Hostname: page-component-586b7cd67f-tf8b9 Total loading time: 0 Render date: 2024-11-25T23:00:36.488Z Has data issue: false hasContentIssue false

The non-anthropocentric informational agents: Codes, software, and the logic of emergence in cybersecurity

Published online by Cambridge University Press:  27 December 2021

Noran Shafik Fouad*
Affiliation:
Blavatnik School of Government, University of Oxford, Oxford, United Kingdom
*
*Corresponding author. Email: [email protected]

Abstract

Many theoretical approaches to cybersecurity adopt an anthropocentric conceptualisation of agency; that is, tying the capacity to act to human subjectivity and disregarding the role of the non-human in co-constructing its own (in)security. This article argues that such approaches are insufficient in capturing the complexities of cyber incidents, particularly those that involve self-perpetuating malware and autonomous cyber attacks that can produce unintentional and unpredictable consequences. Using interdisciplinary insights from the philosophy of information and software studies, the article counters the anthropocentrism in the cybersecurity literature by investigating the agency of syntactic information (that is, codes/software) in co-producing the logics and politics of cybersecurity. It specifically studies the complexities of codes/software as informational agents, their self-organising capacities, and their autonomous properties to develop an understanding of cybersecurity as emergent security. Emergence is introduced in the article as a non-linear security logic that captures the peculiar agential capacities of codes/software and the ways in which they challenge human control and intentionality by co-constructing enmity and by co-producing the subjects and objects of cybersecurity.

Type
Research Article
Copyright
Copyright © The Author(s), 2021. Published by Cambridge University Press on behalf of the British International Studies Association

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

1 Kaspersky, ‘Top 5 Most Notorious Cyberattacks’ (6 November 2018), available at: {https://www.kaspersky.com/blog/five-most-notorious-cyberattacks/24506/}.

2 Ehrenfeld, Jesse M., ‘Wannacry, cybersecurity and health information technology: A time to act’, Journal of Medical Systems, 41:7 (2017), p. 104CrossRefGoogle ScholarPubMed.

3 For more information on NotPetya, see Andy Greenberg, ‘The untold story of NotPetya, the most devastating cyberattack in history’, WIRED (22 August 2018), available at: {https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/} accessed 1 October 2021.

4 Ross Kelly, ‘Ciaran Martin: Emerging cyber threats and their unintended consequences’, DIGIT (7 October 2020), available at: {https://digit.fyi/ciaran-martin-ncsc-unintended-consequences-cybersecurity/} accessed 29 November 2021.

5 Ben Buchanan, The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics (Cambridge, MA: Harvard University Press, 2020), pp. 280–90.

6 See, for example, David J. Betz and Tim Stevens, ‘Analogical reasoning and cyber security’, Security Dialogue, 44:2 (2013), pp. 147–64; Emerson, R. Guy, ‘Limits to a cyber-threat’, Contemporary Politics, 22:2 (2016), pp. 178–96CrossRefGoogle Scholar; Lee Jarvis, Stuart Macdonald, and Andrew Whiting, ‘Analogy and authority in cyberterrorism discourse: An analysis of global news media coverage’, Global Society, 30:4 (2016), pp. 605–23; Ralf Bendrath, Johan Eriksson, and Giampiero Giacomello, ‘From “cyberterrorism” to “cyberwar”, back and forth: How the United States securitized cyberspace’, in J. Eriksson and G. Giacomello (eds), International Relations and Security in the Digital Age (London, UK: Routledge, 2007), pp. 57–82; Myriam Dunn Cavelty, Cyber-Security and Threat Politics: US Efforts to Secure the Information Age, CSS Studies in Security and International Relations (London, UK: Routledge, 2008); Cavelty, Myriam Dunn, ‘Cyber-terror: Looming threat or phantom menace? The framing of the US cyber-threat debate’, Journal of Information Technology & Politics, 4:1 (2008), pp. 1936CrossRefGoogle Scholar; Eriksson, Johan, ‘Cyberplagues, IT, and security: Threat politics in the information age’, Journal of Contingencies and Crisis Management, 9:4 (2001), pp. 200–10CrossRefGoogle Scholar; Lene Hansen and Helen Nissenbaum, ‘Digital disaster, cyber security, and the Copenhagen School’, International Studies Quarterly, 53:4 (2009), pp. 1155–75.

7 Tim Stevens, Cyber Security and the Politics of Time (New York, NY: Cambridge University Press, 2015).

8 Jacobsen, Jeppe T., ‘Lacan in the US cyber defence: Between public discourse and transgressive practice’, Review of International Studies, 46:5 (2020), pp. 613–31CrossRefGoogle Scholar; Collier, Jamie, ‘Cyber security assemblages: A framework for understanding the dynamic and contested nature of security provision’, Politics and Governance, 6:2 (2018), pp. 1321CrossRefGoogle Scholar; Stevens, Clare, ‘Assembling cybersecurity: The politics and materiality of technical malware reports and the case of Stuxnet’, Contemporary Security Policy, 41:1 (2020), pp. 129–52CrossRefGoogle Scholar; Florian J. Egloff and Myriam Dunn Cavelty, ‘Attribution and knowledge creation assemblages in cybersecurity politics’, Journal of Cybersecurity, 7:1 (2021), pp. 1–12.

9 Thierry Balzacq and Myriam Dunn Cavelty, ‘A theory of actor-network for cyber-security’, European Journal of International Security, 1:2 (2016), pp. 176–98; Andrew C. Dwyer, ‘Cybersecurity's grammars: A more-than-human geopolitics of computation’, Area (2021), pp. 1–18.

10 Though the article is combining codes and software in its focus on syntactic information, there are analytical differences between the two. Codes are textual artefacts that specify certain instructions that digital devices have to follow to perform their designated tasks. Software, on the other hand, transform static codes into processual programs through software engineering, and in turn act as mediators between codes and real-world execution. For more information, see David Berry, The Philosophy of Software: Code and Mediation in the Digital Age (New York, NY: Springer, 2011), pp. 1–33.

11 Michael Schandorf and Athina Karatzogianni, ‘Agency in a posthuman IR: Solving the problem of technosocially mediated agency’, in Erika Cudworth, Stephen Hobden, and Emilian Kavalski (eds), Posthuman Dialogues in International Relations (London, UK: Routledge, 2018), pp. 89–108.

12 Barry Buzan, Ole Wæver, and Jaap de Wilde, Security: A New Framework for Analysis (Boulder, CO: Lynne Rienner Publishers, 1998); Bendrath, Eriksson, and Giacomello, ‘From “cyberterrorism” to “cyberwar”, back and forth’; Dunn Cavelty, Cyber-Security and Threat Politics; Dunn Cavelty, ‘Cyber-terror: Looming threat or phantom menace?'; Eriksson, ‘Cyberplagues, IT, and security’; Hansen and Nissenbaum, ‘Digital disaster’.

13 Mark Lacy and Daniel Prince, ‘Securitization and the global politics of cybersecurity’, Global Discourse, 8:1 (2018), pp. 100–15.

14 Paul Kallender and Christopher W. Hughes, ‘Japan's emerging trajectory as a “cyber power”: From securitization to militarization of cyberspace’, Journal of Strategic Studies, 40:1–2 (2017), pp. 118–45; Syed Mohammed Ad'ha Aljunied, ‘The securitization of cyberspace governance in Singapore’, Asian Security (2019), pp. 1–20; Bassant Hassib and Nardine Alnemr, ‘Securitizing cyberspace in Egypt: The dilemma of cybersecurity and democracy’, in Scott N. Romaniuk and Mary Manjikian (eds), Routledge Companion to Global Cyber-Security Strategy (London, UK: Routledge, 2021).

15 Emerson, ‘Limits to a cyber-threat’; Jarvis, Macdonald, and Whiting, ‘Analogy and authority in cyberterrorism discourse’.

16 Myriam Dunn Cavelty, ‘From cyber-bombs to political fallout: Threat representations with an impact in the cyber-security discourse’, International Studies Review, 15:1 (2013), pp. 105–22.

17 Betz and Stevens, ‘Analogical reasoning and cyber security’.

18 Sean Lawson, ‘Beyond cyber-doom: Assessing the limits of hypothetical scenarios in the framing of cyber-threats’, Journal of Information Technology & Politics, 10:1 (2013), pp. 86–103.

19 Hansen and Nissenbaum, ‘Digital disaster’.

20 Stevens, Tim, ‘Global cybersecurity: New directions in theory and methods’, Politics and Governance, 6:2 (2018), p. 2CrossRefGoogle Scholar.

21 Daniel Miller (ed.), Materiality (Durham, NC: Duke University Press, 2005), p. 38.

22 See, for example, Myriam Dunn Cavelty, Thierry Balzacq, and Sophie-Charlotte Fischer, ‘“Killer robots” and preventive arms control’, in Routledge Handbook of Security Studies (London, UK: Routledge, 2017), pp. 457–68; Mareile Kaufmann, ‘Who connects the dots? Agents and agency in predictive policing’, in Marijn Hoijtink and Matthias Leese (eds), Technology and Agency in International Relations (London, UK: Routledge, 2019), pp. 141–64; Ian Shaw and Majed Akhter, ‘The dronification of state violence’, Critical Asian Studies, 46:2 (2014), pp. 211–34.

23 Myriam Dunn Cavelty, ‘The materiality of cyberthreats: Securitization logics in popular visual culture’, Critical Studies on Security, 7:2 (2019), pp. 138–40.

24 Thomas Rid, Rise of the Machines: A Cybernetic History (London, UK: Scribe Publications Pty Limited, 2016).

25 Collier, ‘Cyber security assemblages’.

26 Clare Stevens, ‘Assembling cybersecurity’.

27 Egloff and Dunn Cavelty, ‘Attribution and knowledge creation assemblages in cybersecurity politics’.

28 Jacobsen, ‘Lacan in the US cyber defence’.

29 Dwyer, ‘Cybersecurity's grammars’.

30 Balzacq and Dunn Cavelty, ‘A theory of actor-network for cyber-security’.

31 Tobias Liebetrau and Kristoffer Kjærgaard Christensen, ‘The ontological politics of cyber security: Emerging agencies, actors, sites, and spaces’, European Journal of International Security, 6:1 (2021), pp. 25–4.

32 Claudia Aradau, ‘Security that matters: Critical infrastructure and objects of protection’, Security Dialogue, 41:5 (2010), pp. 491–514; Mark B. Salter, ‘Security actor-network theory: Revitalizing securitization theory with Bruno Latour’, Polity, 51:2 (2019), pp. 349–64.

33 Karen Barad, ‘Posthumanist performativity: Toward an understanding of how matter comes to matter’, Journal of Women in Culture and Society, 28:3 (2003), p. 803.

34 Ian Bogost, Alien Phenomenology, Or, What It's Like to Be a Thing (Minneapolis, MN: University of Minnesota Press, 2012); Levi R. Bryant, The Democracy of Objects (London, UK: Open Humanities Press, 2011); Graham Harman, Object-Oriented Ontology: A New Theory of Everything (London, UK: Penguin, 2018).

35 Jane Bennett, ‘Systems and things: On vital materialism and object-oriented philosophy’, in Richard A. Grusin and Richard Grusin (eds), The Nonhuman Turn (Minneapolis, MN: University of Minnesota Press, 2015), pp. 223–40.

36 Barad, ‘Posthumanist performativity’; Karen Barad, Meeting the Universe Halfway: Quantum Physics and the Entanglement of Matter and Meaning (Durham, NC: Duke University Press, 2007).

37 Bruno Latour, Reassembling the Social: An Introduction to Actor-Network-Theory (Oxford, UK: Oxford University Press, 2005); John Law and Vicky Singleton, ‘Object lessons’, Organization, 12:3 (2005), pp. 331–55.

38 Matt McDonald and Audra Mitchell, ‘Introduction: Posthuman international relations’, in Clara Eroukhmanoff and Matt Harker (eds), Reflections on the Posthuman in International Relations: The Anthropocene, Security and Ecology (E-International Relations, 2017).

39 Benjamin Braun, Sebastian Schindler, and Tobias Wille, ‘Rethinking agency in international relations: Performativity, performances and actor-networks’, Journal of International Relations and Development, 22:4 (2018), pp. 787–807.

40 Audra Mitchell, ‘Only human? A worldly approach to security’, Security Dialogue, 45:1 (2014), pp. 5–21; Audra Mitchell, ‘Dispatches from the Robot Wars; or, what is posthuman security?’, The Disorder Of Things blog (24 July 2014), available at: {https://thedisorderofthings.com/2014/07/24/dispatches-from-the-robot-wars-or-what-is-posthuman-security/} accessed 25 November 2021.

41 Aradau, ‘Security that matters’.

42 Mike Bourne, Heather Johnson, and Debbie Lisle, ‘Laboratizing the border: The production, translation and anticipation of security technologies’, Security Dialogue, 46:4 (2015), pp. 307–25.

43 Ty Solomon, ‘Embodiment, emotions, and materialism in international relations’, in Linda Åhäll and Thomas Gregory (eds), Emotions, Politics and War (London, UK: Routledge, 2015), pp. 58–70.

44 Antoine Bousquet, Jairus Grove, and Nisha Shah, ‘Becoming weapon: An opening call to arms’, Critical Studies on Security, 5:1 (2017), pp. 1–8.

45 Norbert Wiener, Cybernetics: Or, Control and Communication in the Animal and the Machine (Hoboken, NJ: Wiley & Sons, 1948).

46 The Macy conferences were interdisciplinary conferences held in the US and are sometimes considered the most significant scientific events after the Second World War. Concepts like ‘information’ and ‘analogue/digital’ were introduced in these conferences as part of regulatory frameworks that can apply to both humans and machines.

47 Cary Wolfe, What Is Posthumanism? (Minneapolis, MN: University of Minnesota Press, 2010), p. xii.

48 W. Ross Ashby, An Introduction to Cybernetics (London, UK: Chapman and Hall, 1958), p. 1.

49 Elke Schwarz, ‘Hybridity and humility: What of the human in posthuman security?’, in Eroukhmanoff and Harker (eds), Reflections on the Posthuman in International Relations, pp. 28–9.

50 Carolin Kaltofen, ‘With a posthuman touch: International relations in dialogue with the posthuman: A human account’, in Cudworth, Hobden, and Kavalski (eds), Posthuman Dialogues in International Relations, p. 42.

51 Rosi Braidotti, The Posthuman (Hoboken, NJ: John Wiley & Sons, 2013).

52 Paul M. Leonardi, ‘Digital materiality? How artifacts without matter, matter’, First Monday, 15:6–7 (2010).

53 Paul Dourish, The Stuff of Bits: An Essay on the Materialities of Information (Cambridge, MA: MIT Press, 2017).

54 Lisa Parks and Nicole Starosielski, Signal Traffic: Critical Studies of Media Infrastructures (Champaign, IL: University of Illinois Press, 2015).

55 Paul Dourish and Melissa Mazmanian, ‘Media as material: Information representations as material foundations for organizational practice’, in Paul R. Carlile et al. (eds), How Matter Matters: Objects, Artifacts, and Materiality in Organization Studies (Oxford, UK: Oxford University Press, 2013), pp. 92–118 (p. 94).

56 Terrence W. Deacon, ‘What is missing from theories of information?’, in Paul Davies and Niels Henrik Gregersen (eds), Information and the Nature of Reality: From Physics to Metaphysics (Cambridge, UK: Cambridge University Press, 2010), p. 152.

57 Karsten Friis and Jens Ringsmose (eds), Conflict in Cyber Space: Theoretical, Strategic and Legal Pespectives (London, UK: Routledge, 2016), p. 4.

58 Jane Bennett, Vibrant Matter: A Political Ecology of Things (Durham, NC: Duke University Press, 2009), p. xvi

59 Rocco Bellanova, Katja Lindskov Jacobsen, and Linda Monsees, ‘Taking the trouble: Science, technology and security studies’, Critical Studies on Security, 8:2 (2020), pp. 87–100.

60 Tim Stevens, ‘Information Matters: Informational Conflict and the New Materialism’, paper for presentation at Millennium Annual Conference, ‘Materialism and World Politics’, 20–1 October 2012, London School of Economics, available at: SSRN: {http://dx.doi.org/10.2139/ssrn.2146565}.

61 Latour, Reassembling the Social.

62 Bogost, Alien Phenomenology, p. 11.

63 Bryant, The Democracy of Objects.

64 Harman, Object-Oriented Ontology.

65 Paul Davies, The Demon in the Machine: How Hidden Webs of Information Are Finally Solving the Mystery of Life (London, UK: Penguin, 2019), p. 2.

66 Mark Burgin, Theory of Information: Fundamentality, Diversity and Unification (Singapore: World Scientific, 2010), p. 102.

67 Terrel Ward Bynum, ‘Informational metaphysics: The informational nature of reality’, in Luciano Floridi (ed.), The Routledge Handbook of Philosophy of Information (London, UK: Routledge, 2016), p. 207.

68 César Hidalgo, Why Information Grows: The Evolution of Order, from Atoms to Economies (London, UK: Penguin, 2015), pp. 8–9.

69 Phyllis Illari and Federica Russo, ‘Information and causality’, in Floridi (ed.), The Routledge Handbook of Philosophy of Information, pp. 235–48.

70 James Gleick, The Information: A History, a Theory, a Flood (London, UK: HarperCollins Publishers, 2011), p. 12.

71 Seth Lloyd, Programming the Universe: A Quantum Computer Scientist Takes on the Cosmos (New York, NY: Knopf Doubleday Publishing Group, 2006).

72 Sara Imari Walker, ‘Top-down causation and the rise of information in the emergence of life’, Information, 5:3 (2014), p. 425.

73 Wiener, Cybernetics, p. 132.

74 Peter Janich, What Is Information? (Minneapolis, MN: University of Minnesota Press, 2018), p. 4.

75 John Arquilla and David Ronfeldt, ‘Cyberwar is coming!’, Comparative Strategy, 12:2 (1993), pp. 141–65.

76 Ibid., p. 154.

77 Elgin M. Brunner and Myriam Dunn Cavelty, ‘The formation of in-formation by the US military: Articulation and enactment of infomanic threat imaginaries on the immaterial battlefield of perception’, Cambridge Review of International Affairs, 22:4 (2009), p. 633.

78 Michael Dillon, ‘Network society, network-centric warfare and the state of emergency’, Theory, Culture & Society, 19:4 (2002), pp. 72–3.

79 A. M. Turing, ‘Can a machine think’, The World of Mathermatics, 4 (1956), pp. 2099–123.

80 Davies, The Demon in the Machine, p. 186.

81 Peter Suber, ‘What is software?’, Journal of Speculative Philosophy, 2:2 (1988), pp. 89–119.

82 Anne-Marie Grisogono, ‘How did information emerge?’, in Sara Imari Walker, Paul C. W. Davies, and George F. R. Ellis (eds), From Matter to Life: Information and Causality (Cambridge, UK: Cambridge University Press, 2017), pp. 86–9.

83 Michael Wooldridge and Nicholas R. Jennings, ‘Intelligent agents: Theory and practice’, The Knowledge Engineering Review, 10:2 (1995), pp. 115–52.

84 Jeffrey M. Bradshaw, ‘Introduction’, in Jeffrey M. Bradshaw (ed.), Software Agents (Palo Alto, CA: AAAI Press, 1997), pp. 3–48.

85 Walter Brenner, Rüdiger Zarnekow, and Hartmut Wittig, Intelligent Software Agents: Foundations and Applications (Berlin and Heidelberg, Germany: Springer Science & Business Media, 2012), pp. 19–34.

86 Wooldridge and Jennings, ‘Intelligent agents’, p. 117.

87 Donald A. Norman, ‘How might people interact with agents’, in Bradshaw (ed.), Software Agents, p. 54.

88 Adrian MacKenzie, Cutting Code: Software and Sociality (New York, NY: Peter Lang Inc., 2006), p. 17.

89 Ibid., p. 16.

90 Timothy R. Colburn, ‘Software, abstraction, and ontology’, The Monist, 82:1 (1999), pp. 3–19.

91 MacKenzie, Cutting Code.

92 Nigel Thrift and Shaun French, ‘The automatic production of space’, Transactions of the Institute of British Geographers, 27:3 (2002), pp. 309–35.

93 Balzacq and Dunn Cavelty, ‘A theory of actor-network for cyber-security’.

94 Federica Frabetti, Software Theory: A Cultural and Philosophical Study (Lanham, MD: Rowman & Littlefield International, 2015), pp. 45–6.

95 Rob Kitchin and Martin Dodge, Code/Space: Software and Everyday Life (Cambridge, MA: MIT Press, 2011).

96 Berry, The Philosophy of Software.

97 Jannis Kallinikos, Governing Through Technology: Information Artefacts and Social Practice (New York, NY: Springer, 2010).

98 Kitchin and Dodge, Code/Space.

99 Thrift and French, ‘The automatic production of space’.

100 Arthur Kroker, Exits to the Posthuman Future (Hoboken, NJ: John Wiley & Sons, 2014), pp. 49–59.

101 Wendy Hui Kyong Chun, Programmed Visions: Software and Memory (Cambridge, MA: MIT Press, 2011), pp. 45–6.

102 Ibid.

103 Stevens, ‘Assembling cybersecurity’, p. 131.

104 Catherine Adams and Terrie Lynn Thompson, Researching a Posthuman World: Interviews with Digital Objects (New York, NY: Springer, 2016).

105 Marijn Hoijtink and Matthias Leese, ‘How (not) to talk about technology: International relations and the question of agency’, in Hoijtink and Leese (eds), Technology and Agency in International Relations, p. 3.

106 Mariarosaria Taddeo, Tom McCutcheon, and Luciano Floridi, ‘Trusting Artificial Intelligence in cybersecurity is a double-edged sword’, Nature Machine Intelligence, 1:12 (2019), pp. 557–8.

107 Miles Brundage et al., ‘The malicious use of Artificial Intelligence: Forecasting, prevention, and mitigation’, arxiv preprint (2018).

108 Tim Stevens, ‘Knowledge in the grey zone: AI and cybersecurity’, Digital War (2020).

109 Taddeo, McCutcheon, and Floridi, ‘Trusting Artificial Intelligence’, p. 558.

110 Stevens, ‘Knowledge in the grey zone’, p. 168.

111 Ibid., pp. 173–228.

112 Ed Skoudis and Lenny Zeltser, Malware: Fighting Malicious Code (Hoboken, NJ: Prentice Hall Professional, 2004), pp. 64–8.

113 Jussi Parikka, Digital Contagions: A Media Archaeology of Computer Viruses (Pieterlen, Germany: Peter Lang, 2007).

114 Balzacq and Dunn Cavelty, ‘A theory of actor-network for cyber-security’.

115 Mark Mason, Complexity Theory and the Philosophy of Education (Hoboken, NJ: John Wiley & Sons, 2009), pp. 32–5.

116 Antoine Bousquet and Simon Curtis, ‘Beyond models and metaphors: Complexity theory, systems thinking and international relations’, Cambridge Review of International Affairs, 24:1 (2011), pp. 43–62.

117 Ibid., p. 52.

118 Peter A. Corning, ‘The re-emergence of “emergence”: A venerable concept in search of a theory’, Complexity, 7:6 (2002), pp. 7–18.

119 Mason, Complexity Theory and the Philosophy of Education, pp. 32–5.

120 Corning, ‘The re-emergence of “emergence”’, pp. 7–18.

121 Jeffrey Johnson, ‘Can complexity help us better understand risk?’, Risk Management, 8:4 (2006), pp. 227–67.

122 Stephen Cobb and Andrew Lee, ‘Malware Is Called Malicious for a Reason: The Risks of Weaponizing Code’, 6th International Conference on Cyber Conflict (NATO CCD COE Publications, 2014), pp. 71–84.

123 IP stands for Internet protocol. An IP address is a unique address that identifies a device on the Internet or a local network.

124 Kanellis Panagiotis, Digital Crime and Forensic Science in Cyberspace (Idea Group Inc (IGI), 2006).

125 Neil C. Rowe, ‘Ethics and policies for cyber operations’, in Ludovica Glorioso and Mariarosaria Taddeo (eds), Challenges of Civilian Distinction in Cyberwarfare (Cham: Springer, 2017), pp. 40–1.

126 Corey Hirsch, ‘Collateral damage outcomes are prominent in cyber warfare, despite targeting’, in Louise Leenen (ed.), ICCWS 2018 13th International Conference on Cyber Warfare and Security (ACPIL, 2018), pp. 281–6.

127 Hirsch, ‘Collateral damage outcomes are prominent in cyber warfare’, p. 283.

128 Rachael King, ‘Stuxnet infected Chevron's IT network’, The Wall Street Journal blog (8 November 2012), available at: {https://blogs.wsj.com/cio/2012/11/08/stuxnet-infected-chevrons-it-network/} accessed 5 November, 2021.

129 Dwyer, ‘Cybersecurity's grammars’, p.2.

130 Charles Cooper, ‘WannaCry: Lessons learned 1 year later’, Symantec (16 May 2018), available at: {https://www.symantec.com/blogs/feature-stories/wannacry-lessons-learned-1-year-later} accessed 3 November 2021.

131 ‘NHS trusts “at fault” over cyber-attack’, BBC (27 October 2017), available at: {https://www.bbc.com/news/technology-41753022} accessed 23 November 2021.

132 DDoS attacks flood computer servers with requests to stop them from providing services to their intended users.

133 Liebetrau and Christensen, ‘The ontological politics of cyber security’.

134 Ulrich Beck, Risk Society: Towards a New Modernity (London, UK: SAGE Publications Ltd, 1992), p. 33.

135 Healey, Jason, ‘The implications of persistent (and permanent) engagement in cyberspace’, Journal of Cybersecurity, 5:1 (2019)CrossRefGoogle Scholar; Pattison, James, ‘From defence to offence: The ethics of private cybersecurity’, European Journal of International Security, 5:2 (2020), pp. 233–54CrossRefGoogle Scholar.

136 Schutte, S., ‘Cooperation beats deterrence in cyberwar’, Peace Economics, Peace Science and Public Policy, 18:3 (2012), p. 8CrossRefGoogle Scholar.

137 Jason Rivera and Forrest Hare, ‘The Deployment of Attribution Agnostic Cyberdefense Constructs and Internally Based Cyberthreat Countermeasures’, 2014 6th International Conference on Cyber Conflict (CyCon 2014) (2014), p. 104.

138 Schutte, ‘Cooperation beats deterrence in cyberwar’, p. 8.

139 This argument particularly refers to passive defence, or defence that happens after an incident takes place, in contrast to active defence or what is often called ‘defend forward’, which takes pre-emptive actions by intruding in the adversaries’ systems.

140 P. W. Singer and Allan Friedman, Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford, UK: Oxford University Press, 2014).

141 Thomas Rid and Ben Buchanan, ‘Attributing cyber attacks’, Journal of Strategic Studies, 38:1–2 (2015), p. 28.

142 We can differentiate between two types of attribution: attack attribution and threat attribution. The first is concerned with attacks that have already taken place, while the second is related to ones that have not and thus seeks to establish links between the future threat/hazard and a particular source.

143 Noran Shafik Fouad, ‘The Peculiarities of Securitising Cyberspace: A Multi-Actor Analysis of the Construction of Cyber Threats in the US (2003–2016)’, Proceedings of the 18th European Conference on Cyber Warfare and Security (Academic Conferences and Publishing International Limited, 2019), pp. 633–40.

144 See, for examples of everyday and ‘mundane’ cybersecurity, Slupska, Julia, ‘Safe at home: Towards a feminist critique of cybersecurity’, St Antony's International Review, 15:1 (2019), pp. 83100Google Scholar; Fouad, Noran Shafik, ‘Securing Higher Education against cyber threats: From an institutional risk to a national policy challenge’, Journal of Cyber Policy, 6:2 (2021), pp. 137–54CrossRefGoogle Scholar.

145 Reviewing the Federal Cybersecurity Mission: Hearing before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, of the Committee on Homeland Security (Serial No.111-5), U.S. House of Representatives, 111th Cong. (2009), p. 27.

146 Michel Herzog and Jonas Schmid, ‘Who pays for zero-days? Balancing long-term stability in cyber space against short-term national security benefits’, in Friis and Ringsmose (eds), Conflict in Cyber Space, pp. 97–114.

147 Jane Chong, ‘Bad code: Exploring liability in software development’, in Richard Harrison, Trey Herr, and Richard J. Danzig (eds), Cyber Insecurity: Navigating the Perils of the Next Information Age (Lanham, MD: Rowman & Littlefield Publishers, 2016), pp. 69–86.