What is cyber space and cyber security? Though agreeing on a definition or common vocabulary of cyber space has proven to be difficult,5 Libicki’s model of three separate but interlinked layers has become a relatively common way to describe cyber space (Libicki 2007). This consists of: the physical layer (tangible objects like servers, wires, routers,

etc.); the syntactic or logical layer (software, protocols, etc.); and the semantic or cognitive layer (information and ideas). Each of these layers is associated with distinct security challenges. The physical can be destroyed or disrupted through kinetic means or through the syntactic layer, the syntactic can be harmed by malicious software (malware) and the information stored in the semantic can be stolen, altered, etc. It is important not to confuse these security challenges. Physical protection of critical infrastructure from kinetic sabotage or attacks is not cyber security. Likewise, WikiLeaks’ or Edward Snowden’s publication of sensitive documents from the NSA database is a breech in information security, not cyber security. However, had the same documents been stolen through an online attack on NSA’s servers, it would qualify as a cyber attack. Hence, when we speak of cyber security we are primarily focusing on how malware (viruses, Trojan horses and worms) introduced at the syntactic layer may harm the physical, syntactic or the semantic level. It is about malicious codes created to exploit holes or weaknesses in software. We may thus call the syntactic level the center of gravity in cyber security, as it is the layer which all cyber attacks must go through even though it may not be the intended target. It is the gateway to the other layers and where the cyber-security battles are being waged on a daily basis. By focusing on this basic technical nature of the problem, we also avoid having to differentiate between social categories of attacks based on intent, such as “crime,” “terrorism,” etc. As Dunn Cavelty puts it:

The only way to (potentially) determine the source, nature, and scope of the incident is to investigate the incident-which means investigating the malware that caused it.