Historical Development of Cybersecurity Studies: A Literature Review and Its Place in Security Studies
PDF

Keywords

Cybersecurity
Cybersecurity Studies
Security Studies
International Relations
Multifaceted Approach

How to Cite

Tarhan, K. (2022). Historical Development of Cybersecurity Studies: A Literature Review and Its Place in Security Studies. Strategic Review, (15), 393–414. https://doi.org/10.14746/ps.2022.1.23

Abstract

This study discusses the formation and development of cybersecurity studies since the creation of the Internet. Although the origin of cybersecurity studies dates back to the 1970s, hacking, malicious software, computer intrusions, and espionage attacks that took place in the 1980s led cybersecurity studies to form in the area of computer science. By the 1990s, the Internet began to be used widely, and an increase in the level of attacks in cyberspace began to occur. This period was a major reason for the growth in writing on software and network security. Network security has become a key priority for governments and many industries. Cybersecurity studies have become a priority area in security studies with the increasing complexity of cyber threats towards 2000s. States and some supranational organizations have started to create cybersecurity strategies. The security of critical infrastructure and computer networks has begun to emerge as a high-priority area. It has been observed that the transition from classical security policies to modern security policies, which should be established in the information age, has begun. Cybersecurity studies were taken more seriously after the 2007 Estonian attacks, especially in the 2010s. In this period, the intensity of attacks on critical infrastructures and the occurrence of some physical attacks caused cybersecurity to deepen and become an issue on an international scale. Cybersecurity studies continue to be shaped by being influenced by many different disciplines, regardless of any discipline, with the important discussions and cyber incidents that have taken place in recent years. Therefore, the studies were handled from a multidisciplinary perspective.

https://doi.org/10.14746/ps.2022.1.23
PDF

References

Anderson R. H., Hearn A. C., An Exploration of Cyberspace Security R&D Investment Strategies for DARPA, “The Day After...in Cyberspace II”, RAND.

Arquilla J., Ronfeldt D. (1993), Cyberwar is Coming!, “Comparative Strategy”, 12: 141–165. https://doi.org/10.1080/01495939308402915 DOI: https://doi.org/10.1080/01495939308402915

Arquilla J., Ronfeldt D. (1996), The Advent of Netwar, RAND, Santa Monica.

Arquilla J., Ronfeldt D. (2001), Networks and Netwars: The Future of Terror, Crime, and Militancy, RAND.

Baldwin D. (1995), Security Studies and the End of the Cold War, “World Politics”, 48(1): 117–141. https://doi.org/10.1353/wp.1995.0001 DOI: https://doi.org/10.1353/wp.1995.0001

BBC News (2017), Ukraine power cut ‘was cyber-attack’, 11 January 2017, https://www.bbc.com/news/technology-38573074 (30.04.2022).

Bendrath R. (2001), The Cyberwar Debate: Perception and Politics in US Critical Infrastructure Protection, “Information & Security: An International Journal”, 7: 80–103. https://doi.org/10.11610/isij.0705 DOI: https://doi.org/10.11610/isij.0705

Bey M. (2018), Great Powers in Cyberspace: The Strategic Drivers Behind US, Chinese and Russian Competition, “The Cyber Defense Review”, 3(3): 31–36.

Bıçakcı S. (2014), NATO’nun Gelişen Tehdit Algısı: 21. Yüzyılda Siber Güvenlik (NATO’s Emerging Threat Perception: Cyber Security in the 21st Century), “Uluslararası İlişkiler”, 10(40): 101–130. https://doi.org/10.33458/uidergisi.553374 DOI: https://doi.org/10.33458/uidergisi.553374

Bilgin P. (2010), New Approaches on Security Studies: New Security Studies, “Stratejik Araştırmalar”, 8(14): 69–96.

Bilgin P., Booth K., Lones R. W. (1998), Security Studies: The Next Stage?, “Naçao e. Defesa”, 84(2): 131–157.

Birdişli F. (2019), Teori ve Pratikte Uluslararası Güvenlik; Kavram-Teori-Uygulama (International Security in Theory and Practice: Concept-Theory-Application), Seçkin, İstanbul.

Boys J. D. (2018), The Clinton Administration’s Development and İmplementation of Cybersecurity Strategy (1993–2001), “Intelligence and National Security”, 33(5): 755–770. https://doi.org/10.1080/02684527.2018.1449369 DOI: https://doi.org/10.1080/02684527.2018.1449369

Bronk C., Tikk-Ringas E. (2013), The Cyber Attack on Saudi Aramco, “Survival”, 55(2): 81–96. https://doi.org/10.1080/00396338.2013.784468 DOI: https://doi.org/10.1080/00396338.2013.784468

Buzan B. (1983), People, States and Fear: The National Security Problem in IR, Wheatsheaf Books, England. https://doi.org/10.1017/CBO9780511817762

Buzan B., Hansen L. (2009), The Evolution of International Security Studies, Cambridge University Press, New York. DOI: https://doi.org/10.1017/CBO9780511817762

Cavelty M. D. (2008), Cyber-Security and Threat Politics: US Efforts to Secure the Information Age, Routledge, London–New York.

Cavelty M. D. (2010), Cyber-Threats’, in: The Routledge Handbook of Security Studies, (eds.) M. Dunn Cavelty, V. Mauer, Routledge, London–New York.

Cavelty M. D. (2017), Siber Güvenlik (Cybersecurity), in: Çağdaş Güvenlik Çalışmaları (Contemporary Security Studies 369–371), trans. Nasuh Uslu, (ed.) A. Collins, Role Akademik Yayıncılık, İstanbul.

Cavelty M. D. (2018), Cybersecurity Research Meets Science and Technology Studies, “Politics and Governance”, 6(2): 22–30. https://doi.org/10.17645/pag.v6i2.1385 DOI: https://doi.org/10.17645/pag.v6i2.1385

Cavelty M. D., Wenger A. (2020), Cybersecurity Meets Security Politics: Complex Technology, Fragmented Politics, and Networked Science, “Contemporary Security Policy”, 41(1): 5–32. https://doi.org/10.1080/13523260.2019.1678855 DOI: https://doi.org/10.1080/13523260.2019.1678855

Choucri N. (2012), Cyberpolitics in IR, The MIT Press, Cambridge, Massachusetts.

Choucri N., ReardonR. (2012), The Role of Cyberspace in IR: A View of the Literature, Paper Prepared for the 2012 ISA Annual Convention San Diego, CA.

CNBC (2021), Saudi Aramco facing $50 million cyber extortion over leaked data, 22 July 2021, https://www.cnbc.com/2021/07/22/saudi-aramco-facing-50m-cyber-extortion-over-leaked-data.html (30.04.2022).

Collins S., McCombie S. (2012), Stuxnet: The Emergence of a New Cyber Weapon and its Implications, “Journal of Policing, Intelligence and Counter Terrorism”, 7(1): 80–91. https://doi.org/10.1080/18335330.2012.653198 DOI: https://doi.org/10.1080/18335330.2012.653198

Cornish P. (2015), Governing Cyberspace through Constructive Ambiguity, “Survival”, 57(3): 153–176. https://doi.org/10.1080/00396338.2015.1046230 DOI: https://doi.org/10.1080/00396338.2015.1046230

Darıcılı A. B. (2014), Rusya Federasyonu Kaynakli Olduğu İddia Edilen Siber Saldirilarin Analizi (Analysis Of Alleged Cyber Attacks From Russian Federation), “U.Ü. Sosyal Bilimler Enstitüsü Dergisi”, 7(2): 1–16.

Darıcılı A. B. (2018), Askerileştirilen ve Silahlandırılan Siber Uzay (Militarized and Armed Cyberspace), in: Sosyal ve Beşeri Bilimlere Dair Araştırma Örnekleri (Social and Human Sciences Research Examples, 311–327), (ed.) Ali Acaravcı Nobel Akademik Yayıncılık, Ankara.

Davis J. (2007), Hackers Take Down the Most Wired Country in Europe, “Wired Magazine”, last modified 21 August 2007, https://www.wired.com/2007/08/ff-estonia/ (04.06.2021).

Dawson J., Thomson R. (2018), The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance, “Frontiers in Psychology”, Review article, https://doi.org/10.3389/fpsyg.2018.00744. DOI: https://doi.org/10.3389/fpsyg.2018.00744

Deibert R. J., Stein J. G. (2002), Hacking Networks of Terror, “Dialog-IO”: 1–14. https://doi.org/10.1017/S7777777702000018 DOI: https://doi.org/10.1017/S7777777702000018

Director of National Intelligence, Press Release, Joint Statement from the Department of Homeland Security and Office of the Director of National Intelligence on Election Security (7 October 2016), https://www.dhs.gov/news/2016/10/07/joint-statement-department-homeland-security-and-office-director-national (30.04.2022).

Erendor M. E., Tamer G. (2018), The New Face of the War: Cyber Warfare, “Cyberpolitik Journal”, 2(4): 57–74.

Eriksson J., Giacomello G. (2006), The Information Revolution, Security, and IR: (IR)relevant Theory?, “International Political Science Review”, 27(3): 221–244. https://doi.org/10.1177/0192512106064462 DOI: https://doi.org/10.1177/0192512106064462

Estonian Foreign Intelligence Service, International Security and Estonia, https://www.valisluureamet.ee/pdf/raport-2020-en.pdf (19.01.2021).

European Union, 2020, Cybersecurity Our Digital Anchor a European Perspective, Publications Office of the European Union, Luxembourg.

Farwell J. P., Rohozinski R. (2011), Stuxnet and the Future of Cyber War, “Survival: Global Politics and Strategy”, 53(1): 23–40. https://doi.org/10.1080/00396338.2011.555586 DOI: https://doi.org/10.1080/00396338.2011.555586

Fidler D. P. (2017), The U.S. Election Hacks, Cybersecurity, and International Law, “Articles by Maurer Faculty”, 2607.

Garcia S. M., Palhares A. I. (2014), Reflections on Virtual to Real: Modern Technique, International Security Studies and Cyber Security Environment, in: Cyberspace and International Relations Theory, Prospects and Challenges (269–280), (eds.) J.-F. Kremer, B. Müller, Springer, Berlin. https://doi.org/10.1007/978-3-642-37481-4_15 DOI: https://doi.org/10.1007/978-3-642-37481-4_15

Gompert D. C. (1998), National Security in the Information Age, “Naval War College Review”, 51(4): 22–41.

Greenwald G., MacAskill E. (2013), NSA Prism program taps in to user data of Apple, Google and others, Guardian, 7 June 2013, https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data (04.05.2022).

Groll E. (2017), Cyberattack Targets Safety System at Saudi Aramco, Foreign Policy, 21 December 2017, https://foreignpolicy.com/2017/12/21/cyber-attack-targets-safety-system-at-saudi-aramco/ (30.04.2022).

Hansen L., Nissenbaum H. (2009), Digital Disaster, Cybersecurity, and the Copenhagen School, “International Studies Quarterly”, 53: 1155–1175. DOI: https://doi.org/10.1111/j.1468-2478.2009.00572.x

Hassanzadeh A., Rasekh A., Galelli S., Aghashahi M., Taormina R., Ostfeld A., Banks K. M. (2020), A Review of Cybersecurity Incidents in the Water Sector, “American Society of Civil Engineers”, 146(5): 03120003, https://doi.org/10.1061/(ASCE)EE.1943-7870.0001686. DOI: https://doi.org/10.1061/(ASCE)EE.1943-7870.0001686

Herzog S. (2011), Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses, “Journal of Strategic Security”, 4(2): 49–60. https://doi.org/10.5038/1944-0472.4.2.3 DOI: https://doi.org/10.5038/1944-0472.4.2.3

Homeland Security (2016), Joint Statement from Department of Homeland Security and Office of the Director of National Intelligence on Election Security, https://www.dhs.gov/news/2016/10/07/joint-statement-department-homeland-security-and-office-director-national (18.11.2021).

Hsu K., Murray C. (2014), China and International Law in Cyberspace, “US–China Economic and Security Review Commission Staff Report”.

Jensen B., Valeriano B., Maness R. (2019), Fancy Bears and Digital Trolls: Cyber Strategy With a Russian Twist, “Journal of Strategic Studies”, https://doi.org/10.1080/01402390.2018.1559152. DOI: https://doi.org/10.1080/01402390.2018.1559152

Johnson D. R., Post D. (1996), Law and Borders: The Rise of Law in Cyberspace, “Stanford Law Review”, 48(5): 1367–1402. https://doi.org/10.2307/1229390 DOI: https://doi.org/10.2307/1229390

Kay S. (2004), Globalization, Power, and Security, “Security Dialogue”, 35(1): 9–25. https://doi.org/10.1177/0967010604042533 DOI: https://doi.org/10.1177/0967010604042533

Kello L. (2013), The Meaning of the Cyber Revolution Perils to Theory and Statecraft, “International Security”, 38(2): 7–40. https://doi.org/10.1162/ISEC_a_00138 DOI: https://doi.org/10.1162/ISEC_a_00138

Keohane R. O., Nye Jr, J. S. (1998), Power and Interdependence in the Information Age, “Foreign Affairs”, 77(5): 81–94. https://doi.org/10.2307/20049052 DOI: https://doi.org/10.2307/20049052

Kozlowski A. (2014), Comparative Analysis of Cyber-attacks on Estonia, Georgia and Kyrgyzstan, “European Scientific Journal”, Special Edition 3, 10(7). https://doi.org/10.19044/esj.2014.v10n7p%p (22.05.2021).

Krepinevich A. F. (2012), Cyber Warfare: A “Nuclear Option”?, Center for Strategic and Budgetary Assessments, Washington.

Lawson S., Middleton M. K. (2019), Cyber Pearl Harbor: Analogy, fear, and the framing of cybersecurity threats in the United States, 1991–2016, “First Monday”, 24(3), https://doi.org/10.5210/fm.v24i3.9623 (24.08.2021). DOI: https://doi.org/10.5210/fm.v24i3.9623

Lee R. M., Assante M. J., Conway T. (2016), Analysis of the Cyber Attack on the Ukrainian Power Grid, E-ISAC and SANS ICS, Washington.

Lessig L. (1996), The Zones of Cyberspace, “Stanford Law Review”, 48(5): 1403–1411. https://doi.org/10.2307/1229391 DOI: https://doi.org/10.2307/1229391

Lewis J. A. (2002), Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats, Center for Strategic and International Studies.

Lindsay J. R. (2017), Digital Policy, Regulation and Governance Restrained by Design: The Political Economy of Cybersecurity, https://doi.org/10.1108/DPRG-05-2017-0023. DOI: https://doi.org/10.1108/DPRG-05-2017-0023

Mathews J. T. (1989), Redefining Security, “Foreign Affairs”, 68(2): 162–177. https://doi.org/10.2307/20043906 DOI: https://doi.org/10.2307/20043906

Messmer E. (1999), Kosovo cyber-war intensifies: Chinese hackers targeting U.S. sites, government says, CNN.com, 12 May 1999, http://edition.cnn.com/TECH/computing/9905/12/cyberwar.idg/ (03.05.2022).

Miller S. E. (2001), International Security at Twenty-five: From One World to Another, “International Security”, 26(1): 5–39. https://doi.org/10.1162/016228801753212840 DOI: https://doi.org/10.1162/016228801753212840

National Research Council (1991), Computers at Risk: Safe Computing in the Information Age, The National Academies Press, Washington, DC, https://doi.org/10.17226/1581 DOI: https://doi.org/10.17226/1581

Nissenbaum H. (2005), Where Computer Security Meets National Security, “Ethics and Information Technology”, 7: 61–73. https://doi.org/10.1007/s10676-005-4582-3 DOI: https://doi.org/10.1007/s10676-005-4582-3

Nojeim G. T. (2020), Cybersecurity and Freedom on the Internet, “Journal of National Security Law & Policy”, accessed 9 August 2020, https://jnslp.com/wpcontent/uploads/2010/08/09_Nojeim.pdf (05.06.2021).

Nye J. S. (2017), Deterrence and Dissuasion in Cyberspace, “International Security”, 41(3): 44–71. https://doi.org/10.1162/ISEC_a_00266 DOI: https://doi.org/10.1162/ISEC_a_00266

Nye J. S., Lynn-Jones S. M. (1988), International Security Studies: A Report of a Conference on the State of the Field, “International Security”, 12(4): 5–27. https://doi.org/10.2307/2538992 DOI: https://doi.org/10.2307/2538992

Perlroth N., Krauss Clifford (2018), A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try, “The New York Times”, 15 March 2018, https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html (30.04.2022).

Rid T., Buchanan B. (2015), Attributing Cyber Attacks, “The Journal of Strategic Studies”, 38(1–2): 4–37. https://doi.org/10.1080/01402390.2014.977382 DOI: https://doi.org/10.1080/01402390.2014.977382

Ruus K. (2008), Cyber War I: Estonia Attacked from Russia, “European Affairs”, 9(1–2).

Sánchez K. V., Akyesilmen N. (2021), Competition for High Politics in Cyberspace: Technological Conflicts Between China and the USA, “Polish Political Science Yearbook”, 50(1): 43–69. https://doi.org/10.15804/ppsy202116 DOI: https://doi.org/10.15804/ppsy202116

Schlag G., Junk J., Daase C. (2016), Transformations of Security and Security Studies: An Introduction to the Volume, in Transformations of Security Studies Dialogues, Diversity and Discipline, (eds.) G. Schlag, J. Junk, C. Daase, Routladge, New York. https://doi.org/10.4324/9781315707839 DOI: https://doi.org/10.4324/9781315707839

Slayton R. (2016), What Is the Cyber Offense-Defense Balance? Conceptions, Causes, and Assessment, “International Security”, 41(3): 72–109. https://doi.org/10.1162/ISEC_a_00267 DOI: https://doi.org/10.1162/ISEC_a_00267

Smith M. E. (2020), Uluslararası Güvenlik (International Security), trans. Ramazan Gözen, Felix Kitap, Ankara.

Solms R. V., Niekerk, J. V. (2013), From Information Security to Cybersecurity, “Computer & Security”, 38: 97–102. https://doi.org/10.1016/j.cose.2013.04.004 DOI: https://doi.org/10.1016/j.cose.2013.04.004

Stevens T. (2018), Global Cybersecurity: New Directions in Theory and Methods, “Politics and Governance”, 6(2): 1–4. https://doi.org/10.17645/pag.v6i2.1569 DOI: https://doi.org/10.17645/pag.v6i2.1569

Tarhan K. (2020a), Ulusal ve Uluslararası Güvenliğin Bir Bileşeni Olarak Siber Güvenlik (Cybersecurity as a Component of National and International Security), in: Yeni Küresel Tehdit: Siber Saldırılar Siber Güvenlik ve Politika Uygulamaları (New Global Threat: Cyber Attacks, Cybersecurity and Policy Practices, 33–50), (ed.) Fulya Köksoy, Nobel Yayıncılık, Ankara.

Tarhan K. (2020b), Klasik Soğuk Savaş’tan Küresel Siber Soğuk Savaşa Siber Uzay Kavramının Analizi (Analysis of The Concept of Cyberspace from The Classical Cold War to The Global Cyber-Cold War), in: Güvenlik, Teknoloji ve Yeni Tehditler (Security, Technology and New Threats, 193–211), (ed.) Ali Burak Darıcılı, Nobel Yayıncılık, Ankara.

Tidy J. (2022), Ukrainian power grid ‘lucky’ to withstand Russian cyber-attack, BBC News, 08 April 2022, https://www.bbc.com/news/technology-61085480 (30.04.2022).

Ullman R. H. (1983), Redefining Security, “International Security”, 8(1): 129–153. https://doi.org/10.2307/2538489 DOI: https://doi.org/10.2307/2538489

Verton D. (1999), Serbs launch cyberattack on NATO, FCW, 4 April 1999, https://fcw.com/1999/04/serbs-launch-cyberattack-on-nato/195288/ (03.05.2022).

Walt S. M. (1991), The Renaissance of Security Studies, “International Studies Quarterly”, 35(2): 211–239. https://doi.org/10.2307/2600471 DOI: https://doi.org/10.2307/2600471

Waver O., Buzan B. (2017), Teoriye Dönüş Sonrası: Güvenlik Çalışmalarının Geçmişi, Bugünü ve Geleceği (After the Return to Theory The Past, Present, and Future of Security Studies), in: Çağdaş Güvenlik Çalışmaları (Contemporary security studies, 393–411), trans. Nasuh Uslu, (ed.) Alan Collins, Röle Akademik Yayıncılık, İstanbul.

Westrin P. (2001), Critical Information Infrastructure Protection (CIIP), “Information & Security: An International Journal”, 7: 67–79. https://doi.org/10.11610/isij.0704 DOI: https://doi.org/10.11610/isij.0704

Williams P. D. (2013), Security Studies: An Introduction, in: Security Studies: An Introduction, (eds.) P. D. Williams, M. McDonald, Routledge, New York, Second Edition.

Yılmaz O. (2017), Küreselleşme Sürecinde Dönüşen Güvenlik Algısı Ve Siber Güvenlik, (Transforming Security Perception and Cybersecurity in The Globalization Process), “Cyberpolitik Journal”, 2(4): 22–43.

Zeng J., Stevens T., Chen Y. (2017), China’s Solution to Global Cyber Governance: Unpacking the Domestic Discourse of “Internet Sovereignty”, “Politics & Policy”, 45(3): 432–464. https://doi.org/10.1111/polp.12202 DOI: https://doi.org/10.1111/polp.12202