The Terror Experts: Discourse, Discipline, and the Production of Terrorist Subjects at a University Research Center

This thesis examines the production and circulation of discourses related to (counter)terrorism at a university-affiliated terrorism and security studies research center in eastern Massachusetts. Drawing on participant observation, documentary analysis, and interviews with faculty and students at the research center, I suggest that expert discourses of (counter)terrorism at the center traffic in an archetypal construction of the terrorist that I call the “depoliticized radical.” This construction locates the root of terrorism in individual morality and psychology, tending to abstract the terrorist from the political conditions in which they enact violence. I further propose that the depoliticized radical functions as a boundary object in Star and Griesemer’s (1989) conception, serving the interests of both expert regimes that take the terrorist as a subject to be known and counterterror regimes that take the terrorist as a subject to be controlled and/or corrected. Through fine-grained case studies, I track the strategic deployment of the depoliticized radical by different actors at the center within distinctive professional contexts. My discussion of the practices by which actors at the center seek to consolidate their expertise within the contested fields of terrorism studies and security studies draws on and develops Gieryn’s (1983) concept of “boundary-work” as a rhetorical and theatrical strategy for demarcating legitimate from illegitimate knowledges. I conclude by contemplating the political stakes of terrorism expertise as a project of knowledge production that seeks to establish the terrorist as an archetypal subject to be both known and controlled

The Terror Experts: Discourse, Discipline, and the Production of Terrorist Subjects at a University Research Center

This thesis examines the production and circulation of discourses related to (counter)terrorism at a university-affiliated terrorism and security studies research center in eastern Massachusetts. Drawing on participant observation, documentary analysis, and interviews with faculty and students at the research center, I suggest that expert discourses of (counter)terrorism at the center traffic in an archetypal construction of the terrorist that I call the “depoliticized radical.” This construction locates the root of terrorism in individual morality and psychology, tending to abstract the terrorist from the political conditions in which they enact violence. I further propose that the depoliticized radical functions as a boundary object in Star and Griesemer’s (1989) conception, serving the interests of both expert regimes that take the terrorist as a subject to be known and counterterror regimes that take the terrorist as a subject to be controlled and/or corrected. Through fine-grained case studies, I track the strategic deployment of the depoliticized radical by different actors at the center within distinctive professional contexts. My discussion of the practices by which actors at the center seek to consolidate their expertise within the contested fields of terrorism studies and security studies draws on and develops Gieryn’s (1983) concept of “boundary-work” as a rhetorical and theatrical strategy for demarcating legitimate from illegitimate knowledges. I conclude by contemplating the political stakes of terrorism expertise as a project of knowledge production that seeks to establish the terrorist as an archetypal subject to be both known and controlled

Ferocious Logics

Contemporary power manifests in the algorithmic. And yet this power seems incomprehensible: understood as code, it becomes apolitical; understood as a totality, it becomes overwhelming. This book takes an alternate approach, using it to unravel the operations of Uber and Palantir, Airbnb and Amazon Alexa. Moving off the whiteboard and into the world, the algorithmic must negotiate with frictions—the ‘merely’ technical routines of distributing data and running tasks coming together into broader social forces that shape subjectivities, steer bodies, and calibrate relationships. Driven by the imperatives of capital, the algorithmic exhausts subjects and spaces, a double move seeking to both exhaustively apprehend them and exhaust away their productivities. But these on-the-ground encounters also reveal that force is never guaranteed. The irreducibility of the world renders logic inadequate and control gives way to contingency

Ferocious Logics

Contemporary power manifests in the algorithmic. And yet this power seems incomprehensible: understood as code, it becomes apolitical; understood as a totality, it becomes overwhelming. This book takes an alternate approach, using it to unravel the operations of Uber and Palantir, Airbnb and Amazon Alexa. Moving off the whiteboard and into the world, the algorithmic must negotiate with frictions—the ‘merely’ technical routines of distributing data and running tasks coming together into broader social forces that shape subjectivities, steer bodies, and calibrate relationships. Driven by the imperatives of capital, the algorithmic exhausts subjects and spaces, a double move seeking to both exhaustively apprehend them and exhaust away their productivities. But these on-the-ground encounters also reveal that force is never guaranteed. The irreducibility of the world renders logic inadequate and control gives way to contingency

Establishing cyber situational awareness in industrial control systems

The cyber threat to industrial control systems is an acknowledged security issue, but a qualified dataset to quantify the risk remains largely unavailable. Senior executives of facilities that operate these systems face competing requirements for investment budgets, but without an understanding of the nature of the threat cyber security may not be a high priority. Operational managers and cyber incident responders at these facilities face a similarly complex situation. They must plan for the defence of critical systems, often unfamiliar to IT security professionals, from potentially capable, adaptable and covert antagonists who will actively attempt to evade detection. The scope of the challenge requires a coherent, enterprise-level awareness of the threat, such that organisations can assess their operational priorities, plan their defensive posture, and rehearse their responses prior to such an attack. This thesis proposes a novel combination of concepts found in risk assessment, intrusion detection, education, exercising, safety and process models, fused with experiential learning through serious games. It progressively builds a common set of shared mental models across an ICS operation to frame the nature of the adversary and establish enterprise situational awareness that permeates through all levels of teams involved in addressing the threat. This is underpinned by a set of coping strategies that identifies probable targets for advanced threat actors, proactively determining antagonistic courses of actions to derive an appropriate response strategy

Approaching algorithmic power

Contemporary power manifests in the algorithmic. Emerging quite recently as an object of study within media and communications, cultural research, gender and race studies, and urban geography, the algorithm often seems ungraspable. Framed as code, it becomes proprietary property, black-boxed and inaccessible. Framed as a totality, its becomes overwhelmingly complex, incomprehensible in its operations. Framed as a procedure, it becomes a technique to be optimised, bracketing out the political. In struggling to adequately grasp the algorithmic as an object of study, to unravel its mechanisms and materialities, these framings offer limited insight into how algorithmic power is initiated and maintained. This thesis instead argues for an alternative approach: firstly, that the algorithmic is coordinated by a coherent internal logic, a knowledge-structure that understands the world in particular ways; second, that the algorithmic is enacted through control, a material and therefore observable performance which purposively influences people and things towards a predetermined outcome; and third, that this complex totality of architectures and operations can be productively analysed as strategic sociotechnical clusters of machines. This method of inquiry is developed with and tested against four contemporary examples: Uber, Airbnb, Amazon Alexa, and Palantir Gotham. Highly profitable, widely adopted and globally operational, they exemplify the algorithmic shift from whiteboard to world. But if the world is productive, it is also precarious, consisting of frictional spaces and antagonistic subjects. Force cannot be assumed as unilinear, but is incessantly negotiated—operations of parsing data and processing tasks forming broader operations that strive to establish subjectivities and shape relations. These negotiations can fail, destabilised by inadequate logics and weak control. A more generic understanding of logic and control enables a historiography of the algorithmic. The ability to index information, to structure the flow of labor, to exert force over subjects and spaces— these did not emerge with the microchip and the mainframe, but are part of a longer lineage of calculation. Two moments from this lineage are examined: house-numbering in the Habsburg Empire and punch-card machines in the Third Reich. Rather than revolutionary, this genealogy suggests an evolutionary process, albeit uneven, linking the computation of past and present. The thesis makes a methodological contribution to the nascent field of algorithmic studies. But more importantly, it renders algorithmic power more intelligible as a material force. Structured and implemented in particular ways, the design of logic and control construct different versions, or modalities, of algorithmic power. This power is political, it calibrates subjectivities towards certain ends, it prioritises space in specific ways, and it privileges particular practices whilst suppressing others. In apprehending operational logics, the practice of method thus foregrounds the sociopolitical dimensions of algorithmic power. As the algorithmic increasingly infiltrates into and governs the everyday, the ability to understand, critique, and intervene in this new field of power becomes more urgent

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

Evaluation of Efficiency of Cybersecurity

Uurimistöö eesmärgiks on uurida, kuidas tõhus küberjulgeolek on olnud edukas. Uurimistöö kasutab parima võimaliku tulemuse saamiseks mitmesuguseid uurimismeetodeid ja kirjanduse ülevaade on süstemaatiline. Kuid uurimistöö järeldus on see, et uuring ei suuda kinnitada või tagasi lükata peamist töö hüpoteesi. Uuring ei õnnestunud, sest puuduvad korralikud teooriad, mis näitavad ohutuse ja küberjulgeoleku nähtusi ning puuduvad head näitajad, mis annaksid küberohutuse tõhususe kohta kehtivaid ja ratsionaalseid tulemusi, kui hästi on küberkuritegevuse abil õnnestunud küberkuritegevuse tõhusaks võitmiseks ja küberkuritegude tõhusaks vähendamiseks. Seepärast on küberjulgeoleku teadusteooria ja julgeoleku teadusteooria vähearenenud 2018. aastal. Uuringud on teinud küberjulgeoleku ja turvalisuse arendamise põhilisi avastusi. Edasiste põhiuuringute suund on luua üldine turbeteooria, mis kirjeldab ohtlike muutujate ohtlike muutujate kavatsust, ressursse, pädevust ja edusamme ohtlike muutujate ja aksioomide puhul, kus ohtlike muutujate mõõtmisel saab teha selle sisse loodetavas ja teooria kirjeldab, millised on tõhusad meetmed, et vältida ja leevendada ning millised ei ole ja lõpuks kehtestada nõuetekohased mõõdikud, et mõõta turvalisuse ja küberjulgeoleku tõhusust loodetavus ja kehtivusega.The purpose of the thesis is to research how effectively cybersecurity has succeeded on its mission. The thesis used multiple research methods to get best possible answer and the literature review has been systematic. However, the conclusion of the research was that the study is unable to either confirm or reject the main working hypothesis. The study is unable to do it because of the lack of proper theories to describe what are the phenomena in secu-rity and cybersecurity and the lack of proper metrics to give valid and sound conclusion about the effective of cybersecurity and how well have cybersecurity succeed on its mis-sion to effectively prevent and mitigate cybercrime. Therefore, the science of security and science of cybersecurity are underdeveloped in 2018. The research has made basic discov-eries of development of cybersecurity and security. A direction of further basic research is to establish a general theory of security which describes threat variables, threat variables intention, resources, competence and progress of the threat variables and axioms where measurement of threat variables can be made with reliability and the theory would describe which are effective measures to prevent and mitigate and which are not and finally, estab-lish proper metrics to measure efficiency of security and cybersecurity with reliability and validity