security aspects that catalyse, mutually shape
and direct one another. The complex, often global challenges that we face
8
today all reveal that security and safety aspects are interwoven to such a de-
gree that these notions cannot be isolated anymore. Intentional threats invoke
unintentional hazards and vice versa.
An integrative perspective on security and safety not only acknowledges this
interconnectedness, but takes it as a starting point for exploring and analysing
challenges, and contributing to potential solutions and strategies for mitiga-
tion.
An integrative perspective on security and safety makes sense when we try to un-
derstand the complexity of the global challenges that are central to this chapter sci-
entifically. But not only because it has scientific relevance. It also aligns well with
practices of businesses and governments when they seek to deal with such chal-
lenges and the risks they produce. Security and safety aspects are increasingly ad-
dressed using the same tools, mechanisms and approaches. Traditionally, safety is-
sues were approached using risk management methods (Newsome 2014; Pritchard
2001; Rasmussen 1997). This included calculating the probability and impact of
risks and conducting extensive cost-benefit analyses with respect to counter-
measures or other mitigating interventions so that safety risks could be reduced to
acceptable levels. Security issues, by contrast, were approached by developing strat-
egies to affect the (international) political context in which they might arise, and by
exploring governance and institutional structures in which such risks could be min-
imized (Swindle and Ross 2006). In recent years, however, we see a blurring of
these approaches. Security challenges are now addressed using risk management
tools that were traditionally reserved for safety issues. Similarly, when dealing with
safety risks it has become clear that an understanding of governance aspects or in-
stitutional design is of vital importance as well. In the practice of dealing with safety
and security challenges, too, then, we see that an integrative perspective works best,
since it aligns with the blurred lines between these formerly separated domains and
practices.
Finally, an integrative perspective on security and safety also aligns with the
agenda-setting of governments in this domain. Governments see that we cannot ad-
dress modern-day security and safety challenges exclusively from a safety or a se-
curity perspective. Rather, we need to see both aspects in each issue instead. Dutch
government, for instance, considers the Dutch term ‘veiligheid’ to be the sum of
safety and security, and has labelled it a theme of great urgency.
5 Security and safety: Who’s responsible?
We have seen that security and safety are, and should be, seen increasingly as
interconnected or even entwined concepts. At the dawn of the twenty-first century
we face a number of different large-scale – sometimes even global – challenges that
affect our safety and security. The next question we should ask is: who carries re-
9
sponsibility for solving or addressing these wicked problems? Phrased more neu-
trally: who is responsible for security and safety in modern-day societies? When
answering this question, three levels can be distinguished.
At the lowest level, the answer is that each and everyone of us carries responsi-
bilities for safety and security, both for ourselves and others around us. As individ-
uals we all have a duty to ensure that our behaviours do not endanger the health and
wellbeing of others. Most people also feel they have an obligation to help others if
they inadvertently put themselves at risk, be it physically, mentally or emotionally.
At a second level, organisations and businesses have responsibilities to keep us
safe and secure. Some are in the business of providing actual security or safety.
Private security corporations and cybersecurity companies are examples in case.
Other businesses and organisations – across a wide range of societal domains – de-
liver goods, products and services of which safety and security are (critical) aspects.
Think for example of the food industry that must ensure that all of the foods we eat
are safe, or of energy companies that must make sure that the energy backbone of
our country, which is considered to be a critical infrastructure, is secure. Think also
of organisations that deliver health services, or industries that must comply with
environmental standards to prevent pollution.
At the final level, the state has responsibilities for keeping us safe and secure. As
a matter of fact, when people think about safety and security the state is usually the
dominant player they think about. In a sense, this is not surprising. Much of the
political philosophy in Western countries is built on the idea of a ‘social contract’.
The
SOCIAL CONTRACT
refers to a theory that explains the origins of the state.
It argues that individuals at some point in time realised they needed to leave
behind the so-called ‘
STATE OF NATURE
’, in which all humans had the “right to
all things” and, therefore, were in a state of perpetual “war of all against all”
(Hobbes 1651: 80).
By entering into a social contract, individuals made themselves subject to a
ruler, the S
OVEREIGN
, and they gave up a number of their liberties, rights and
a degree of their autonomy. In return, they received protection by the Sover-
eign and/or by the state.
One of the key aspects of the social contract is the state’s
MONOPOLY ON
VIOLENCE
: only the state has legitimiate grounds for the use of physical force,
e.g. through its military.
What is important to understand about the social contract is that it forms the root of
our understanding of states’ responsibilities with respect to protecting our safety
and security. Safety and security were the key elements of the barter that was made
there: individuals agreed to give up some of their rights and freedoms in return for
protection from the state. This makes security and safety “a [if not the] primary
obligation of the state since that is what individuals have contracted for in submit-
ting to state authority.” (Chandler 2009: 126) It is logical, then, that citizens turn to
10
the state for protection against all kinds of threats and harms. It is this protection
that they’ve gained at the expense of giving up certain freedoms. This is also the
reason why it is only the state that has the monopoly of violence – read: why only
the state has military forces and, to a certain extent, border patrol and police. These
parties are the only ones who, politically, have legitimate grounds for the use of
physical force (under specific conditions, of course); their raison d’être is to protect
the territory, the life and livelihood of the citizens in a state.
But does the state’s responsibility in ensuring safety and security also go beyond
having a monopoly of violence? The answer to this question is a clear yes. States,
in fact, are considered responsible for a number of different aspects of safety and
security. Klare and Chandrani argue that sovereign states ought to provide:
..at least the minimum personal and institutional security necessary for the performance of
basic societal functions: the protection of persons and property from physical attack; the
enforcement of laws and contracts; the orderly exchange of goods and services; the
husbanding of resources essential to the healthy survival of the population; and the
maintenance of the society’s cultural, moral, and legal norms, including the rights and
obligations of individuals and standards of distributive justice. (Klare and Chandrani
1998: 3)
Note that this enumeration only applies to the state’s internal responsibilities with
respect to safety and security, that is, to the duties the state has with respect to its
citizens within its own boundaries, jurisdiction and territory. These internal respon-
sibilities can be divided into those that pertain predominantly to security and those
relating to safety. Looking at Klare and Chandrani’s list above, we could say that
“protection of persons and property from physical attack” falls in the realm of se-
curity (since the word ‘attack’ has a connotation of intentional harm). “Husbanding
resources”, in contrast, is more closely related to safety aspects (since it involves,
e.g., that nutrition meet requirements of hygiene and food safety). Moreover, the
“healthy survival of the population” also warrants states’ responsibilities such as
defining and enforcing safety standards for industries, for instance in relation to
environmental protection or hazard control.
On top of this states also have external responsibilities. This means that they have
a duty to protect their citizens in the international arena. First and foremost, this
involves international relations to avoid or minimise inter-state tension, interna-
tional conflict and war (Walt 1991; Western 2016). Peace building and diplomacy
are key activities in this area (Collins 2013). Having military forces for defense, as
a potential threat to others to balance international powers, and – if all else fails –
for retaliation and attack, is also an aspect.
Second, protecting citizens’ interests in the international arena also involves a wide
variety of other issues, some of which we have already encountered in the introduc-
tion to this chapter when we discussed modern-day global challenges (Collins
2013). Environmental protection, fair access and use of natural resources, dealing
with international crime and terrorism, findings solutions for mass migration in the
wake of (interstate) conflict or economic inequality – all of these challenges can
11
only be addressed (if at all) through international collaboration. States cannot pro-
vide proper protections for these global challenges alone; they must do so in coop-
eration with other states.
While it may seem obvious to us to argue that states have both internal and external
responsibilities with respect to protecting their citizens, and that these involve both
security and safety issues, until recently this was not a widely recognised idea. De-
bates on security in academia and outside have long focused predominantly on state
actors in their attempts at dealing with the threats of international conflict and war.
They focused on the risk of intentional harm (= security) caused through external
threats (= international). Only since the end of the Cold War have politicians and
researchers started speaking about security and safety in a broader sense. A number
of changes are worth noting.
First of all, while governments have long since spoken about ‘national security’,
until the end of the Cold War the security of the state was viewed to a large degree
as dependent on the international arena. Whether states had a high or low level of
national security was directly related to the level of international tension they were
experiencing. Only after the end of the Cold War did the meaning of the term ‘na-
tional security’ broaden to also include societal domains worthy of portection within
the boundaries of the nation state, for example, the protection of critical infrastruc-
tures, energy supply, health and nutrition, and the provision of internal social sta-
bility (e.g. through minimising threats coming from terrorism or internal upheaval
etc.).
Second, as we have seen at the beginning of this chapter (see page 1), the variety of
threats and hazards that came to be labelled as security and safety risks also in-
creased in the last decades of the twentieth century and the first decades of the
twenty-first. Novel global challenges, such as the rise of terrorism or new technol-
ogies or that of environmental security demanded a broader view on the meaning of
these concepts, and on the ways in which they ought to be addressed. The state’s
focus on security issues should no longer only (or predominantly) be external, but
it should acknowledge and address the complexity of the aforementioned modern-
day challenges, including “terrorism, climate change, resource scarcity, demo-
graphic stress, and environmental degradation” (Western 2016: 99), “weapons pro-
liferation, disease” (Burke, Lee-koo, and Mcdonald 2016: 64) and “cyber-attacks”
(Carpenter 2016: 94).
Finally, governments have also realised that safety and security issues cannot really
be clearly separated anymore, as we have also argued above (see page 8). When
intentional threats to the things we value materialise they oftentimes have a variety
of unintentional or even unintended consequences. Think of (inter)national conflicts
(= intentional) that lead to resource scarcity (= safety) because borders close or re-
sources cannot be accessed due to fighting. Alternatively, events that may start as a
safety incident (an airplane crash due to technical failure) may lead to international
tensions (= security) when the airplane goes down in hostile territory or states are
unwilling to cooperate in investigating the incident (MH-17). In sum, as we also
argued above, states, too, realise that modern-day security and safety challenges
require an integrative perspective on security and safety.
12
5.1 Multi-level responsibility
In the previous section we have seen that the responsibility for keeping us safe
and secure lies with different actors on different levels. Each of these has a role in
keeping the world safe, or making it an even safer place. When we look at the level
of the government, one of the questions to ask is: which government do we mean?
‘The government’ of ‘the state’ is not a single, unified entity. There are many dif-
ferent kinds of government organisations and levels of bureaucracy that play a role
in protecting society. Generally, governance (the activity of governing – more on
this in Chapter 4 on Governance and cybersecurity in this book) takes place at a
number of different levels.
In most nation states the following
LEVELS OF GOVERNMENT
can be distin-
guished:
L
OCAL
– cities, municipalities
P
ROVINCIAL
– districts, cantons or other designated administrative areas
within a state
N
ATIONAL
– nation states
R
EGIONAL
– constellations of nation states that cooperate within a designated
geographical area, e.g. in the EU
I
NTERNATIONAL
– global cooperation, e.g. at the U.N.
Traditionally, there were very clear distinctions between these levels of government
and the issues they addressed. For example, ensuring the protection of nation state
borders and the upkeep of military functions for the defence of national territory
was a exclusively state responsibility. In contrast, ensuring public safety and organ-
ising and managing police deployment during e.g. sports or other large-scale events
was the responsibility of local government, i.e. the city council or the mayor.
However, as we’ve seen above, the new safety and security challenges have
changed this. Many of these challenges affect, or have a potential impact on, the
entire spectrum of these different levels of government. They cannot be understood
or tackled only from a single governance level, for instance by delegating responsi-
bility to the national or the international level only. Instead, they must be addressed
at multiple, or even all levels at the same time. These issues have an impact from
the local all the way up to the global level. Therefore, they have been qualified as
‘glocal’ (Wellman 2002; Meyrowitz 2005; Meyrowitz 2003; Roudometof 2005).
13
G
LOCALITY
refers to the transcendance of “the binary opposition between the
‘global’ and the ‘local’ and [...] their blending in real life.” (Roudometof
2005: 123) This blending is facilitated by the rise of networked technologies,
by increased mobility, and by other elements of globalisation.
Modern-day security and safety challenges ask for glocal responses, for responses
on a variety of different levels of government. The traditional distinction between
domestic and foreign security challenges has become obliterated, and security chal-
lenges on these levels are now closely interwoven. A strict division between internal
security, as a domestic problem, versus external security, with threats coming from
the outside, no longer holds (Zedner 2002: 164). Security challenges impact each
other, thus making the dividing lines between the local, national, regional and in-
ternational level fuzzy. This ‘blurring of borders’ is captured with the notion of the
emergence of a ‘security continuum’ (Transnational Terrorism Security and the
Rule of Law 2007). The emergence of cyberspace and other networked technologies
amplifies the fusion of internal and external security dimensions: security can no
longer be conceptualized in terms exclusively defined by physical space. Today, we
witness the convergence of traditional security needs and the digital world (Hansen
and Nissenbaum 2009; Nye Jr 2011; Pieters 2011; Schneier 2004).
Because of these developments, we argue that many modern-day security and
safety challenges can only be addressed from a multi-level perspective. Security and
safety are no longer predominantly the prerogative of, or a responsibility for, state
actors. Security and safety issues may still arise locally, but they oftentimes have a
national or even transnational impact. Think of an oil spill or a fire in a nuclear
reactor that starts locally, but may affect the safety of citizens in a large geographical
area, potentially stretching beyond the border of the state in which it is located. This
is why nowadays security and safety challenges must often be addressed both at the
level of the nation state, but also at the regional and the international level. This
entails that the responsibility for security challenges has partially moved from that
national domain to international institutions and regional governments (e.g. the Eu-
ropean Commission). As said, this move upwards can be explained by the fact that
many security issues no longer stop at national borders, but rather span the globe,
or at least reach bigger parts of the globe, and thus must involve protections pro-
vided by an international system.
At the same time, safety and security issues may have origins on the international
level but can have an impact all the way down at the local level. For example, think
of the effects of international conflicts. These take place between different countries
and thus originate on the international level. In the wake of such conflicts, large
groups of refugees may seek asylum in other countries. This generates challenges
in these host countries, on the national level, where debates about the numbers of
migrants to accept take place, but also all the way down at the local level, where
these refugees will come to live and must find a place in a new society. International
conflicts such as these may thus have trickle-down effects in local communities far
removed from the actual battleground. And international conflict and mass migra-
14
tion are not the only international topics on the agenda for national and local gov-
ernments. The same applies to, for example, terrorism and radicalisation, environ-
mental protection and sustainability, and cybersecurity.
5.2 Multi-actor responsibility
In our discussion at the beginning of this section we stated that safety and secu-
rity are not just a responsibility for the state, but also for businesses and organisa-
tions, and even for ordinary citizens. This is a point that cannot be stressed often
enough, especially in relation to the grand challenges that are the topic of this chap-
ter. Because of the complexity and the multi-layered nature of these challenges,
safety and security can no longer solely be provided by institutions of the state, nor
shaped solely by thinking and acting originating from the state sphere. This is why
our perspective of safety and security is multi-actor.
What we increasingly see is that governmental bureaucracies and agencies are
joined by a wide range of other actors in putting safety and security issues on the
agenda, or managing them. Non-state actors ranging from NGOs to interest groups
are also increasingly involved in safety and security issues, both in terms of address-
ing them and in terms of (contributing to) reducing them to acceptable levels.
What’s more, the media and public opinion play a role in shaping the security
agenda and in defining roles and responsibilities for safety and security challenges.
Finally, businesses are a key player in the field of security and safety, both in the
management of risks and in setting security and safety agendas.
Because of the greater variety of actors that play a role in safety and security
issues we can conclude that the traditional division of responsibilities between pub-
lic and private parties with respect to warranting security is changing (Zedner 2002).
From a governance perspective, this raises new important questions and dilemmas.
For example, what can the public security sector learn from its private partners in
terms of innovation, efficiency and efficacy? Private parties, such as businesses,
also often engage in managing or addressing security challenges jointly and/or in
cooperation with public parties through public-private partnerships (PPP).
The term P
UBLIC
-P
RIVATE
P
ARTNERSHIP
(PPP) refers to a “form of coopera-
tion between the state and the private sector” (Dunn Cavelty and Suter 2009:
179). This form of cooperation became popular in light of the trend of de-
bureaucratisation that started in the late 1970s and is ongoing until this day.
One of the key arguments behind the use of public-private partnerships is that
government organisations should “hand over tasks to private actors, i.e., [...]
privatize them, or at least to carry them out in partnership with private busi-
nesses” (Dunn Cavelty and Suter 2009: 180) because this will facilitate much
more efficiency, reduce costs, and enable government officials to delegate re-
sponsibilities for tasks that required (too) specific expertise. In public-private
partnerships, therefore, public and private parties cooperate on designated
tasks or projects.
15
The increasing popularity of public-private partnerships leads to a set of questions.
For example, in Western societies we have very clear rules on accountability and
transparency with respect to public (government) organisations. They must (be able
to) explain to citizens which decisions are made, by whom, and under which condi-
tions. A number of checks and balances are in place in Western democracies to
ensure that citizens can get access to (many) government files, can hold government
representatives accountable, and can even go to a court of law if they feel their rights
or liberties are violated in some way or other by the state or its representatives. But
how does this work when government organisations start cooperating with private
parties, when tasks that were formerly a responsibility of the state now become
shared with, or (partially) delegated to, businesses? Businesses are not held to the
same standards of democratic accountability as the state, and have different con-
cerns with respect to upholding civil rights and public values. This means that the
rise, and increasing popularity of hybrid forms of governance raises questions with
respect to transparency and accountability. This also applies to the safety and secu-
rity domain, where PPP is very popular as well (Aradau 2010; Dunn Cavelty and
Suter 2009). Through the use of public-private partnerships, moreover, private par-
ties increasingly help shape safety and security agendas and have a significant im-
pact on the ways in which safety and security challenges are prioritised and ad-
dressed.
6 From security to cybersecurity
that we’ve got an understanding of the concepts of safety and security it is time
to focus on the topic of this book: cybersecurity. We’ve seen that this is one of the
grand challenges of our times. By the end of this chapter, and with the arguments
we’ve presented, you may have realised that cybersecurity is not just high on the
agenda because of the objective, factual risks involved in humans using computer
networks and internet technologies. What these objective, factual risks are is
doubted by some, but this is a topic we will touch upon in a later chapter (see Chap-
ter 6 on Risk management in this book). Suffice it to say for now, in contrast to
other risks, we do not have much to go in predicting the impact and likelihood of
the materialisation of cyber-risks. When we calculate the risk of a flood or a prison
outbreak, we use examples from the past to make predictions about the probability
of these events to occur in the future, and we compute the social and economic costs
of such events to a significant degree on the costs the incurred in the past. But as
Hansen and Nissenbaum point out: “Cyber securitizations [...] have no [...] history
of founding incidents to base themselves on.” (Hansen and Nissenbaum 2009: 1164)
Let’s assume, however, that despite the fact that no “digital Pearl Harbor”
(Bambauer 2012: 603; Zittrain 2008: 51) or “privacy Chernobyl” (Thierer 2012: 18)
has occurred yet there are real and significant threats, vulnerabilities and risks in
cyberspace. While incidents may not have reached the impact level of Pearl Harbor
or Chernobyl yet, each year more breaches and incidents are reported, and the costs
of managing their impact skyrockets. Cybersecurity risks, therefore, are realistic
16
and of consequence, and warrant responses by individuals, collectives, businesses
and governments on a variety of levels and in a variety of constellations, just like
the other global challenges we’ve discussed in this chapter.
Having said that, it must also have become clear to the reader that in our view
cybersecurity risks arise not only because there is a realistic chance of significant
damage to systems, networks, machines, and the physical reality we live in, but that
to an equal measure these risks are shaped by and through the larger safety and
security agenda that we discussed in section 1 of this chapter. Cybersecurity risks
are prioritised, put high on the agenda, by all of these parties in light of the larger
trend of viewing challenges through safety and security lenses. There is, as we’ve
argued, a process of mutual shaping taking place here. It is this process, and the
many manifestations it leads to in the world of cybersecurity today, that is the key
topic of this book.
7 References
Aradau, C. 2010. ‘Security That Matters: Critical Infrastructure and Objects of Protection’. JOUR.
Security Dialogue 41 (5): 491–514.
Baldwin, David A. 1997. ‘The Concept of Security’. JOUR. Review of International Studies 23 (1).
Cambridge University Press: 5–26.
Bambauer, Derek E. 2012. ‘Conundrum’. JOUR. Minnesota Law Review 96: 584–674.
Beck, Ulrich. 1992. Risk Society: Towards a New Modernity. Nation. Vol. 2. doi:10.2307/2579937.
———. 2006. ‘Living in the World Risk Society’. Economy and Society 35 (3): 329–45.
doi:10.1080/03085140600844902.
———. 2008a. World at Risk. New York. Vol. The Report. doi:10.1002/9780470670590.wbeog242.
———. 2008b. ‘World at Risk: The New Task of Critical Theory’. Development and Society 37 (1): 1–
22.
Burke, Anthony, Katrina Lee-koo, and Matt Mcdonald. 2016. ‘An Ethics of Global Security’. Journal
of Global Security Studies Advance 1 (1): 64–79. doi:10.1093/jogss/ogv004.
Buzan, Barry, Ole Wæver, and Jaap De Wilde. 1998. Security: A New Framework for Analysis. National
Bureau of Economic Research Working Paper Series. Boulder, London: Lynne Rienner
Publishers, Inc.
Carpenter, Charli. 2016. ‘The Future of Global Security Studies’. Journal of Global Security Studies 1
(1): 92–94. doi:10.1093/jogss/ogv009.
Chandler, Jennifer. 2009. ‘Privacy versus National Security: Clarifying the Trade-Off’. In Lessons from
the Identity Trail: Anonymity, Privacy and Identity in a Networked Society, edited by Ian R Kerr,
C Lucock, and V Steeves, 121–38. Oxford: Oxford University Press.
Cohen, R., and P. Kennedy. 2007. Global Sociology. 2nded. Palgrave Macmillan.
Collins, Alan. 2013. Contemporary Security Studies. Security Studies. 3rded. Oxford (UK): Oxford
University Press.
Deibert, Ronald J., and Rafal Rohozinski. 2010. ‘Risking Security: Policies and Paradoxes of Cyberspace
Security’.
International
Political
Sociology
4
(1):
15–32.
doi:10.1111/j.1749-
5687.2009.00088.x.
Dunn Cavelty, Myriam, and Manuel Suter. 2009. ‘Public–private Partnerships Are No Silver Bullet: An
17
Expanded Governance Model for Critical Infrastructure Protection’. JOUR. International
Journal of Critical Infrastructure Protection 4 (2): 179–87.
Feintuck, Mike. 2005. ‘Precautionary Maybe, but What’s the Principle? The Precautionary Principle, the
Regulation of Risk, and the Public Domain’. JOUR. Journal of Law and Society 32 (3): 371–98.
Giddens, Anthony. 1999. ‘Risk and Responsibility’. The Modern Law Review 62 (1): 1–10.
Hansen, Lene, and Helen Nissenbaum. 2009. ‘Digital Disaster, Cyber Security, and the Copenhagen
School’. JOUR 53 (4): 1155–75.
Hobbes, Thomas. 1651. Leviathan, or the Matter, Forme, and Power of a Common-Wealth
Ecclesiasticall and Civill. London: the Green Dragon.
Jarvis, Darryl. 2007. ‘Risk, Globalisation and the State: A Critical Appraisal of Ulrich Beck and the
World Risk Society Thesis’. Global Society 21 (1): 23–46. doi:10.1080/13600820601116468.
Klare, Michael T., and Yogesh Chandrani. 1998. World Security: Challenges for a New Century. 3rd ed.
New York (NY): St. Martin’s Press, Inc.
Litfin, Karen T. 1999. ‘Constructing Environmental Security and Ecological Interdependence’. Global
Governance 5: 359–77.
Maurice, Pierre, Michel Lavoie, Lucie Laflamme, Leif Svanström, Claude Romer, and Ragnar
Anderson. 2001. ‘Safety and Safety Promotion: Definitions for Operational Developments’.
Injury Control and Safety Promotion 8 (4): 237–40. doi:10.1076/icsp.8.4.237.3331.
McDonald, M. 2008. ‘Securitization and the Construction of Security’. European Journal of
International Relations 14 (4).
McLuhan, Marshall. 1962. The Gutenberg Galaxy: The Making of Typographic Man. Book. Toronto
(Canada): University of Toronto Press.
Meyrowitz, Joshua. 2003. ‘Global Nomads in the Digital Veldt’. Book Section. In Mobile Democracy:
Essays on Society, Self and Politics, edited by Kristóf Nyíri, 91–102. Vienna (Austria): Passagen
Verlag.
———. 2005. ‘The Rise of Glocality: New Senses of Place and Identity in the Global Village’. Book
Section. In The Global and the Local in Mobile Communication, edited by Kristóf Nyíri, 21–30.
Vienna (Austria): Passagen Verlag.
Newsome, Bruce. 2014. A Practical Introduction to Security and Risk Management. Los Angeles (CA):
Sage Publications.
Nissenbaum, Helen. 2005. ‘Where Computer Security Meets National Security’. JOUR. Ethics and
Information Technology 7 (2). Kluwer Academic Publishers: 61–73.
Nunes, J. 2012. ‘Reclaiming the Political: Emancipation and Critique in Security Studies’. Security
Dialogue 43 (4): 345–61. doi:10.1177/0967010612450747.
Nye Jr, Joseph S. 2011. ‘Cyber Power’. In The Future of Power in the 21st Century, 1–31. Public Affairs
Press.
Pieters, Wolter. 2011. ‘The (Social) Construction of Information Security’. JOUR. Dx.doi.org 27 (5).
Taylor & Francis Group: 326–35.
Pritchard, Carl L. 2001. Risk Management: Concepts and Guidance. 2nd ed. Arlington, VA: ESI
International.
Rasmussen, Jens. 1997. ‘Risk Management in a Dynamic Society: A Modelling Problem’. Safety Science
27 (2): 183–213.
Rittel, Horst W J, and Melvin M. Webber. 1973. ‘Dilemmas in a General Theory of Planning’. Policy
Sciences 4 (2): 155–69. doi:10.1007/BF01405730.
18
Roudometof, Victor. 2005. ‘Transnationalism, Cosmopolitanism and Glocalization’. Current Sociology
53 (1): 113–35. doi:10.1177/0011392105048291.
Schäfer, Philip Jan. 2013. ‘The Concept of Security’. In Human and Water Security in Israel and Jordan,
3:5–19. doi:10.1007/978-3-642-29299-6.
Schmid, A.P. 2016. ‘Links between Terrorism and Migration: An Exploration’. The Hague.
Schneier, Bruce. 2004. Secrets & Lies: Digital Security in a Networked World. 2nded. Indianapolis (IN):
Wiley Publishers.
Singer, Peter W, and Allan Friedman. 2013. Cybersecurity and Cyberwar: What Everyone Needs to
Know. BOOK.
Slovic, Paul. 1987. ‘Perception of Risk’. Science 236 (4799): 280–85. doi:10.1126/science.3563507.
Swindle, Orson, and Patrick Ross. 2006. ‘Managing Information and Its Security: The Role of
Policymakers, the Private Sector and Consumers’. JOUR. Progress & Freedom Foundation
Progress on Point Paper 13 (2).
Taipale, K A. 2004. ‘Technology, Security and Privacy: The Fear of Frankenstein, the Mythology of
Privacy and the Lessons of King Ludd’. JOUR. Yale Journal of Law & Technology 7 (1): 125–
221.
Thierer, Adam. 2012. ‘Technopanics, Threat Inflation, and the Danger of an Information Technology
Precautionary Principle’. Unpublished Work. Mercatus Center (George Mason University)
Working Paper Series.
Transnational Terrorism Security and the Rule of Law. 2007. ‘Notions of Security Shifting Concepts and
Perspectives’. Transnational Terrorism, Security, and the Rule of Law (TTSRL).
Walt, Stephen M. 1991. ‘The Renaissance of Security Studies’. International Studies Quarterly 35 (2):
211–39.
Wellman, Barry. 2002. ‘Little Boxes, Glocalization, and Networked Individualism From Little Boxes to
Social Networks’. Digital Cities, 10–25. doi:10.1007/3-540-45636-8_2.
Western, Jon. 2016. ‘What Is Global in Global Security Studies?’ 1 (1): 99–101.
doi:10.1093/jogss/ogv012.
Wolfers, Arnold. 1952. ‘“National Security” as an Ambigious Symbol’. Political Science Quarterly 67
(4): 481–502.
Wynne, Brian. 1992. ‘Uncertainty and Environmental Learning: Reconceiving Science and Policy in the
Preventive Paradigm.’ Global Environmental Change, no. June: 111–27. doi:10.1016/0959-
3780(92)90017-2.
Xavier, J., and R. Rosaldo. 2008. ‘Tracking Global Flows’. In The Anthropology of Globalization.
Oxford: Blackwell Publishers.
Zedner, Lucia. 2002. ‘The Concept of Security: An Agenda for Comparative Analysis’. Legal Studies
23 (1): 153–75. doi:10.1111/j.1748-121X.2003.tb00209.x.
———. 2003. ‘Too Much Security?’ International Journal of the Sociology of Law 31 (3): 155–84.
doi:10.1016/j.ijsl.2003.09.002.
Zittrain, Jonathan. 2008. The Future of the Internet and How to Stop It. New Haven, CT: Yale University
Press. Echo Chamber …. New Haven; London: Yale University Press.