A project supported by a Future Leaders Fellowship from UK Research and Innovation
Duration: Oct 2019 - Sept 2026
PI: Matt Spencer
Scaling Trust: An Anthropology of Cyber Security
With growing dependency on digital infrastructure, vulnerability to cyber disaster becomes a defining context for social life. In 2017, the Wannacry crypto-ransomware infected computers across large parts of the UK's National Health Service, leading to thousands of cancelled medical appointments; weeks later the NotPetya malware caused chaos across many industries and continents. Later that year, the Equifax hack compromised the details of 140 million people, and in 2018, an outage at the UK bank TSB left thousands of customers defrauded. Behind each failure—to patch systems, to secure networks, to implement good governance—is a problem of scales: the smallest “weak link” can end up compromising the security of the whole system. And because complete security is unattainable in practice, living well with infrastructures has become a question of trust.
It is the premise of this project that trust is not a “user’s problem”. Behind the services and utilities that we rely on in daily life, we can find an array of professional cyber security practices aiming to win and maintain trust, to question it and manage it across scales. Understanding how they go about doing that, their successes and failures, is the purpose of this study.
Through interviews, ethnographic fieldwork and participatory workshops, the project examines the social processes through which knowledge and trust are negotiated in the security profession: how practitioners imagine the trust implicit in their cyber security evaluations, the ways in which they make trust explicit, or call things into question as technologies and processes demanding further evaluation.
The focus in the first phrase of the project will be primarily on contexts of Critical National Infrastructure, looking at processes of assurance involved in the delivery of technological assets, and on new forms of evaluation brought in with regulation such as the Network and Information Systems directive.
The study will develop an anthropology of trust in cyber security, informing the wide community of scholarship on society and technology, governance and security. The project also engages closely with policymakers in order to feed in to current debates across government and industry. And by developing practitioner workshops around their predicaments of trust, the fellowship aims to contribute to expanding the methodological toolkit for cyber security engagement.