Despite the prominent role of the military in shaping the threat perception, a different track emerged when a particular event gave a distinct face to cyberthreats: the Oklahoma City bombing of April 1995. In its aftermath, the issue of cyber-threats was interlinked with the concept of critical infrastructure protection (CIP) – critical infrastructures being defined as those assets whose destruction or disruption would have a crippling impact on the heart of the US society – and the threat of terrorism. The threat frame that emerged from this premise made military options seem unsuitable, despite the military’s great interest in the topic until at least the mid-1990s and despite the fact that terms like ‘information warfare’, ‘cyber-war’, or ‘electronic Pearl Harbor’ helped to hoist the problem firmly onto the security political agenda (Bendrath 2001).