Hacking in the university: contesting the valorisation of academic labour

In this article I argue for a different way of understanding the emergence of hacker culture. In doing so, I outline an account of ‘the university’ as an institution that provided the material and subsequent intellectual conditions that early hackers were drawn to and in which they worked. I argue that hacking was originally a form of academic labour that emerged out of the intensification and valorisation of scientific research within the institutional context of the university. The reproduction of hacking as a form of academic labour took place over many decades as academics and their institutions shifted from an ideal of unproductive, communal science to a more productive, entrepreneurial approach to the production of knowledge. As such, I view hacking as a peculiar, historically situated form of labour that arose out of the contradictions of the academy: vocation vs. profession; teaching vs. research; basic vs. applied research; research vs. development; private vs. public; war vs. peace; institutional autonomy vs. state dependence; scientific communalism vs. intellectual property

The Computer Misuse Act 1990: lessons from its past and predictions for its future

The age of the internet has thrown down some real challenges to the Computer Misuse Act 1990. Recently, the Government made changes to this piece of legislation, in an attempt to meet two of those challenges--the proliferation of “ Denial of Service” (DoS) attacks, and the creation and dissemination of “ Hackers' tools” --and to fulfil international commitments on cybercrime. Yet some of these new measures invite criticisms of policy, form and content, and bring doubts about how easy to interpret, and how enforceable, they will be

Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Business strategy and business history : a review and prospectus

School of Managemen

Hacking Health Care: Authentication Security in the Age of Meaningful Use

The rapid adoption of EHRs (Electronic Health Records), to store and communicate highly personal data, raises serious concerns in terms of privacy, security, and civil and criminal liability. This note will examine the current statutory framework for addressing electronic breaches in the health care context, examine the vulnerabilities of EHRs, and look to the established world of online banking for possible legislative and practical solutions to the challenge of keeping private health information private. Finally, this note will propose key amendments to the Health Insurance Portability and Accountability Act (HIPAA) regulations to enhance authentication security

Hacking Health Care: Authentication Security in the Age of Meaningful Use

The rapid adoption of EHRs (Electronic Health Records), to store and communicate highly personal data, raises serious concerns in terms of privacy, security, and civil and criminal liability. This note will examine the current statutory framework for addressing electronic breaches in the health care context, examine the vulnerabilities of EHRs, and look to the established world of online banking for possible legislative and practical solutions to the challenge of keeping private health information private. Finally, this note will propose key amendments to the Health Insurance Portability and Accountability Act (HIPAA) regulations to enhance authentication security

Towards Secure and Safe Appified Automated Vehicles

The advancement in Autonomous Vehicles (AVs) has created an enormous market for the development of self-driving functionalities,raising the question of how it will transform the traditional vehicle development process. One adventurous proposal is to open the AV platform to third-party developers, so that AV functionalities can be developed in a crowd-sourcing way, which could provide tangible benefits to both automakers and end users. Some pioneering companies in the automotive industry have made the move to open the platform so that developers are allowed to test their code on the road. Such openness, however, brings serious security and safety issues by allowing untrusted code to run on the vehicle. In this paper, we introduce the concept of an Appified AV platform that opens the development framework to third-party developers. To further address the safety challenges, we propose an enhanced appified AV design schema called AVGuard, which focuses primarily on mitigating the threats brought about by untrusted code, leveraging theory in the vehicle evaluation field, and conducting program analysis techniques in the cybersecurity area. Our study provides guidelines and suggested practice for the future design of open AV platforms