Skip to main content Skip to navigation

Scaling Trust: An anthropology of cyber security

A project supported by a Future Leaders Fellowship from UK Research and Innovation
Duration: Oct 2019 - April 2027
PI: Matt Spencer

UKRI  logo

Scaling Trust: An Anthropology of Cyber Security

With growing dependency on digital infrastructure, vulnerability to cyber disaster becomes a defining context for social life. In 2017, the Wannacry crypto-ransomware infected computers across large parts of the UK's National Health Service, leading to thousands of cancelled medical appointments; weeks later the NotPetya malware caused chaos across many industries and continents. Later that year, the Equifax hack compromised the details of 140 million people, and in 2018, an outage at the UK bank TSB left thousands of customers defrauded. Behind each failure—to patch systems, to secure networks, to implement good governance—is a problem of scales: the smallest “weak link” can end up compromising the security of the whole system. And because complete security is unattainable in practice, living well with infrastructures has become a question of trust.

It is the premise of this project that trust is not a “user’s problem”. Behind the services and utilities that we rely on in daily life, we can find an array of professional cyber security practices aiming to win and maintain trust, to question it and manage it across scales. Understanding how they go about doing that, their successes and failures, is the purpose of this study.

The Fellowship

Under the fellowship, in collaboration with Daniele Pizio, who is the postdoctoral fellow on the project, we work on a cluster of interlinked problem areas:

Technology Security Assurance

We look at the nature of assurance in cyber security, its history as well as the contemporary policy landscape. In reformulating assurance, policymakers reason about the nature of markets and the problems they can face, draw insights from advances in safety assurance, and attempt to learn the lessons from experiences with security assurance schemes of the past. Assurance is examined as a problem explicitly formulated by practitioners, but also as an implicit, situated aspect of cyber security knowledge, this latter dimension being examined in and through Trust Mapping participatory workshop methodology.

The Trust Mapping methodology is designed to help participants to visualise their perspective on the trustworthiness of technology, by mapping out the a space of agents, flows of information and forms of knowledge in which they find themselves. In addition to serving as a research methodology, it is hoped that Trust Mapping will be of wider use to the professional community, and resources are freely available via the link below.

The Nature of Security Models

A second strand of our research looks at the nature of security models and security modelling. The core of this work has been a historical analysis of de-perimeterisation in information security, via the archives of the Jericho Forum. This is extended with a comparative study of 'Zero Trust' and 'Distributed Trust' approaches to network architecture, and via studies of security modelling in its diverse forms. Drawing on the concept of epistemic artefacts from the philosophy of science, the Greimasian theory of narrativity and the concept of security logic from security studies, we are working on developing a material semiotic analysis of security models.

Secure delivery: DevSecOps

The organisation of the delivery of digital functionality is fundamental to how securing is done, and is currently subject to debate and reimagination from within the professional community. DevSecOps is an increasingly influential delivery model based on securing pipelines of novel functionality, with a focus on automation, collaboration, continuous improvement. Aside from some attention in the information systems community, DevSecOps has been absent from discussions in software studies, security studies and STS (see Spencer 2022b). Security here is narrativized as an organisational function alongside development and operations functions.

The team will conduct participant observation at events and interviews with practitioners involved in DevSecOps transformations. Alongside this, we will conduct a broad analysis of media and texts relating to the movement, developing a corpus for discourse analysis. Extending this, we plan to run workshops with organisations, drawing on reliability theory and the theory of sensemaking, with the goal of enhancing host organisations' DevSecOps transformations, and developing a reflexive approach as engaged practitioners.

The 'When' of Vulnerability

The fourth area of focus for Scaling Trust is hardware vulnerability. For this our primary methodology involves the reconstruction of vulnerabilities from research publications, examining the trajectory of emergence as vulnerabilities such as Rowhammer, SPECTRE and Meltdown, are announced and then unfolded over years of further research into their implications and the efficacy of potential mitigations.

Foundations of Digital Security

The project develops a synthesis of narrativity theory, security theory and material semiotics. The four case studies examine how (cyber) securing is narrativized in terms of 1) qualities of technology/information; 2) technological agencement; 3) the coordination of organisational functions; and 4) contingencies of computational operation. One of the underlying goals of the project is to examine how the foundations of such a narrative-based view of security might be understood, using social theory, philosophy and cyber security to examine the entwined roles, in security, of narrative, causation and action. This will be the focus of a forthcoming book.

Key outputs so far

Trust Mapping: A workshop methodology for socio-technical cyber security

DOI

Protocol and materials for Trust Mapping workshops can be found on Github:

https://github.com/m-j-spencer/trust-mapping

Assurance by Principle policy report

Assurance by Principle: Preparing for the next generation of technology assurance

Policy report published by the Research Institute for Sociotechnical Cyber Security (RISCS)

De-perimeterising Zero Trust policy brief

De-perimeterising Zero Trust: Challenging metaphors in information security

Part of the University of Warwick's Policy Briefings Series


Creative Malfunction: Finding Fault with Rowhammer

Cyber security aims to make technical systems responsive to an uncertain environment of new and previously unanticipated forms of malfunction, new kinds of vulnerability and techniques for exploiting them. This paper analyses security vulnerability research, working from a close reading of the Rowhammer problem with Dynamic Random Access Memory (DRAM). The history of Rowhammer's discovery and subsequent research provides an exceptionally clear case study for exploring the historicity of vulnerability: the very nature of the problem, and how it might be fixed, remained uncertain and provisional for many years as security practitioners explore its implications. From a philosophical point of view, these pragmatic challenges generate insights into the nature of technical function and normativity, and thus what it means for things to malfunction and to be repaired.

http://computationalculture.net/creative-malfunction-finding-fault-with-rowhammer/


Engines, Puppets, Promises: The Figurations of Configuration Management

One of the principle challenges for managing complex technical architectures is configuration: ensuring component parts are in their appropriate states. In this paper I examine the history and philosophy of the discipline of IT configuration management. Since the 1990s, configuration management grappled with the problem of configuration on a fundamental level, reimagining not just what state things should be in but what kind of relation pertains between a source of truth and a recipient system. The need to address infrastructures at scale led not only to the development of decentralised systems for automated configuration management, but also to creative thinking about the nature of human-machine and machine-machine relations, most notably in the notion of 'smart intentional infrastructures' elaborated in Mark Burgess's Promise Theory. The essay draws on theories of figuration in order to bring the technical philosophy of configuration into dialogue with social science of infrastructures.

Spencer, M. 2022. 'Engines, Puppets, Promises: The Figurations of Configuration Management.' in Lury, C, Viney, W. & Wark, S. Figure: Concept and Method. Singapore: Palgrave Macmillan. pp105-125.

 


Characterising Assurance: Mistrust and Narrative in Cyber Security

This paper presents an analysis of recent transformations in cyber security assurance, a field of evaluation that aims to establish of whether technical products are secure. Cyber security assurance has a history dating back to the 1970s, but has been subject to regular initiatives of reform. The paper examines current transformations of assurance in the UK context through an analysis of practitioners’ discourse, the stories told and retold about what the problems are that define the field. Such stories that not only describe the problem, but also challenge the capacity of assurance certifications to be interpreted as objective assessments of security.

Mistrust, it is argued, can be understood in terms of the capacities of sceptical narratives to efface the power of certifications to be taken on ‘face value.’ A communication-centred view of mistrust is thus developed that is distinct from the disposition-centred view that is conventional (Carey 2017, Mühlfried 2018, 2019). The paper develops this point through the analysis of a series of narrative excepts from interviews with cyber security practitioners, examining how assurance is characterised in them: the kinds of agents that we find within it and their relations to the production of objective evaluations of security.

An analysis of characterisation draws attention to the limitations of the palette of characters featuring in cyber security discourse, something that bolsters notions of a pressing need for experts and a ‘cyber skills gap’. Examining characterisation offers the possibility of drawing out what I call ‘counter-characterisation’, rendering problems in terms of characters that would otherwise be absent, and in closing the paper, I offer a comment on the critical potential of characterising assurance in terms of ‘caring’ characters.

Spencer, M. 2022. 'Characterising Assurance: Scepticism and Mistrust in Cyber Security.' Journal of Cultural Economy


The De-perimeterisation of Information Security: The Jericho Forum, Zero Trust and Narrativity

(with Daniele Pizio)

This paper analyses the transformation of information security induced by the Jericho Forum, a group of security professionals who, between the 2003 and 2013, argued for a new ‘de-perimeterised’ security model. Having traditionally focussed on a defensive perimeter around corporate networks, by the early 2000s information security was facing a growing set of pressures associated with the maintainability of firewalls given increasing traffic volume and variety, the vulnerability of the interior network domain and the need to cope with and enable new working arrangements and ways of doing business. De-perimeterisation was a radical rethinking of the nature of security and created the conditions for the rise of ‘Zero Trust’ architectures increasingly dominant in the field.

Very little attention has been paid to de-perimeterisation outside of information security. This shift however has radical implications for the design of the digital infrastructures that undergird many aspects of contemporary life, for the risks to which people and societies are exposed, and for the nature of work and business in a digital economy. Our analysis addresses this gap, developing a semiotic analysis of the interventions of the Jericho Forum. Using insights from material semiotics, security theory and the theory of narrativity, we argue that de-perimeterisation can be understood as a shift in security logic, in other words, a shift in how security can (be made to) make sense. We examine a cluster of core images developed and disseminated by the Jericho Forum, and analyse how those images challenged the coherence of the old, perimeter-based way of thinking, and provided the materials for constructing a new model. We argue that a focus on narrative dimension of security provides a window onto fundamental semantic transformations, reciprocal historical relations between semantics and technical change, the agencement of security technologies, and determinations of value (what is worth securing).

Spencer, M. & D. Pizio. 2023. 'The De-Perimeterisation of Information Security: The Jericho Forum, Zero Trust and narrativity.' Social Studies of Science