Cyber security is seen as one of the most pressing national security issues of our time. Due to sophisticated and highly publicised cyber attacks, it is increasingly framed as a strategic military concern and many states have or at least want to acquire offensive cyber “weapons”. Particular ways of framing threats are not only a matter of choice but also come with political and social effects. Directing on the strategic-military aspects of cyber security translates to subjecting it to the rules of an antagonistic zero-sum game, in which one faction’s gain is another faction’s loss. This invokes enemy images even though there is no identifiable enemy, centres too strongly on national security measures instead of economic and business solutions, and wrongly suggests that states can establish control over cyberspace. This creates an unnecessary atmosphere of insecurity and tension in the international system – one that is based on misperceptions of the nature and level of cyber risk and on the feasibility of different protection measures in a world characterised by complex, interdependent risk. While it is undisputed that the cyber dimension will play a substantial role in future conflicts of all grades and shades, threat-representations must remain well informed and well balanced at all times in order to rule out policy reactions with unnecessary costs and uncertain benefits. Due to the proliferation of sophisticated cyber incidents and intensifying media attention over cyberspace and its militarization over the last few years, cyber security issues have moved in two directions: upwards, from the expert level to executive decision-makers and politicians; and horizontally, advancing from mainly being an issue of relevance to the US to one that is at the top of the threat list of more and more countries. On the national level, governments of India, France, Germany, Switzerland, the Netherlands, the United Kingdom and the United States have released or updated cyber security strategies in 2011. Internationally, there is heightened attention on the strategic-military aspects of the problem – indicated by the growing number of conferences that address the issue, efforts to obtain offensive capabilities, and attempts to come to an international agreement on the military (mis)use of cyberspace. Though the heightened attention on cyber threats coupled with the overall sense of urgency to find viable political solutions could easily create the impression that policy-makers are confronted with an altogether ‘new’ issue, the current episode is just the latest development in the three to four decade long history of cyber threats. From the very beginning of the cyber threat story in the 1980s, there was a national security connotation to it (Dunn Cavelty 2008). However, that particular focus has intensified over the years, in parallel to society’s increasing ‘cyberification’ and the overall impression that cyber incidents are becoming more frequent, more organised, more costly, and altogether more dangerous.The establishment of cyber threats as a focal point of the current national security debate amongst Western states can be seen as a confluence of two interlinked and mutually reinforcing factors: the perception that modern societies are exposed to an ever-increasing number of potentially catastrophic vulnerabilities (Furedi 2008), and the perception of an increasing willingness of dangerous actors to ruthlessly exploit these vulnerabilities. This pervasive sense of vulnerability comes with a heightened sense of dread and urgency; and has led to a propensity to ‘militarise’ the cyber security debate.2 The (unintended side) effects of this particular threat framing are the focus of this paper. The aim is to show that particular ways of framing threats or risks are not only a matter of choice (within certain boundaries) but also come with political and social effects. Zooming in on the strategic-military aspects of cyber security means subjecting it to the rules of an antagonistic zero-sum game, in which one party’s gain is another party’s loss. This invokes images of a supposed adversary even though there is no identifiable enemy, is too strongly focused on national security measures instead of economic and business solutions, and wrongly suggests that states can establish control over cyberspace. In all, this creates an unnecessary atmosphere of insecurity and tension in the international system, which is based on misperceptions of the nature and level of cyber risk and on the feasibility of different protection measures in a world characterised by complex, interdependent risk. To make this argument, the paper first describes three alternative ways of framing cyber security. This includes looking back to the 1990s when a well-balanced set of policy-responses took shape that were characterised mainly by a focus on the protection of critical infrastructures by technical means and a limited role of the military. The second subchapter examines recent developments and occurrences (spearheaded by Stuxnet, the Industry-sabotaging super-worm) that have given rise to an increasing focus on and attempts to acquire offensive cyber means. The third section critically assesses both the underlying assumptions behind this trend and the detrimental effects it has on the overall level of security. It is suggested that moving away from the propensity to think about worst-case scenarios and focusing on everyday occurrences like cyber crime and cyber espionage is the solution. The chapter concludes by arguing that military countermeasures will not be able to play a significant role in cyber security due to the nature of the information environment as well as the nature of the threat.