![]() ![]() To fill this gap, more recent scholarly contributions have shifted from human discourses towards a study of materiality in analysing cybersecurity practices. Such an approach is insufficient in studying the complex operations of cyber incidents in which the agency of malware challenges human intentionality and control, and ultimately produces unpredictable and unintended consequences, as in the case of WannaCry and NotPetya. If security is assumed to be discursively constructed, and if discourse is a function of the human actor, then the ability to act and influence security ultimately resides in humans. Footnote 6 Although these studies generate a conceptually far more sophisticated approach than the overwhelmingly policy-oriented cybersecurity literature, they do not sufficiently capture the non-discursive materiality of cyber incidents that goes beyond human agency and rhetoric. ![]() This anthropocentrism is reflected in the considerable number of literature that approaches the sociopolitical construction of cybersecurity as a function of human discourses and threat representations through linguistic and discursive analysis. Importantly, these and other examples challenge the anthropocentric theoretical approaches to the study of cybersecurity, which tie the capacity to act to human subjectivity and overlook the role of the non-human in co-constructing its own (in)security. So the two biggest incidents that we faced early on were both basically accidents.’ Footnote 4 These two examples, thus, showcase the significance of autonomous cyber attacks that, even if targeted, may spread in ways that are unpredictable by their initiators, causing haphazard disruption at scale and putting individuals and businesses at the forefront of geopolitical conflicts. Footnote 3 As argued by Ciaran Martin, the former head of the UK's National Cyber Security Centre (NCSC): ‘WannaCry and NotPetya were deliberate attacks, but their impact on the UK and allied countries was accidental. ![]() Footnote 2 On the other hand, NotPetya was not primarily financially motivated it was allegedly launched by the Russian government in order to disrupt financial, energy, and government institutions in Ukraine. Although WannaCry was not specifically targeted at the health sector, the National Health Services (NHS) in the UK was significantly hit by it, leading to widespread discussions on the importance and complexities of cybersecurity in healthcare. As such, both incidents raised scholarly and policy concerns about the unintended consequences of cyber attacks. Footnote 1 In both incidents, a self-propagating malicious software (malware) spread itself automatically among information systems, encrypting data on vulnerable computers and demanding ransom payments. Two of the most high-profile operations in the last few years were the WannaCry ransomware, which affected more than 200,000 computers in 150 countries, and NotPetya, considered the costliest cyber attack in history with an estimated loss of 10 billion dollars. ![]() Hostile cyber operations have been growing exponentially in both number and sophistication ranging from those conducted by non-state actors to state-backed cyber attacks. Emergence is introduced in the article as a non-linear security logic that captures the peculiar agential capacities of codes/software and the ways in which they challenge human control and intentionality by co-constructing enmity and by co-producing the subjects and objects of cybersecurity. It specifically studies the complexities of codes/software as informational agents, their self-organising capacities, and their autonomous properties to develop an understanding of cybersecurity as emergent security. Using interdisciplinary insights from the philosophy of information and software studies, the article counters the anthropocentrism in the cybersecurity literature by investigating the agency of syntactic information (that is, codes/software) in co-producing the logics and politics of cybersecurity. This article argues that such approaches are insufficient in capturing the complexities of cyber incidents, particularly those that involve self-perpetuating malware and autonomous cyber attacks that can produce unintentional and unpredictable consequences. Many theoretical approaches to cybersecurity adopt an anthropocentric conceptualisation of agency that is, tying the capacity to act to human subjectivity and disregarding the role of the non-human in co-constructing its own (in)security. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |