Introduction

Every day, people interact with hundreds, if not thousands, of different devices, each connected to the Internet, forming a massive network of networks that has broadly become known as cyberspace. Everything from coffeepots to cars, mobile phones to grocery stores and gas stations, is increasingly connected and sharing information with the world around us. We have come to depend on this connected world in innumerable ways. We rely on the Internet to share information about our lives with friends and family, to check our bank accounts and to verify our purchases at stores.

Beyond the obvious devices we hold in our hands or interact with consciously, we depend on hundreds more that we are unaware of, but that keep us safe and facilitate modern life. Nearly every aspect of our daily lives is touched by computers and networks. Cars rely on hundreds of computer chips to manage traction control and environmental and braking systems. Connected computers at intersections manage the flow of traffic and prevent accidents. The natural resources our modern society depends on are managed by industrial control systems that regulate voltages between substations, and water pressure in city utilities. Every computer chip we come into contact with plays a role in the larger ecosystem of cyberspace. Each of these individual pieces fits within a broader puzzle that is deeply vulnerable to manipulation, misuse and error.

This book focuses on the interactions of individuals, groups and states in cyberspace, and walks the reader through the security challenges faced in an increasingly digital world. While many of the problems faced at the individual device level and in small networks are technical, the broader systemic implications of their use and misuse are inherently social and political. From relatively humble and hopeful beginnings, social scientific thought on issues related to cyberspace has been evolving for more than 70 years.1 Debates on the technological connectedness of human society have changed from prognostications on the future to analyses of the present.2

Cyberspace is a unique and often perplexing environment, one referred to by the military as a domain of operations on a par with the other combat domains of land, sea, air and space.3 Cyberspace, unlike its counterpart domains, is entirely man-made and depends on physical, logical and human structures and organizations to operate. Some scholars even refer to cyberspace as a “substrate” that forms the foundation of much of modern life and permeates political, social, economic, technical and environmental sectors.4

Cyberspace, as a term, was first derived from a work of fiction in the 1980s and defined as a “consensual hallucination,” referring to its ability to alter the perceived reality of those who engage one another through it in chat rooms or virtual environments such as Second Life and the Metaverse.5 Its importance in popular culture was prevalent long before it was widely used, and its impact on national security policy has been significant almost from its inception. Social and cultural commentary on computers, individuals and networks and much more has often outpaced technological reality and informed discussions of the moral and ethical, legal and policy ramifications of an ever connected world.

Among the most discussed ramifications in the development of cyberspace is security. Security is not an isolated concept. Security failures in cyberspace can result in a wide range of “real-world” challenges that plague actors from individuals to states. Cybersecurity is often presented as an afterthought in the design and development of the Internet and its related technologies.6 Although this is partially true, the lack of systemic security in cyberspace is a function of a variety of complex processes that include social, political, technical and economic considerations. Social scientific analysis of these attributes of cyberspace and associated technologies helps to examine the pieces of the puzzle and provides insights on how various outcomes occur or might be avoided.

The significance of cyberspace, and in particular security within cyberspace, to social scientists is growing every year. At present, more than half the world’s population is connected in some way to cyberspace. Those who are not presently connected are expected to come online in the years to come. At the close of 2023, by some estimates, more than 450,000 new pieces of malicious software (malware) were being released daily.7 The growth and diversity of malware spreading within cyberspace are having a substantial impact on nation states, businesses and individuals. Global anti-virus firm Symantec estimated that 978 million people in 20 countries were affected by cybercrime, equating to a total loss of approximately $172 billion or $142 per person in 2017.8 In 2020, cybersecurity company McAfee estimated global losses from cybercrime at over $1 trillion.9 Other malicious activities in cyberspace – such as espionage, Distributed Denial of Service (DDoS) attacks, social engineering, information operations and a host of other activities – are challenging modern societies in countless ways.

To respond to cybercrime, espionage and other malicious behavior in cyberspace, public and private actors are spending large sums of money to develop robust cybersecurity strategies, and are investing in global governance organizations and fighting for norms and other behaviors to constrain the proliferation of cybercrime, espionage and malfeasant state behavior.10 Within the business community, technology companies are leading the fight against cybercrime through the implementation of more ubiquitous encryption within platforms, and they are fighting government policies and legal efforts to undermine encryption within their products.11 Businesses’ efforts to secure their products come with trade-offs for law-enforcement and intelligence agencies. More secure communications devices and online platforms have been used by transnational criminals and terrorist organizations to plan and engage in attacks against citizens of multiple countries.12 Beyond the proliferation of malware for criminal activities, countless cyberattacks have targeted nation states and their critical infrastructures – including hospitals, public transit, electric and water facilities and many more. Most of these attacks were undertaken with the intent of degrading, denying, sometimes even destroying, critical national capabilities. Many states are now opting to invest substantial resources in the development of civilian and military cyber programs for both offensive and defensive purposes. International organizations such as the North Atlantic Treaty Organization (NATO) have begun outlining military responses to cyberattacks. Some countries, such as the United States, are going as far as claiming the prerogative to respond to certain cyberattacks with nuclear weapons.13

It is increasingly difficult to deny the immense importance and impact of cyberspace in every aspect of life in many developed and developing nations. There are huge socio-economic benefits associated with the increased development and proliferation of cyberspace into communities never before connected to the Internet. We are now able to share information with friends and family members around the world instantaneously. We can learn about other countries and cultures, engage in global commerce and support communities around the world affected by natural disasters, war or political repression in ways never before possible. The potential of cyberspace to achieve a great many benefits is limited only by the creativity of those who leverage the increasing range of technologies available to them. Yet, as cyberspace expands and becomes more vital to everyday life, the security challenges often found offline – crime, war, terrorism, cultural and political repression, among many others – must be addressed within cyberspace.

Our approach

This book is designed for readers with limited prior experience in cybersecurity, or as a refresher for those with more robust backgrounds. We introduce a variety of concepts, practical problems and core policy debates necessary to understand security in and through computer networks. Each chapter is carefully constructed to provide our readers with a comprehensive introduction to the complexities and challenges of cybersecurity in an engaging and relevant fashion. The chapters include a reader’s guide presenting the bottom-line of each chapter upfront, case studies presented in storyboxes to help our readers analyze the complexity of cybersecurity in practice, as well as discussion questions to hone critical thinking skills, exercises to learn more actively about cybersecurity, and a brief list of suggested readings. Upon reading this book, readers will know the key attributes of, controversies surrounding, policies, norms and laws regarding, and challenges posed by cybersecurity, and will be well positioned to continue to advance their knowledge, should they choose to do so.

We structured this book around ten chapters designed to introduce readers to a range of concepts associated with cybersecurity. The core argument bringing these chapters together presents cyberspace as a complex socio-technical-economic domain that achieves relevance and importance through human design and manipulation. Despite its technical specificities and unique character, cyberspace is a domain of human activity and interactions. Humans created cyberspace, and use digital means to serve both beneficial and malicious...