Conflict in Cyber Space: Theoretical, Strategic and Legal Perspectives, Karsten Friis and Jens Ringsmose eds., London: Routledge, 2016. 1 From Cyber Threats to Cyber Risks Karsten Friis and Erik Reichborn-Kjennerud Norwegian Institute of International Affairs (NUPI) Introduction While issues relating to cyber security have been on the security policy agenda for several decades, it is only recently that cyberspace has moved to the top of the national and international security agendas. As a result, discourses on cyber security have increasingly become dominated by militarised language and links between cyberspace and strategic threats. The use of metaphors of war and nuclear deterrence, talk of a new Cyber Cold War, and drawing analogies to catastrophic events such as Pearl Harbor and 9/11 are all examples of this (Kerry 2013; Bumiller and Shanker 2012; Lynn 2010). The debates surrounding cyber security reflect our growing dependency on cyberspace and the willingness of states and non- state actors to exploit it for political, economic, military, etc. gain. This also means that cyber security is not merely a technical problem, but one that has ramifications throughout society. In addition, states, organisations and corporations have established various cyber security institutions to deal with the myriad of challenges stemming from increased dependency on cyber and the inherent vulnerabilities of cyberspace. This has led a number of scholars to examine whether cyberspace has been securitized; i.e. lifted out of the realm of regular politics and treated as an emergency, thus legitimising extraordinary countermeasures (Buzan et al. 1998). Although they find many cases of attempted securitization, such as the hyperbolic language mentioned above, these have had limited resonance and have rarely resulted in extraordinary countermeasures. At the same time, numerous high profile cyber attacks and empirical evidence show that cyber security is