New paper: The De-Perimeterisation of Information Security: the Jericho Forum, Zero Trust, and narrativity

CIM academics Matt Spencer and Daniele Pizio have published their latest paper on their work from the ‘Scaling Trust’ UKRI project. They examine processes of conceptual change in the recent history of the field, focusing in particular on the efforts of the Jericho Forum pressure group to ‘de-perimeterise’ security thinking. The article is open access in Social Studies of Science:
doi.org/10.1177/03063127231221107

This article analyses the transformation of information security induced by the Jericho Forum, a group of security professionals who argued for a new ‘de-perimeterised’ security model. Having focused on defensive perimeters around networks, early 2000s information security faced a growing set of pressures: the maintainability of firewalls given increasing traffic volume and variety, the vulnerability of interior network domains, and the need to cope with and enable new working arrangements and ways of doing business. De-perimeterisation was a radical rethinking of the nature of security and created the conditions for the rise of ‘Zero Trust’ architectures. This shift has radical implications for the architectures of digital infrastructures that undergird many aspects of contemporary life, the risks to which people and societies are exposed, and the nature of work and business in a digital economy. We develop a semiotic analysis of the Jericho Forum’s interventions. Using insights from material semiotics, security theory and the theory of narrativity, we argue that de-perimeterisation can be understood as a shift in security logic, or, a shift in how security can (be made to) make sense. We examine a cluster of images used by the Jericho Forum, and analyse how they challenged the coherence of perimeter-based thinking and provided the materials for constructing a new model. We argue that a focus on the narrative dimension of security provides a window into fundamental semantic transformations, reciprocal historical relations between semantics and technical change, the agencement of security technologies, and determinations of value (what is worth securing).