(In)visible Ghosts in the Machine and the Powers that Bind: The Relational Securitization of Anonymous

This paper analyzes the formation and subsequent securitization of the digital protest movement Anonymous, highlighting the emergence of social antagonists from communication itself. In contrast to existing approaches that implicitly or explicitly conceptualize Othering (and securitization) as unidirectional process between (active) sender and (passive) receiver, an approach that is based on communication gives the "threat” a voice of its own. The concept proposed in this paper focuses on "designations” as communicating rules and attributes with regard to a government object. It delineates how designations give rise to the visibility of political entities and agency in the first place. Applying this framework, we can better understand the movement's path from a bunch of anonymous individuals to the collectivity "Anonymous,” posing a threat to certain bases of the state's ontological existence, its prerogative to secrecy, and challenging its claim to unrestrained surveillance. At the same time, the state's bases are implicated and reproduced in the way this conflict is constructed. The conflict not only (re)produces and makes visible "the state” as a social entity, but also changes or at least challenges the self-same entity's agency and legitimacy. Such a relational approach allows insights into conflict formation as dynamic social proces

Making cyber security more resilient: adding social considerations to technological fixes

How can a focus on socio-technical vulnerability and uncertainty make cyber security more resilient? In this article, we provide a conceptual discussion of how to increase cyber resilience. First, we show how cyber security and resilience thinking co-evolved through their connection to critical infrastructures, and how the ensuing dominant technical focus inevitably always falls short due to the diverse societal values that underpin their critical social functions. We argue that a sole focus on aggregate systems neglects the important differences in how cyber threats are experienced and dealt with by individuals. Second, we draw on insights from social resilience and disaster management literature to establish a better link between individuals and cyber systems. We focus on two key aspects of cyber security that highlight its social nature: vulnerability and uncertainty. Instead of thinking of cyber security as a “technical problem + humans,” we suggest cyber security should be conceptualized as a “social problem + technology.” We conclude by highlighting three ways forward for researchers, policymakers, and practitioners: interdisciplinary research, public debate about a set of normative questions, and the need for an uncertainty discourse in politics and policymaking

Cybersecurity Research Meets Science and Technology Studies

This article sets out to show how different understandings of technology as suggested by Science and Technology Studies (STS) help reveal different political facets of cybersecurity. Using cybersecurity research as empirical site, it is shown that two separate ways of understanding cybertechnologies are prevalent in society. The primary one sees cybertechnologies as apolitical, flawed, material objects that need to be fixed in order to create more security; the other understands them as mere political tools in the hands of social actors without considering technological (im)possibilities. This article suggests a focus on a third understanding to bridge the uneasy gap between the two others: technology defined as an embodiment of societal knowledge. The article posits that in line with that, the study of cyberpolitics would benefit from two innovations: a focus on cybersecurity as social practice―enacted and stabilized through the circulation of knowledge about vulnerabilities―and a focus on the practices employed in the discovery, exploitation and removal of those vulnerabilities

Breaking the Cyber-Security Dilemma: Aligning Security Needs and Removing Vulnerabilities

Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its” security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings

La cartographie de crise : le phénomène et son utilité

Myriam Dunn Cavelty et Jennifer Giroux sont expertes au sein du Center for Security Studies (CSS), à Zurich. Cet article est paru dans la revue Politique de sécurité : analyses du CSS, n° 103, novembre 2011). Nous le reproduisons ici avec l’aimable autorisation de ses auteurs et du CSS.  Le séisme de 2010 en Haïti a fait la une des journaux internationaux. Le rôle important joué par le crisis mapping dans la gestion de cette catastrophe est moins connu. Des volontaires et des victimes ont recueilli des informations, les ont combinées avec des photos satellites et ont ainsi créé une carte dynamique de la crise d’une grande utilité pour les victimes et les secours. Les acteurs étatiques devraient intensifier l’analyse de ce phénomène pour mieux comprendre la meilleure manière de l’utiliser pour gérer les catastrophes et d’encourager son utilisation

La cartographie de crise : le phénomène et son utilité

Myriam Dunn Cavelty et Jennifer Giroux sont expertes au sein du Center for Security Studies (CSS), à Zurich. Cet article est paru dans la revue Politique de sécurité : analyses du CSS, n° 103, novembre 2011). Nous le reproduisons ici avec l’aimable autorisation de ses auteurs et du CSS.  Le séisme de 2010 en Haïti a fait la une des journaux internationaux. Le rôle important joué par le crisis mapping dans la gestion de cette catastrophe est moins connu. Des volontaires et des victimes ont recueilli des informations, les ont combinées avec des photos satellites et ont ainsi créé une carte dynamique de la crise d’une grande utilité pour les victimes et les secours. Les acteurs étatiques devraient intensifier l’analyse de ce phénomène pour mieux comprendre la meilleure manière de l’utiliser pour gérer les catastrophes et d’encourager son utilisation

The EU as a coherent (cyber)security actor?

The last three decades have seen the development of the European Union (EU) as a security actor. The transnational character of the security threats and the challenges identified by the EU have led to progressive integration between internal and external security concerns. These concerns have often led to calls for greater coherence within EU security policies. The literature, however, indicates that this need for coherence has, so far, not been systematically operationalized, leading to a fragmented security field. This article has two main aims: To devise a framework for the analysis of the EU's coherence as a security actor, and to apply it to the cybersecurity field. By focusing on EU cybersecurity policy, this article will explore whether the EU can be considered a coherent actor in this field or whether this policy is being implemented according to different and unco-ordinated rationales

Cybersecurity and the politics of knowledge production: towards a reflexive practice

How does a reflexive scholarly practice matter for producing useful cybersecurity knowledge and policy? We argue that staking relevance without engaging in reflexivity diminishes the usefulness of knowledge produced both in academia and in policy. To advance a reflexive research agenda in cybersecurity, this forum offers a collective interrogation of the liminal positionality of the cybersecurity scholar. We examine the politics of ‘the making of’ cybersecurity expertise as knowledge practitioners who are located across and in between the diverse and overlapping fields of academia, diplomacy and policy. Cybersecurity expertise, and the practices of the cybersecurity epistemic community more broadly, rely heavily on the perceived applicability and actionability of knowledge outputs, on the practical dependency on policy practitioners regarding access, and thus on the continuous negotiation of hierarchies of knowledge. Participants in this forum reflect on their research practice of negotiating such dilemmas. Collectively, we draw on these contributions to identify obstacles and opportunities towards realising a reflexive research practice in cybersecurity

Preparing for disaster: a comparative analysis of education for critical infrastructure collapse

This article explores policy approaches to educating populations for potential critical infrastructure collapse in five different countries: the UK, the US, Germany, Japan and New Zealand. ‘Critical infrastructure’ is not always easy to define, and indeed is defined slightly differently across countries – it includes entities vital to life, such as utilities (water, energy), transportation systems and communications, and may also include social and cultural infrastructure. The article is a mapping exercise of different approaches to critical infrastructure protection and preparedness education by the five countries. The exercise facilitates a comparison of the countries and enables us to identify distinctive characteristics of each country’s approach. We argue that contrary to what most scholars of security have argued, these national approaches diverge greatly, suggesting that they are shaped more by internal politics and culture than by global approaches

The Role of For-Profit Actors in Implementing Targeted Sanctions:The Case of the European Union

The evolution of sanctions from comprehensive to targeted has favored the inclusion of for-profit actors in the policy process. Sanctions are used to deal with security challenges and while the role of for-profit actors in the provision of public goods has been investigated, less has been said about their role in the provision of security. This chapter investigates the role of for-profit actors in the implementation of sanctions. More specifically, this chapter suggests a typology of regulatory environments that facilitates explaining and understanding the behavior of for-profit actors in implementing targeted sanctions. By looking at the quality of instructions provided by state authorities and their capacity to monitor the implementation of such decisions, the chapter argues that overcompliance, uneven and lack of compliance are more likely in certain regulatory environments rather than in others. The theoretical framework is tested on the case study of the restrictive measures of the EU. The data for this research was collected through semi-opened interviews and focus groups held in Brussels from 2013 to 2015