115 research outputs found
The Terror Experts: Discourse, Discipline, and the Production of Terrorist Subjects at a University Research Center
This thesis examines the production and circulation of discourses related to (counter)terrorism at a university-affiliated terrorism and security studies research center in eastern Massachusetts. Drawing on participant observation, documentary analysis, and interviews with faculty and students at the research center, I suggest that expert discourses of (counter)terrorism at the center traffic in an archetypal construction of the terrorist that I call the âdepoliticized radical.â This construction locates the root of terrorism in individual morality and psychology, tending to abstract the terrorist from the political conditions in which they enact violence. I further propose that the depoliticized radical functions as a boundary object in Star and Griesemerâs (1989) conception, serving the interests of both expert regimes that take the terrorist as a subject to be known and counterterror regimes that take the terrorist as a subject to be controlled and/or corrected. Through fine-grained case studies, I track the strategic deployment of the depoliticized radical by different actors at the center within distinctive professional contexts. My discussion of the practices by which actors at the center seek to consolidate their expertise within the contested fields of terrorism studies and security studies draws on and develops Gierynâs (1983) concept of âboundary-workâ as a rhetorical and theatrical strategy for demarcating legitimate from illegitimate knowledges. I conclude by contemplating the political stakes of terrorism expertise as a project of knowledge production that seeks to establish the terrorist as an archetypal subject to be both known and controlled
The Terror Experts: Discourse, Discipline, and the Production of Terrorist Subjects at a University Research Center
This thesis examines the production and circulation of discourses related to (counter)terrorism at a university-affiliated terrorism and security studies research center in eastern Massachusetts. Drawing on participant observation, documentary analysis, and interviews with faculty and students at the research center, I suggest that expert discourses of (counter)terrorism at the center traffic in an archetypal construction of the terrorist that I call the âdepoliticized radical.â This construction locates the root of terrorism in individual morality and psychology, tending to abstract the terrorist from the political conditions in which they enact violence. I further propose that the depoliticized radical functions as a boundary object in Star and Griesemerâs (1989) conception, serving the interests of both expert regimes that take the terrorist as a subject to be known and counterterror regimes that take the terrorist as a subject to be controlled and/or corrected. Through fine-grained case studies, I track the strategic deployment of the depoliticized radical by different actors at the center within distinctive professional contexts. My discussion of the practices by which actors at the center seek to consolidate their expertise within the contested fields of terrorism studies and security studies draws on and develops Gierynâs (1983) concept of âboundary-workâ as a rhetorical and theatrical strategy for demarcating legitimate from illegitimate knowledges. I conclude by contemplating the political stakes of terrorism expertise as a project of knowledge production that seeks to establish the terrorist as an archetypal subject to be both known and controlled
Ferocious Logics
Contemporary power manifests in the algorithmic. And yet this power seems incomprehensible: understood as code, it becomes apolitical; understood as a totality, it becomes overwhelming. This book takes an alternate approach, using it to unravel the operations of Uber and Palantir, Airbnb and Amazon Alexa. Moving off the whiteboard and into the world, the algorithmic must negotiate with frictionsâthe âmerelyâ technical routines of distributing data and running tasks coming together into broader social forces that shape subjectivities, steer bodies, and calibrate relationships. Driven by the imperatives of capital, the algorithmic exhausts subjects and spaces, a double move seeking to both exhaustively apprehend them and exhaust away their productivities. But these on-the-ground encounters also reveal that force is never guaranteed. The irreducibility of the world renders logic inadequate and control gives way to contingency
Ferocious Logics
Contemporary power manifests in the algorithmic. And yet this power seems incomprehensible: understood as code, it becomes apolitical; understood as a totality, it becomes overwhelming. This book takes an alternate approach, using it to unravel the operations of Uber and Palantir, Airbnb and Amazon Alexa. Moving off the whiteboard and into the world, the algorithmic must negotiate with frictionsâthe âmerelyâ technical routines of distributing data and running tasks coming together into broader social forces that shape subjectivities, steer bodies, and calibrate relationships. Driven by the imperatives of capital, the algorithmic exhausts subjects and spaces, a double move seeking to both exhaustively apprehend them and exhaust away their productivities. But these on-the-ground encounters also reveal that force is never guaranteed. The irreducibility of the world renders logic inadequate and control gives way to contingency
Establishing cyber situational awareness in industrial control systems
The cyber threat to industrial control systems is an acknowledged security issue, but a
qualified dataset to quantify the risk remains largely unavailable. Senior executives of
facilities that operate these systems face competing requirements for investment budgets,
but without an understanding of the nature of the threat cyber security may not
be a high priority. Operational managers and cyber incident responders at these facilities
face a similarly complex situation. They must plan for the defence of critical
systems, often unfamiliar to IT security professionals, from potentially capable, adaptable
and covert antagonists who will actively attempt to evade detection. The scope
of the challenge requires a coherent, enterprise-level awareness of the threat, such that
organisations can assess their operational priorities, plan their defensive posture, and
rehearse their responses prior to such an attack.
This thesis proposes a novel combination of concepts found in risk assessment,
intrusion detection, education, exercising, safety and process models, fused with experiential
learning through serious games. It progressively builds a common set of shared
mental models across an ICS operation to frame the nature of the adversary and establish
enterprise situational awareness that permeates through all levels of teams involved
in addressing the threat. This is underpinned by a set of coping strategies that identifies
probable targets for advanced threat actors, proactively determining antagonistic
courses of actions to derive an appropriate response strategy
Approaching algorithmic power
Contemporary power manifests in the algorithmic. Emerging quite recently as an object of study within media and communications, cultural research, gender and race studies, and urban geography, the algorithm often seems ungraspable. Framed as code, it becomes proprietary property, black-boxed and inaccessible. Framed as a totality, its becomes overwhelmingly complex, incomprehensible in its operations. Framed as a procedure, it becomes a technique to be optimised, bracketing out the political. In struggling to adequately grasp the algorithmic as an object of study, to unravel its mechanisms and materialities, these framings offer limited insight into how algorithmic power is initiated and maintained. This thesis instead argues for an alternative approach: firstly, that the algorithmic is coordinated by a coherent internal logic, a knowledge-structure that understands the world in particular ways; second, that the algorithmic is enacted through control, a material and therefore observable performance which purposively influences people and things towards a predetermined outcome; and third, that this complex totality of architectures and operations can be productively analysed as strategic sociotechnical clusters of machines. This method of inquiry is developed with and tested against four contemporary examples: Uber, Airbnb, Amazon Alexa, and Palantir Gotham. Highly profitable, widely adopted and globally operational, they exemplify the algorithmic shift from whiteboard to world. But if the world is productive, it is also precarious, consisting of frictional spaces and antagonistic subjects. Force cannot be assumed as unilinear, but is incessantly negotiatedâoperations of parsing data and processing tasks forming broader operations that strive to establish subjectivities and shape relations. These negotiations can fail, destabilised by inadequate logics and weak control. A more generic understanding of logic and control enables a historiography of the algorithmic. The ability to index information, to structure the flow of labor, to exert force over subjects and spacesâ these did not emerge with the microchip and the mainframe, but are part of a longer lineage of calculation. Two moments from this lineage are examined: house-numbering in the Habsburg Empire and punch-card machines in the Third Reich. Rather than revolutionary, this genealogy suggests an evolutionary process, albeit uneven, linking the computation of past and present. The thesis makes a methodological contribution to the nascent field of algorithmic studies. But more importantly, it renders algorithmic power more intelligible as a material force. Structured and implemented in particular ways, the design of logic and control construct different versions, or modalities, of algorithmic power. This power is political, it calibrates subjectivities towards certain ends, it prioritises space in specific ways, and it privileges particular practices whilst suppressing others. In apprehending operational logics, the practice of method thus foregrounds the sociopolitical dimensions of algorithmic power. As the algorithmic increasingly infiltrates into and governs the everyday, the ability to understand, critique, and intervene in this new field of power becomes more urgent
Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -
The Internet today provides the environment for novel applications and
processes which may evolve way beyond pre-planned scope and
purpose. Security analysis is growing in complexity with the increase
in functionality, connectivity, and dynamics of current electronic
business processes. Technical processes within critical
infrastructures also have to cope with these developments. To tackle
the complexity of the security analysis, the application of models is
becoming standard practice. However, model-based support for security
analysis is not only needed in pre-operational phases but also during
process execution, in order to provide situational security awareness
at runtime.
This cumulative thesis provides three major contributions to modelling
methodology.
Firstly, this thesis provides an approach for model-based analysis and
verification of security and safety properties in order to support
fault prevention and fault removal in system design or redesign.
Furthermore, some construction principles for the design of
well-behaved scalable systems are given.
The second topic is the analysis of the exposition of vulnerabilities
in the software components of networked systems to exploitation by
internal or external threats. This kind of fault forecasting allows
the security assessment of alternative system configurations and
security policies. Validation and deployment of security policies
that minimise the attack surface can now improve fault tolerance and
mitigate the impact of successful attacks.
Thirdly, the approach is extended to runtime applicability. An
observing system monitors an event stream from the observed system
with the aim to detect faults - deviations from the specified
behaviour or security compliance violations - at runtime.
Furthermore, knowledge about the expected behaviour given by an
operational model is used to predict faults in the near
future. Building on this, a holistic security management strategy is
proposed. The architecture of the observing system is described and
the applicability of model-based security analysis at runtime is
demonstrated utilising processes from several industrial scenarios.
The results of this cumulative thesis are provided by 19 selected
peer-reviewed papers
Evaluation of Efficiency of Cybersecurity
Uurimistöö eesmĂ€rgiks on uurida, kuidas tĂ”hus kĂŒberjulgeolek on olnud edukas. Uurimistöö kasutab parima vĂ”imaliku tulemuse saamiseks mitmesuguseid uurimismeetodeid ja kirjanduse ĂŒlevaade on sĂŒstemaatiline. Kuid uurimistöö jĂ€reldus on see, et uuring ei suuda kinnitada vĂ”i tagasi lĂŒkata peamist töö hĂŒpoteesi. Uuring ei Ă”nnestunud, sest puuduvad korralikud teooriad, mis nĂ€itavad ohutuse ja kĂŒberjulgeoleku nĂ€htusi ning puuduvad head nĂ€itajad, mis annaksid kĂŒberohutuse tĂ”hususe kohta kehtivaid ja ratsionaalseid tulemusi, kui hĂ€sti on kĂŒberkuritegevuse abil Ă”nnestunud kĂŒberkuritegevuse tĂ”husaks vĂ”itmiseks ja kĂŒberkuritegude tĂ”husaks vĂ€hendamiseks. SeepĂ€rast on kĂŒberjulgeoleku teadusteooria ja julgeoleku teadusteooria vĂ€hearenenud 2018. aastal. Uuringud on teinud kĂŒberjulgeoleku ja turvalisuse arendamise pĂ”hilisi avastusi. Edasiste pĂ”hiuuringute suund on luua ĂŒldine turbeteooria, mis kirjeldab ohtlike muutujate ohtlike muutujate kavatsust, ressursse, pĂ€devust ja edusamme ohtlike muutujate ja aksioomide puhul, kus ohtlike muutujate mÔÔtmisel saab teha selle sisse loodetavas ja teooria kirjeldab, millised on tĂ”husad meetmed, et vĂ€ltida ja leevendada ning millised ei ole ja lĂ”puks kehtestada nĂ”uetekohased mÔÔdikud, et mÔÔta turvalisuse ja kĂŒberjulgeoleku tĂ”husust loodetavus ja kehtivusega.The purpose of the thesis is to research how effectively cybersecurity has succeeded on its mission. The thesis used multiple research methods to get best possible answer and the literature review has been systematic. However, the conclusion of the research was that the study is unable to either confirm or reject the main working hypothesis. The study is unable to do it because of the lack of proper theories to describe what are the phenomena in secu-rity and cybersecurity and the lack of proper metrics to give valid and sound conclusion about the effective of cybersecurity and how well have cybersecurity succeed on its mis-sion to effectively prevent and mitigate cybercrime. Therefore, the science of security and science of cybersecurity are underdeveloped in 2018. The research has made basic discov-eries of development of cybersecurity and security. A direction of further basic research is to establish a general theory of security which describes threat variables, threat variables intention, resources, competence and progress of the threat variables and axioms where measurement of threat variables can be made with reliability and the theory would describe which are effective measures to prevent and mitigate and which are not and finally, estab-lish proper metrics to measure efficiency of security and cybersecurity with reliability and validity
- âŠ