The link between cyberspace and national security is often presented as an unquestionable and uncontested "truth." However, there is nothing natural or given about this link: It had to be forged, argued, and accepted in the (security) political process. This article explores the constitutive effects of different threat representations in the broader cyber-security discourse. In contrast to previous work on the topic, the focus is not solely on discursive practices by "visible" elite actors, but also on how a variety of less visible actors inside and outside of government shape a reservoir of acceptable threat representations that influence everyday practices of cyber-security. Such an approach allows for a more nuanced understanding of the diverse ways in which cyber-security is presented as a national security issue and of the consequences of particular representations.Matters of cyber-(in)-security-though not always under this name-have been an issue in security politics for at least three decades (Dunn Cavelty 2008).1 As a result, the link between national security and cyberspace has become an uncontested, unshakable "truth" with budgetary and political consequences. However, this link is far more diverse as it is often assumed in the literature. The cybersecurity discourse is about more than one threat form: ranging from computer viruses and other malicious software to cyber-crime activity to the categories of cyber-terror and cyber-war. Each subissue is represented and treated differently in the political process and at different points in time. Consequently, cyber-security policies contain an amalgam of countermeasures, tailored to meet different, and at times conflicting security needs.How these heterogeneous political manifestations are linked to different threat representations-ways to depict what counts as a threat or risk-is the focus of this article. Importantly, and in contrast to most of the other research on the subject, this paper therefore focuses on cyber-security comprehensively, 2 rather than looking at discourse in subcategories like cyber-crime, cyber-terrorism, or cyber- . I would like to thank the participants at these events as well as three anonymous reviewers and the editors of this special issue for their valuable comments.2 I understand cyber-security policy to be the set of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access, in accordance with the common information security goals: the protection of confidentiality, integrity, and availability of information.