Cybersecurity proponents often rely upon cyber-doom scenarios as a key tactic for calling attention to prospective cyber-threats. This essay critically examines cyber-doom scenarios by placing them into a larger historical context, assessing how realistic they are, and drawing out the policy implications of relying upon such tales. It draws from relevant research in the history of technology, military history, and disaster sociology to examine some of the key assertions and assumptions of cyber-doom scenarios. It argues that cyber-doom scenarios are the latest manifestation of fears about “technology-out-of-control” in Western societies, that they are unrealistic, and that they encourage the adoption of counter-productive, even dangerous policies. The paper concludes by offering alternative principles for the formulation of cybersecurity policy.

There has been no shortage of attention devoted to cybersecurity, with a wide range of experts warning of potential doomsday scenarios should the government not act to better secure the Internet. But this is not the first time we have been warned of impending dangers; indeed, there are many parallels between present portrayals of cyberthreats and the portrayal of Iraq prior to 2003, or the perceived bomber gap in the late 1950s.

This paper finds that alleged cybersecurity market failures are, at a minimum, much smaller than they first appear and, consequently, that attempts to correct them through naive government regulation run the serious risk of doing more harm than good.

Rhetoric around cybersecurity could be contributing to threat inflation and an emerging cyber-industrial complex. More verifiable evidence needs to be made public before deciding whether and how government intervention can help.