Emma Sandvik Ling is currently completing her Master’s in International Peace and Security at the KCL Department of War Studies. Her research interests include cybersecurity, gender, the Middle East, and Just War Theory, and her dissertation examines the violence of cyber-attacks. In the long term, Emma hopes to contribute to research on ethics in war and conflict.
No More Awkward Silence
Is Cybersecurity Genderless or Just Gender Blind?
Active gender awareness is essential to understanding security threats and determine appropriate responses. This has been popularly acknowledged over the last decades with landmark legislation such as Security Council Resolution 1325. So why is gender still being ignored in cybersecurity?
There appears to be a common assumption that cybersecurity is genderless (Millar et al. 2021, p. 8). Cybersecurity encompasses efforts to secure cyberspace, a domain of interconnected networks within which information is shared and stored (Singer and Friedman, 2014, p. 14). The UK National Cybersecurity Strategy mentions gender only once (Cabinet Office, 2016, p. 56) and the US National Cyber Strategy has no mention of gender at all (White House, 2018). The Tallinn Manuals, which are regarded as the most comprehensive documents on the application of international law to cyberwarfare, mention gender one time within Rule 87 regarding protected persons in occupied territories (CCD COE, 2013). It is evident that gender is simply not a part of mainstream discussions on cybersecurity. However, the lack of gender awareness in these debates does not necessarily prove that cyberspace is genderless. By ignoring gendered dynamics, international relations scholars and practitioners are currently laying the groundwork for gender-blind international legal framework on cybersecurity. This can create significant security gaps in cyber legislation moving forward.
Feminist IR Theory in International Security
Gender blindness does not only manifest in cyberspace. Like contemporary debates on cybersecurity, mainstream scholarship on International Relations (IR) and security often appears largely gender-less. For example, Michael Walzer’s Just and Unjust Wars (1977), one of the major contemporary contributions to Just War Theory, fails to consider women beyond a brief discussion on human rights (Walzer 1977, pp. 133-135). Women are explicitly regarded as innocent bystanders in conflict while combatants are referred to with male pronouns. Walzer’s approach to gender in conflict and security does not represent an outlier. This is rather an anecdotal example of a larger tendency in mainstream IR debates of viewing gender issues – often falsely understood as synonymous with women’s issues - as a tangential sidenote.
Feminist IR scholars have long identified an “awkward silence” in IR and security studies where gender perspectives are written off as irrelevant digressions (Tickner, 1997, p. 628). Feminist IR theorists view political systems as implicitly or explicitly gendered (Sjoberg, 2012, p. 9). It is important to make a distinction here between sex and gender. While the former commonly refers to biological factors, the latter encompasses the learned behaviours, practices, and characteristics which are often categorised as ‘masculine’ or ‘feminine’. Gender is therefore not just ‘men’ versus ‘women’. These gendered characteristics rather exist in a power hierarchy where idealised masculine stereotypes dominate. The application of a feminist lens to IR highlights the ways in which gendered identities shape and are shaped by political dynamics (Enloe, 2014). Duncanson (2015) identifies these gendered stereotypes in the idealisation of combatants as physically fit, competitive, rational, heterosexual and so on. Though not all combatants fit this description, it acts as an idealised stereotype towards which individuals negotiate their own gender identity. In this way, activity which is uncritically assumed to be genderless is in fact actively performing gender stereotypes.
Neglecting to consider gender structures in the context of conflict and security restricts the researcher’s ability to account for the nuanced dynamics in the security landscape (Sjoberg, 2012, p. 2). To an extent, the importance of gendered perspectives has been acknowledged with regards to traditional security analyses. In 2000, Security Council resolution 1325 finally recognised that women and girls do experience violent conflict and war differently, and that sustainable conflict resolution must include gender perspectives. While the awkward silence around gender is now less pronounced in scholarship on traditional security threats, work on cyber threats and cybersecurity is lagging behind.
Gendering Cybersecurity
Cyberspace is regularly referred to as the ‘fifth domain’ of warfare alongside land, sea, air, and space (Hall, 2016). The importance of securing cyberspace is commonly recognised by governments and private companies, which are investing significant capital and effort into securing their presence in digital domains. Nevertheless, the awkward silence regarding gender perspectives is remarkably persistent in cyberspace.
Welner and Rothman (2019) problematise the assumption that cyberspace is genderless. Despite its popular reputation as gender neutral, they find that there are important gender biases embedded in artificial intelligence technology (AI). Focusing on translation software, the scholars suggest that the issue stems from the datasets used in training AI systems to react to real-world situations. Because the datasets frequently associate male names with career words and female names with domestic tasks or family life, the AI systems inevitably conform to gendered stereotypes (Wellner and Rothman, 2019). Cyberspace is operated, governed, and occupied by individuals with learned gendered assumptions. Therefore, gendered dynamics prevalent in the physical world are inevitably transferred to cyberspace.
Gendered dynamics in cyberspace also manifest on an individual level in ways which disproportionately impact women. Cyber violence has been identified as a significant element in contemporary domestic violence dynamics (Al-Alosi, 2017; Freed et al., 2018). Women and girls are also more likely to experience cyber bullying, online harassment and cyber victimisation, including ‘revenge porn’ (Griezel et al., 2012; Sun and Fan, 2018; Vilić, 2019). Recognising this, the website Hackblossom interestingly provides a feminist toolkit to navigating cyberspace safely. At the very least, evidence indicates that gendered dynamics are in fact transferred to cyberspace from the physical world. Going beyond interpersonal dynamics, however, the lack of gender awareness in cyberspace poses a significant threat to cybersecurity.
The international legal framework covering cyberspace is still in development. Gender blind cybersecurity research and practices risk laying the groundwork for gender blind international law on cybersecurity. Millar, Shires and Tropina (2021) highlight that multilateral debates on cybersecurity have only recently started to acknowledge the importance of gender in cybersecurity governance. They suggest that “cybersecurity legal measures should incorporate a gender perspective into the development, implementation, oversight and evaluation of relevant laws” (Millar et al, 2021, pp., 5-6). As international law is starting to catch up with modern technologies, it is essential to recognise how cyber security is gendered. Successfully incorporating gender awareness in cyber governance requires broader scholarly recognition of gender dynamics in cyberspace. Failing to do so can result in gender-blind legislation which will create significant security gaps moving forward.
Encouraging a more diverse cybersecurity workforce will be an important first step towards improving gender awareness in cyberspace. While women are more likely to experience harassment and violence in cyberspace, they are currently underrepresented in the cybersecurity workforce. Bradford (2018) sees a diverse cybersecurity workforce as essential. She finds that the ‘bad guys’, by which she means the adversarial hackers, are more diverse and unpredictable than in traditional security threats. It is therefore important that the response teams represent diverse experiences, backgrounds, and identities. She fails to see the irony in using the gendered term ‘bad guys’ to explicitly discuss an increasingly diverse pool of adversaries. Moving on, she also points to a strong demand for new recruits in the cybersecurity workforce. It is therefore unfortunate that lack of women in cybersecurity effectively narrows the pool of interested applicants. Adding to this, I have already discussed how women and girls disproportionately experience harassment and violence in cyberspace. Encouraging a more diverse cybersecurity workforce will be an important first step towards establishing more gender conscious responses.
It must be acknowledged that there have been some efforts to include women in cybersecurity. Currently ten of the top 24 leading positions within the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) are held by women. Arguably, this can be seen as an indication that women are in fact welcomed into the top cybersecurity positions and given a significant seat at the table while the future of cyber governance is being debated. However, Dharmapuri (2011) warns that though this is part of the solution, it does not suffice to simply ‘add women and stir’. Gendered issues are not synonymous with ‘women’s issues’ and can therefore not be resolved only by including more women. Gender blindness is a failure to consider the interests and needs of diverse actors in a society, which can increase the risk of instability (Dharmapuri, 2011, p. 62). Including women in cybersecurity debates will certainly be part of the process to lay the groundwork for genuinely gender aware cyber governance. Beyond this, however, research on cybersecurity and cyber governance must begin to take seriously the needs, interests, and motivations of all relevant actors.
Conclusion
Despite evidence suggesting a correlation between security and gender, cybersecurity scholarship and legislation is currently overwhelmingly gender blind. Neglecting to include gender analysis in cyber governance and cybersecurity research leads to significant knowledge gaps and insecurity. To address this, scholars and policy makers focusing on cyberspace must begin to consider the gendered dynamics of digital interactions. In the words of feminist IR theorist Cynthia Enloe: “If one fails to pay close attention to women – all sorts of women – one will miss who wields power and for what ends” (Enloe, 2014, p. 9). It is therefore essential to consider where and how gender operates in digital domains. Taking inspiration from Enloe herself, relevant scholars and policy makers can take the first step towards gender aware cybersecurity by asking one simple question: Where are the women?
Bibliography
Al-Alosi, H. (2017) ‘Cyber-Violence: Digital Abuse in the Context of Domestic Violence.(Australia)(Cyberspace and the Law)’, University of New South Wales Law Journal, 40(4), pp. 1573–1603.
Bradford, L. (2018) Cybersecurity Needs Women: Here’s Why, Forbes. Available at: https://www.forbes.com/sites/laurencebradford/2018/10/18/cybersecurity-needs-women-heres-why/ (Accessed: 15 March 2021).
Cabinet Office (2016) National Cyber Security Strategy 2016 to 2021, GOV.UK. Available at: https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021 (Accessed: 15 March 2021).
CCD COE (2013) ‘Tallinn Manual’. Cambridge University Press. Available at: https://issuu.com/nato_ccd_coe/docs/tallinnmanual (Accessed: 15 March 2021).
Dharmapuri, S. (2011) ‘Just add women and stir?’, The US Army War College Quarterly: Parameters, 41(1), p. 4.
Duncanson, C. (2015) ‘Hegemonic Masculinity and the Possibility of Change in Gender Relations’, Men and masculinities, 18(2), pp. 231–248. doi: 10.1177/1097184X15584912.
Enloe, C. (2014) Bananas, Beaches and Bases: Making Feminist Sense of International Politics. Univ of California Press.
Freed, D. et al. (2018) ‘“A Stalker’s Paradise” How Intimate Partner Abusers Exploit Technology’, in Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–13.
Griezel, L. et al. (2012) ‘Uncovering the Structure of and Gender and Developmental Differences in Cyber Bullying’, The Journal of educational research (Washington, D.C.), 105(6), pp. 442–455. doi: 10.1080/00220671.2011.629692.
Hall, S. (2016) ‘Cyberspace at the Operational Level: Warfighting In All Five Domains’. Available at: http://www.dtic.mil/docs/citations/AD1021506 (Accessed: 15 March 2021).
Millar, K., Shires, J. and Tropina, T. (2021) Gender Approaches to Cybersecurity: Design, Defence and Response. The United Nations Institute for Disarmament Research. doi: 10.37559/GEN/21/01.
Singer, P., Friedman, A. (2014) Cybersecurity: What Everyone Needs to Know, Oxford: Oxford University Press.
Sjoberg, L. (2012) ‘Gender, structure, and war: what Waltz couldn’t see’, International Theory, 4(1), pp. 1–38. doi: 10.1017/S175297191100025X.
Sun, S. and Fan, X. (2018) ‘Is There a Gender Difference in Cyber-Victimization?’, Journal of Media Psychology: Theories, Methods, and Applications, 30(3), pp. 125–138. doi: 10.1027/1864-1105/a000185.
Tickner, J. A. (1997) ‘You just don’t understand: troubled engagements between feminists and IR theorists’, International Studies Quarterly, 41(4), pp. 611–632.
Vilić ,V. (2019) ‘Revenge porn as a form of cyber misogyny’, Temida, 22(1), pp. 59–77. doi: 10.2298/TEM1901059V.
Walzer, M. (1977) Just and Unjust Wars: A Moral Argument with Historical Illustrations, New York: Basic Books.
Wellner, G., Rothman, T. (2019) ‘Feminist AI: Can We Expect Our AI Systems to Become Feminist’ in Philosophy and Technology, Vol 33, pp. 191-205.
White House (2018) National Cyber Strategy of the United States of America, Available at: https://trumpwhitehouse.archives.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf (Accessed 15 March 2021).