This chapter examines the implications of cyber-security for national security. It first provides the necessary technical background on why the information infrastructure is inherently insecure, how computer vulnerabilities are conceptualized, who can exploit them, and how. In particular, it considers definitions and concepts relevant to information security, such as cyberspace, Big Data, and hacking. It then describes three interconnected cyber-security discourses: the first is about computer viruses and worms; the second deals with the interrelationship between cyber-crime and cyber-espionage; the third is concerned with the double-edged sword of fighting wars in the information domain and the need for critical infrastructure protection. Based on this, the chapter evaluates a range of protection measures from each of the three discourses. It concludes by suggesting that the level of cyber-risk is generally exaggerated.