Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Normal Cyber Accidents
2023 (English)In: Journal of Cyber Policy, ISSN 2373-8871, Vol. 8, no 1, p. 114-130Article in journal (Refereed) Published
Abstract [en]

Several of the most serious cyber incidents affecting critical infrastructure to date have been the result of collateral damage, indirect effects, malware that ‘escaped’ their intended target and/or incontrollable malware proliferation. This tendency has so far been under-explored in the International Relations (IR) literature, and its potential implications largely overlooked. By focusing on the role of socio-technical system dynamics, this article aims to contribute to advancing our understanding of collateral (incidental) damage and unexpected consequences connected to offensive cyber operations. More specifically, it introduces an analytical framework based on Normal Accidents (NA) theory. The framework highlights dynamics which make complex systems more difficult to analyse and more prone to cascading failures. Its application is explored using in-depth interviews and empirical case examples of large-scale cyber incidents. The results highlight the difficulty of achieving controlled and precise effects when disrupting components in complex systems. The article concludes with a discussion on the need for renewed attention to escalatory risks connected to destructive offensive cyber. 

Place, publisher, year, edition, pages
2023. Vol. 8, no 1, p. 114-130
Keywords [en]
Offensive cyber operations, Normal Accidents theory, cyber incidents
National Category
Political Science (excluding Public Administration Studies and Globalisation Studies)
Research subject
International Relations
Identifiers
URN: urn:nbn:se:su:diva-215681DOI: 10.1080/23738871.2023.2281675OAI: oai:DiVA.org:su-215681DiVA, id: diva2:1745610
Available from: 2023-03-23 Created: 2023-03-23 Last updated: 2024-02-12
In thesis
1. Making Sense of Large-scale Cyber Incidents: International Cybersecurity Beyond Threat-based Security Perspectives
Open this publication in new window or tab >>Making Sense of Large-scale Cyber Incidents: International Cybersecurity Beyond Threat-based Security Perspectives
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Large-scale cyber incidents have figured prominently in securitizing speech acts over the last decade. This thesis demonstrates how conceptualizations of cybersecurity as a public security problem connects to and shapes cybersecurity governance in national and international settings. It explores how theoretical lenses drawn from the securitization, riskification, crisis and socio-technical systems literatures can improve our understanding of the phenomena of large-scale cyber incidents, and how such incidents are interpreted by key actors. The thesis includes four articles comprising case studies which utilize in-depth interviews, text analysis and discourse analysis. The findings reveal a steady development towards an increasingly threat-based security logic in both national and international cyber policy settings. The case studies also highlight the volatile nature of malware proliferation, the tendency of collateral damage from directed cyberattacks, the transboundary characteristics of large-scale cyber incidents, and the central role of civil contingencies actors and the private sector in cybersecurity governance. The implications of these findings are discussed in relation to the increasing securitization and militarization of cyberspace. Overall, this thesis contributes to our understanding of how cybersecurity is constructed as a security problem in theory and practice, and it employs analytical approaches which facilitate the exploration of international cybersecurity along more than just traditional ‘hard’ security lines.

Place, publisher, year, edition, pages
Stockholm: Department of Economic History and International Relations, Stockholm University, 2023. p. 45
Series
Stockholm Studies in International Relations, ISSN 2003-1343 ; 2023:1
Keywords
International cybersecurity, large-scale cyber incidents, securitization, cybersecurity governance
National Category
Political Science (excluding Public Administration Studies and Globalisation Studies)
Research subject
International Relations
Identifiers
urn:nbn:se:su:diva-215733 (URN)978-91-8014-262-5 (ISBN)978-91-8014-263-2 (ISBN)
Public defence
2023-06-02, hörsal 11, hus F, Universitetsvägen 10 F, Stockholm, 13:00 (English)
Opponent
Supervisors
Available from: 2023-05-10 Created: 2023-03-24 Last updated: 2023-04-24Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Backman, Sarah

Search in DiVA

By author/editor
Backman, Sarah
Political Science (excluding Public Administration Studies and Globalisation Studies)

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 174 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf