Framing and Reframing Cyber Security: A view from Colombia

Academic literature on cyber security in Latin America is generally scarce, with most research focusing on the major cyber powers. The few studies that do exist compare regional counterparts or more technologically advanced states, and little attention is paid to how cyber security intersects with historical, political, economic, cultural, and security contexts. By using Colombia as a case study, this research interrogates how a developing and post-conflict country has negotiated its cyber security approaches and priorities. The thesis questions Colombia’s approach to national cyber security “policy framing” since 2011, and in doing so, highlights how contested meanings and practices have been negotiated among different stakeholders.

The research involved conducting semi-structured interviews with stakeholders from government, defence, civil society, academia, and the private sector. This was accompanied by an interrogation of primary sources such as policy documents, expert commentary, conference proceedings, and social media posts. Policy framing was found to have played an important role in narrowing the scope of actions outlined in policy documents, enabling and sustaining particular narratives about cyber security in the public debate, and contributing to the way Colombia positioned itself regionally. The research also revealed how cyber security and security policy have been decoupled at the strategic level, challenging existing understandings of how the country’s conflict legacies have permeated security policy. This signals that Colombia is seeking to counter prevailing security dynamics, leading to policymakers being more open to integrating digital rights with cyber policy. Finally, the research also identified four key factors that have driven the post-2011 development of cyber security policy in Colombia: institutional and structural realities, international organisations and Colombia’s positioning on the global stage, the role of civil society, and the role of domestic politics. The thesis concludes by exposing how these rationales shape and frame policy decisions and anticipate factors that are likely to shape cyber security policy in Colombia and analogous mid-income states.