Enhancing relationships between criminology and cybersecurity
| Author | Benoît Dupont,Chad Whelan |
| Published date | 01 March 2021 |
| Date | 01 March 2021 |
| DOI | http://doi.org/10.1177/00048658211003925 |
| Subject Matter | Articles |
Article
Enhancing relationships
between criminology and
cybersecurity
Benoı
ˆt Dupont
Centre international de criminologie compar
ee, Universit
ede
Montr
eal, Montr
eal (Qu
ebec), Canada
Chad Whelan
Department of Criminology, Deakin University, Victoria, Australia
Abstract
‘Cybercrime’ is an umbrella concept used by criminologists to refer to traditional crimes that
are enhanced via the use of networked technologies (i.e. cyber-enabled crimes) and newer
forms of crime that would not exist without networked technologies (i.e. cyber-dependent
crimes). Cybersecurity is similarly a very broad concept and diverse field of practice. For
computer scientists, the term ‘cybersecurity’ typically refers to policies, processes and prac-
tices undertaken to protect data, networks and systems from unauthorised access.
Cybersecurity is used in subnational, national and transnational contexts to capture an
increasingly diverse array of threats. Increasingly, cybercrimes are presented as threats to
cybersecurity, which explains why national security institutions are gradually becoming
involved in cybercrime control and prevention activities. This paper argues that the fields
of cyber-criminology and cybersecurity, which are segregated at the moment, are in much
need of greater engagement and cross-fertilisation. We draw on concepts of ‘high’ and ‘low’
policing (Brodeur, 2010) to suggest it would be useful to consider ‘crime’ and ‘security’ on
the same continuum. This continuum has cybercrime at one end and cybersecurity at the other,
with crime being more the domain of ‘low’ policing while security, as conceptualised in the
context of specific cybersecurity projects, falls under the responsibility of ‘high’ policing
institutions. This unifying approach helps us to explore the fuzzy relationship between
cyber-crime and cyber-security and to call for more fruitful alliances between cybercrime
and cybersecurity researchers.
Corresponding author:
Benoı
ˆt Dupont, Centre international de criminologie compar
ee, Universit
e de Montr
eal, Pavillon Lionel-Groulx,
3150, rue Jean-Brillant, Suite C-4086, Montreal (Quebec), Canada H3T 1N8.
Email: benoit.dupont@umontreal.ca
Journal of Criminology
2021, Vol. 54(1) 76–92
!The Author(s) 2021
Article reuse guidelines:
sagepub.com/journals-permissions
DOI: 10.1177/00048658211003925
journals.sagepub.com/home/anj
Keywords
Criminology, cybercrime, cyber harms, cybersecurity, networks, security, security actors
Date received: 1 February 2021; accepted: 2 March 2021
Introduction
Cybercrime and cybersecurity are increasingly being presented among the major social,
political and economic challenges of our time. Cybercrime is an umbrella concept used
to refer to cyber-enabled crimes (i.e. traditional crimes that are enhanced via the use of
networked technologies) and cyber-dependent crimes (i.e. crimes that would not exist
without networks technologies; see McGuire & Dowling, 2013; Wall, 2001). For the
most part, criminological research has focused more on cyber-enabled crime and, to a
lesser extent, on policing responses to those crimes. Research in this domain is loosely
referred to as ‘cyber-criminology’ (Grabosky, 2016). Cybersecurity is a very broad con-
cept and diverse field of practice. For computer scientists, the term is typically used to
refer to policies, processes and practices undertaken to protect data, networks and
systems from unauthorised access (Carley, 2020; Fichtner, 2018). It does not matter,
from a definitional point of view, whose systems are being considered, with cybersecu-
rity being used in the context of personal devices, the home, workplace and institutions.
Rather, the different types and purposes of data, networks and systems are more ques-
tions for the precise makeup of cybersecurity. Much like the idea of ‘security’, cyberse-
curity is a slippery concept meaning very different things to different people.
The ‘securitisation’ of cybersecurity cannot be ignored (Kremer, 2014). Indeed, some
argue that the term ‘cybersecurity’ can be understood ‘as “computer security” plus
“securitisation”’ (Hansen & Nissenbaum, 2009, p. 1160), reflecting the view that shifting
from computer to cyber security shifts from a technical discourse based on protecting
systems to a securitising discourse portraying cybersecurity as a specialised domain of
national security. An increasingly diverse array of cybersecurity issues are captured
under this conceptualisation, including threats posed from espionage emanating from
a foreign state, hacking by (state or non-state) terrorists and various forms of cyber-
crime. Increasingly, cybercrimes are presented as threats to cybersecurity. Many of the
agencies responsible for cybersecurity, particularly signals intelligence agencies, have
historically had very little to do with crimes. Interestingly, governments are also poten-
tial threats to cybersecurity, as in the cases over-reaching state surveillance. As a field of
practice, cybersecurity is concerned largely with the protection of digital infrastructures
such as communications, financial and transportation systems (Fichtner, 2018). At the
same time, individuals and organisations of all sizes are increasingly being encouraged
and responsibilised to practise cybersecurity.
As cyber-criminology and cybersecurity are both concerned with the study of online
harms and responses to such harms, it would be logical to assume that these fields share
many theoretical and empirical approaches. Upon a closer examination, however, it
becomes clear that they are more accurately understood as two discrete academic
fields, each mobilising differentiated conceptual frameworks, research questions,
Dupont and Whelan 77
To continue reading
Request your trial