The Citadel and Its Sentinels: State Strategies for Contesting Cyberterrorism in the UK

Abstract

The spectre of cyberterrorism portends a spectrum of, hitherto unrealised, catastrophic scenarios for the United Kingdom. Indeed, governments worldwide now face the task of creating or adapting state institutions to engage with rapidly evolving, elusive and recalcitrant cyber-threats that have the potential to cause harm to life, limb or livelihood. This chapter offers an overview of the principal institutions mandated to address cyberterrorism within the UK, and explores a series of complex policy problems that continue to confound government agencies and corporate actors in this area. Here I contend that the UK government has struggled to conceptualise the threat of cyberterrorism. In a post-privatisation era, the government has instead elided the unrealised threat of cyberterrorism with a broader range of cyber threats and pursued a two-pronged strategy to meet these threats by (i) constructing a protected government ‘citadel’ of standardised core government services, and (ii) commissioning government ‘sentinel’ services to advise the private sector owners and operators of critical infrastructure on meeting and mitigating cyber threats. I argue that this strategy does not overcome a latent challenge of the cyber era: that is, the profit-maximising instincts of the private sector remain in tension with the protection of the public interests that rely on (privately owned) critical infrastructure.