Logo: to the web site of the Swedish Defence University

This thesis approaches the EU’s cybersecurity discourse from a feminist angle, using a theoretical perspective based on feminist institutionalism and path dependence. The aim is to explore what conceptual logics make it possible for the EU to conceptualise cybersecurity and -crime “problems” in a genderblind way. Making use of Carol Bacchi’s post-structural policy analysis “What is the Problem Represented to Be?” I conduct an analysis of the EU’s cybercrime institutions, focusing on the main EU cybercrime organisation – the EC3. Through analyses of relevant EU and EC3 texts, I find that the EU’s cybercrime institutions are marked by a masculinised way of thinking about cybersecurity and -crime issues, mainly derived from traditional security discourse, which has created path dependence for how cybersecurity and - crime can be understood. Four logics are identified: the control of cyberspace logic which positions cyberspace as the referent object of security; a technical logic which proposes that the risks faced by individuals and societies can be mitigated by increasing the security of ICT products, processes and services; the vulnerability of children logic which constructs children as a vulnerable group whose victimisation is morally necessary to counter; and the end-user responsibility logic which assumes that some forms of issues are best countered by changing the behaviour of the victims. These logics in different ways make the incorporation of a gender perspective more difficult.