Cybersecurities: Understanding Different Logics of German Cybersecurity Policies

When states defined their first cybersecurity policies during the last decade, they have emphasized their claim to protect the nation state not only offline but also in cyberspace. Most academic work analyzing this trend in policy making was conducted by scholars from securitization theory. While this research showed clear evidence for a securitization of cyberspace, a lot of studies don't discern between different areas of cybersecurity and therefore different degrees of securitization. Building on role theory in IR the proposed paper argues, that cybersecurity policy is shaped by the interactions of domestic and international actors in the different areas of cybersecurity. Role theory has recently started to analyze the process of role contestation, thereby opening the domestic sphere for role theoretical analysis. The paper draws on these insights and argues that international role taking can be supplemented by a domestic level of role play. In order to establish stable cybersecurity policies the administration's role (in this case ´protector`) has to be met by complementary roles from parliament, judiciary and non-state actors. By analyzing documents from the German executive, legislative, judiciary and non-state actors the paper traces the development of German cybersecurity policies with regard to four different areas: law enforcement, intelligence, military and the protection of critical infrastructure (in all of which the administration has shown the ambition to expand its authority). The paper analyzes, in which cases the executive has claimed the right to interfere with or impose binding legislation for cybersecurity in order to guarantee national security and whether these claims were contested by domestic significant others. It will be argued that policies differ between these fields depending on involved actors and their varying willingness to accept proposed security policies.