A project supported by a Future Leaders Fellowship from UK Research and Innovation
Duration: Oct 2019 - April 2027
PI: Matt Spencer
Scaling Trust: An Anthropology of Cyber Security
With growing dependency on digital infrastructure, vulnerability to cyber disaster becomes a defining context for social life. In 2017, the Wannacry crypto-ransomware infected computers across large parts of the UK's National Health Service, leading to thousands of cancelled medical appointments; weeks later the NotPetya malware caused chaos across many industries and continents. Later that year, the Equifax hack compromised the details of 140 million people, and in 2018, an outage at the UK bank TSB left thousands of customers defrauded. Behind each failure—to patch systems, to secure networks, to implement good governance—is a problem of scales: the smallest “weak link” can end up compromising the security of the whole system. And because complete security is unattainable in practice, living well with infrastructures has become a question of trust.
It is the premise of this project that trust is not a “user’s problem”. Behind the services and utilities that we rely on in daily life, we can find an array of professional cyber security practices aiming to win and maintain trust, to question it and manage it across scales. Understanding how they go about doing that, their successes and failures, is the purpose of this study.
Through interviews, ethnographic fieldwork and participatory workshops, the project examines the social processes through which knowledge and trust are negotiated in the security profession: how practitioners imagine the trust implicit in their cyber security evaluations, the ways in which they make trust explicit, or call things into question as technologies and processes demanding further evaluation.
The project examines the nature of assurance in cyber security, its history and the contemporary policy landscape. Assurance is examined as a problem explicitly formulated by practitioners, but also as an implicit, situated aspect of cyber security knowledge, this latter dimension being examined in and through Trust Mapping participatory workshop methodology.
The Trust Mapping methodology is designed to help participants to visualise their perspective on the trustworthiness of technology, by mapping out the a space of agents, flows of information and forms of knowledge in which they find themselves. In addition to serving as a research methodology, Trust Mapping is intended to be of wider use to the professional community, and resources will be made freely available on this page in the future.
A parallel strand of research questions the nature of security models, through a systematic empirical comparative study of 'Zero Trust' and 'Distributed Trust' paradigms. In collaboration with Dr Daniele Pizio, Postdoctoral Research Fellow on the project, we examine the history and social conditions of these models, and engaging with the philosophy of science, we interrogate what a security model might be supposed to be.
Future research under the fellowship is planned, with a focus on DevSecOps, hardware vulnerability, and the production of the research monograph: Scaling Trust.
Trust Mapping: A workshop methodology for socio-technical cyber security
Protocol and materials for Trust Mapping workshops can be found on Github:
Creative Malfunction: Finding Fault with Rowhammer
Cyber security aims to make technical systems responsive to an uncertain environment of new and previously unanticipated forms of malfunction, new kinds of vulnerability and techniques for exploiting them. This paper analyses security vulnerability research, working from a close reading of the Rowhammer problem with Dynamic Random Access Memory (DRAM). The history of Rowhammer's discovery and subsequent research provides an exceptionally clear case study for exploring the historicity of vulnerability: the very nature of the problem, and how it might be fixed, remained uncertain and provisional for many years as security practitioners explore its implications. From a philosophical point of view, these pragmatic challenges generate insights into the nature of technical function and normativity, and thus what it means for things to malfunction and to be repaired.
Engines, Puppets, Promises: The Figurations of Configuration Management
One of the principle challenges for managing complex technical architectures is configuration: ensuring component parts are in their appropriate states. In this paper I examine the history and philosophy of the discipline of IT configuration management. Since the 1990s, configuration management grappled with the problem of configuration on a fundamental level, reimagining not just what state things should be in but what kind of relation pertains between a source of truth and a recipient system. The need to address infrastructures at scale led not only to the development of decentralised systems for automated configuration management, but also to creative thinking about the nature of human-machine and machine-machine relations, most notably in the notion of 'smart intentional infrastructures' elaborated in Mark Burgess's Promise Theory. The essay draws on theories of figuration in order to bring the technical philosophy of configuration into dialogue with social science of infrastructures.
Spencer, M. 2022. 'Engines, Puppets, Promises: The Figurations of Configuration Management.' in Lury, C, Viney, W. & Wark, S. Figure: Concept and Method. Singapore: Palgrave Macmillan. pp105-125.
Characterising Assurance: Mistrust and Narrative in Cyber Security
This paper presents an analysis of recent transformations in cyber security assurance, a field of evaluation that aims to establish of whether technical products are secure. Cyber security assurance has a history dating back to the 1970s, but has been subject to regular initiatives of reform. The paper examines current transformations of assurance in the UK context through an analysis of practitioners’ discourse, the stories told and retold about what the problems are that define the field. Such stories that not only describe the problem, but also challenge the capacity of assurance certifications to be interpreted as objective assessments of security.
Mistrust, it is argued, can be understood in terms of the capacities of sceptical narratives to efface the power of certifications to be taken on ‘face value.’ A communication-centred view of mistrust is thus developed that is distinct from the disposition-centred view that is conventional (Carey 2017, Mühlfried 2018, 2019). The paper develops this point through the analysis of a series of narrative excepts from interviews with cyber security practitioners, examining how assurance is characterised in them: the kinds of agents that we find within it and their relations to the production of objective evaluations of security.
An analysis of characterisation draws attention to the limitations of the palette of characters featuring in cyber security discourse, something that bolsters notions of a pressing need for experts and a ‘cyber skills gap’. Examining characterisation offers the possibility of drawing out what I call ‘counter-characterisation’, rendering problems in terms of characters that would otherwise be absent, and in closing the paper, I offer a comment on the critical potential of characterising assurance in terms of ‘caring’ characters.
Spencer, M. 2022. 'Characterising Assurance: Scepticism and Mistrust in Cyber Security.' Journal of Cultural Economy
The De-perimeterisation of Information Security: The Jericho Forum, Zero Trust and Narrativity
(with Daniele Pizio)
This paper analyses the transformation of information security induced by the Jericho Forum, a group of security professionals who, between the 2003 and 2013, argued for a new ‘de-perimeterised’ security model. Having traditionally focussed on a defensive perimeter around corporate networks, by the early 2000s information security was facing a growing set of pressures associated with the maintainability of firewalls given increasing traffic volume and variety, the vulnerability of the interior network domain and the need to cope with and enable new working arrangements and ways of doing business. De-perimeterisation was a radical rethinking of the nature of security and created the conditions for the rise of ‘Zero Trust’ architectures increasingly dominant in the field.
Very little attention has been paid to de-perimeterisation outside of information security. This shift however has radical implications for the design of the digital infrastructures that undergird many aspects of contemporary life, for the risks to which people and societies are exposed, and for the nature of work and business in a digital economy. Our analysis addresses this gap, developing a semiotic analysis of the interventions of the Jericho Forum. Using insights from material semiotics, security theory and the theory of narrativity, we argue that de-perimeterisation can be understood as a shift in security logic, in other words, a shift in how security can (be made to) make sense. We examine a cluster of core images developed and disseminated by the Jericho Forum, and analyse how those images challenged the coherence of the old, perimeter-based way of thinking, and provided the materials for constructing a new model. We argue that a focus on narrative dimension of security provides a window onto fundamental semantic transformations, reciprocal historical relations between semantics and technical change, the agencement of security technologies, and determinations of value (what is worth securing).