Cyber security and risk society: Estonian discourse on cyber risk and security strategy

Abstract

The main aim of this thesis is to call for a new analysis of cyber security which departs from the traditional security theory. I argue that the cyber domain is inherently different in nature, in that it is lacking in traditional boundaries and is reflexive in nature. Policy-makers are aware of these characteristics, and in turn this awareness changes the way that national cyber security strategy is handled and understood. These changes cannot be adequately understood through traditional understanding of security, as they often are, without missing significant details. Rather, examining these changes through the lens of Ulrich Beck’s risk society theory allows us to fully understand these changes. To support my argument, I analyze statements made by Estonian policy-makers and stakeholder, demonstrating that the way that they understand the nature of the cyber domain and the drafting and handling of cyber security as a result of this understanding is best rationalized through a risk society framework.