The Space Between: Policy Implications for the Conceptualization of Cyberspace as a Domain

– Executive Summary –

The objective of this thesis is to identify the extent to which defining cyberspace as a domain will affect the formulation of homeland security enterprise (HSE) policy related to cyberspace in the future. To that end the primary research question is as follows:

What will be the practical impact of defining cyberspace as a domain on Homeland Security Policy?

While the term cyberspace frequently makes appearances throughout the HSE, there is a lack of common agreement on (a) whether cyberspace is a “space” at all, and (b) if it is a space, what that space looks like. Those who disagree on these points can generally be divided into two categories: Instrumentalists, or those that view cyberspace as a tool and basically a convenient metaphor for network infrastructure; and Spatialists, or those that view cyberspace as a space.[1]  Disagreement on what cyberspace is leads to inconsistencies in policies meant to govern cyberspace, as the concerns and focus look different depending on how the policy views cyberspace. Therefore, assessing how cyberspace has been understood in the past is necessary when determining what future policy may look like if the use of cyberspace as a concept persists. As assessing the entirety of HSE perspectives on cyberspace would be a touch impractical, this thesis focuses narrowly approaches to cybersecurity by the Clinton, Bush, Obama, Trump, and Biden administrations.

However, as there is no extant common agreement on what cyberspace is or how it works, prior to engaging in the aforementioned analysis one must establish that baseline first. Herein, cyberspace is considered first metaphysically, and described as a multi-mind dependent reality that exists independently of any lone-mind. It is a reality nested within physical reality, and so limited by both physical laws and the constraints placed on behavior and the creation of artifacts therein by the technical infrastructure that makes its existence possible. Based upon this understanding, three key considerations must be present with policy for it to adequately address cyberspatial issues. These are the mutability of cyberspace, the composition and nature of things in cyberspace, and the nature of trans-spatial activity.  Of these, the first is probably the most accessible if only because the narrative vis-à-vis the speed with which network technology has developed and is developing is so common.[2] Cyberspace is constantly changing, in part, because the technology that supports it is constantly evolving. As to the second, whereas physical objects are identified as such because their component parts are physically proximate, the component parts of a thing in cyberspace may or may not be.  A website like Facebook for example is not stored on a single server somewhere in California, and yet is understood to be one “thing.”[3] As to the nature of trans-spatial activity, there are moments where activity in cyberspace can affect physical space and vice versa. Examples include everything from the increasing size and value of data sets as a result of both manual and automated data entry, the value of physical data storage devices increasing when storing cryptocurrency, or a person acting out after being radicalized online. If one fails to account for the preceding, they have effectively failed to account for some fundamental features of cyberspace. For example, the Amazon website, like Facebook, is not comprised of components that exist in one physical place, and so one cannot simply seize it without identifying all of the data sources that contribute to it, and nor can they fail to consider that doing so would result in real consequences for physical global supply chains. Given the strictly instrumental approach of four of the past five presidential administrations to cybersecurity, it would seem that cybersecurity has surprisingly little to do with cyberspace at all. Beginning with the Clinton administration, discourse around cybersecurity has been inextricably linked with critical infrastructure protection, focusing narrowly on the vulnerabilities of network infrastructure.[4] The one exception was the approach of the Trump administration, which explicitly engaged with concerns about behavior within cyberspace that were not addressed by previous administrations, and nor have they been addressed by the Biden administration at the time of this writing.[5] When engaging with more recent topics around behavior like dis/misinformation on-line, the topic does not tend to be covered within cybersecurity discourse at the administrative level because dis/misinformation can spread without exploiting network vulnerabilities, even though it is sometimes framed as a cybersecurity issue. Consequently, in answer to the principal research question of this thesis, one would presume that in the future either (a) that discursive space will be created within the context of cybersecurity discourse, or (b) a new and secondary policy framework will arise to address issues related to cyberspace that cybersecurity discourse has thus far failed to account for. Otherwise, cybersecurity policy will fail to account for those unique challenges that cyberspace presents.

[1] Rebecca Bryant, “What Kind of Space Is Cyberspace?,” Minerva: An Internet Journal of Philosophy 5 (2001): 138–55; Orin S. Kerr, “The Problem of Perspective in Internet Law,” Georgetown Law Journal 91 (2002),

[2] William J. Clinton, “Public Papers of the Presidents of the United States: William J. Clinton (1997, Book II) – Remarks Announcing the Electronic Commerce Initiative,” 1997,; John D. Moteff, “Critical Infrastructures: Background and Early Implementation of PDD-63” (Library of Congress Washington DC Congressional Research Service, June 19, 2001),; The White House, “National Strategy to Secure Cyberspace” (United States. White House Office, February 2003),; The White House, “Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, May 8, 2009,” National Security Archive, May 8, 2009,

[3] “Facebook Data Centers,” Facebook Data Centers, accessed December 13, 2021,

[4] James D. Boys, “The Clinton Administration’s Development and Implementation of Cybersecurity Strategy (1993–2001),” Intelligence and National Security 33, no. 5 (July 29, 2018): 762,

[5] The White House, National Cyber Strategy of the United States of America. (Washington, District of Columbia: United States. White House Office, 2018), 87.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top