Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Making Sense of Large-scale Cyber Incidents: International Cybersecurity Beyond Threat-based Security Perspectives
Stockholm University, Faculty of Social Sciences, Department of Economic History and International Relations.ORCID iD: 0000-0001-8174-4009
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Large-scale cyber incidents have figured prominently in securitizing speech acts over the last decade. This thesis demonstrates how conceptualizations of cybersecurity as a public security problem connects to and shapes cybersecurity governance in national and international settings. It explores how theoretical lenses drawn from the securitization, riskification, crisis and socio-technical systems literatures can improve our understanding of the phenomena of large-scale cyber incidents, and how such incidents are interpreted by key actors. The thesis includes four articles comprising case studies which utilize in-depth interviews, text analysis and discourse analysis. The findings reveal a steady development towards an increasingly threat-based security logic in both national and international cyber policy settings. The case studies also highlight the volatile nature of malware proliferation, the tendency of collateral damage from directed cyberattacks, the transboundary characteristics of large-scale cyber incidents, and the central role of civil contingencies actors and the private sector in cybersecurity governance. The implications of these findings are discussed in relation to the increasing securitization and militarization of cyberspace. Overall, this thesis contributes to our understanding of how cybersecurity is constructed as a security problem in theory and practice, and it employs analytical approaches which facilitate the exploration of international cybersecurity along more than just traditional ‘hard’ security lines.

Place, publisher, year, edition, pages
Stockholm: Department of Economic History and International Relations, Stockholm University , 2023. , p. 45
Series
Stockholm Studies in International Relations, ISSN 2003-1343 ; 2023:1
Keywords [en]
International cybersecurity, large-scale cyber incidents, securitization, cybersecurity governance
National Category
Political Science (excluding Public Administration Studies and Globalisation Studies)
Research subject
International Relations
Identifiers
URN: urn:nbn:se:su:diva-215733ISBN: 978-91-8014-262-5 (print)ISBN: 978-91-8014-263-2 (electronic)OAI: oai:DiVA.org:su-215733DiVA, id: diva2:1745765
Public defence
2023-06-02, hörsal 11, hus F, Universitetsvägen 10 F, Stockholm, 13:00 (English)
Opponent
Supervisors
Available from: 2023-05-10 Created: 2023-03-24 Last updated: 2023-04-24Bibliographically approved
List of papers
1. Making Sense of Large-scale Cyber Incidents: International Cybersecurity Beyond Theat-based Approaches
Open this publication in new window or tab >>Making Sense of Large-scale Cyber Incidents: International Cybersecurity Beyond Theat-based Approaches
(English)Manuscript (preprint) (Other academic)
Abstract [en]

Large-scale cyber incidents have figured prominently in (cyber)securitizing speech acts over the last decade. This thesis demonstrates how conceptualizations of cybersecurity as a public security problem connects to and shapes cybersecurity governance in national and international settings. It also explores how theoretical lenses drawn from the securitization, riskification, crisis and socio-technical systems literatures can improve our understanding of the phenomena of large-scale cyber incidents, and how such incidents are interpreted by key actors. The thesis includes four articles comprising case studies which utilize in-depth interviews, text analysis and discourse analysis. The findings reveal a steady development towards an increasingly threat-based security logic in both national and international cyber policy settings. The case studies also highlight the volatile nature of malware proliferation, the tendency of collateral damage from directed cyberattacks, the transboundary characteristics of large-scale cyber incidents, and the central role of civil contingencies actors and the private sector in cybersecurity governance. Implications of these findings are discussed in relation to the increasing securitization and militarization of cyberspace. Overall, this thesis contributes to our understanding of how cybersecurity is constructed as a security problem in theory and practice, and employs analytical approaches which facilitate the exploration of international cybersecurity along more than just traditional ‘hard’ security lines.

Keywords
International cybersecurity, large-scale cyber incidents, securitization, cybersecurity governance
National Category
Social Sciences
Research subject
International Relations
Identifiers
urn:nbn:se:su:diva-215732 (URN)
Available from: 2023-03-24 Created: 2023-03-24 Last updated: 2023-03-24
2. Risk vs. threat-based cybersecurity: the case of the EU
Open this publication in new window or tab >>Risk vs. threat-based cybersecurity: the case of the EU
2023 (English)In: European Security, ISSN 0966-2839, E-ISSN 1746-1545, Vol. 32, no 1, p. 85-103Article in journal (Refereed) Published
Abstract [en]

In a relatively short time, cybersecurity has risen to become one of the EU's security priorities. While the institutionalisation of EU-level cybersecurity capacities has been substantial since the first EU cybersecurity strategy was published, previous research has also identified resistance from member states to allow the EU to have more control over their cybersecurity activities. Despite a growing literature on EU cybersecurity governance, there are currently extensive gaps in the understanding of this tension. This study suggests that an explanatory factor can be found in the so-far overlooked dynamic of the relative prevalence of risk vs. threat-based security logics in the EU cybersecurity approach. By distinguishing between risk and threat-based logics in the development of the EU cybersecurity discourse over time, this study highlights a shift towards an increasing threat-based security logic in the EU cybersecurity approach. The identified development highlights securitising moves enacting to a larger extent than before objects and subjects of security traditionally associated with national security. The study identifies specific areas of member state contestation accompanying this shift and concludes with a discussion on the findings in relation to the development of the EU as a security actor in the wider international cybersecurity landscape.

Keywords
Cybersecurity, European Union, securitisation, riskification
National Category
Other Social Sciences
Identifiers
urn:nbn:se:su:diva-205184 (URN)10.1080/09662839.2022.2069464 (DOI)000792672700001 ()2-s2.0-85129713155 (Scopus ID)
Available from: 2022-05-31 Created: 2022-05-31 Last updated: 2023-03-24Bibliographically approved
3. The European Union's capacities for managing crises
Open this publication in new window or tab >>The European Union's capacities for managing crises
2018 (English)In: Journal of Contingencies and Crisis Management, ISSN 0966-0879, E-ISSN 1468-5973, Vol. 26, no 2, p. 261-271Article in journal (Refereed) Published
Abstract [en]

This article draws on a comprehensive new data set of crisis management capacities at the European Union level to highlight key patterns in their development and use. Organised within the categories of detection, sense-making, decision-making, coordination, meaning-making, communication, and accountability, the data show considerable accumulation of capacities in detection and sense-making, while decision-making capacities lag behind. We find that most capacities are sector-oriented rather than cross-sectoral, and reside primarily within the European Commission rather than other EU institutions. Comparing the data to previous studies, we note that capacities overall are increasing and some are undergoing evolution; for example, horizon-scanning tools once limited to collecting information have increasingly been given an analytical, information enrichment function akin to sense-making.

National Category
Social Sciences Interdisciplinary
Identifiers
urn:nbn:se:su:diva-157991 (URN)10.1111/1468-5973.12190 (DOI)000434128600006 ()
Note

This article has been produced as part of the research agenda of the TRANSCRISIS project funded by the Horizon 2020 Programme of the European Union (H2020-REFLECTIVE-7: 649484-TransCrisis). 

Available from: 2018-07-03 Created: 2018-07-03 Last updated: 2023-03-24Bibliographically approved
4. Conceptualizing cyber crises
Open this publication in new window or tab >>Conceptualizing cyber crises
2020 (English)In: Journal of Contingencies and Crisis Management, ISSN 0966-0879, E-ISSN 1468-5973, Vol. 29, no 4, p. 429-438Article in journal (Refereed) Published
Abstract [en]

Despite its rising relevance, the cyber crisis is a largely unexplored phenomenon empirically and conceptually. This article suggests that cyber crises can be understood specifically as transboundary crises. Through the comparative analysis of two cases of cyber crises, Estonia 2007 and UK 2017, the study investigates whether the time gap and the difference in cyberattack type between the cases (untargeted ransom-ware vs. targeted DDoS) correlate with variation in transboundary crisis features and crisis management challenges during the performance of central crisis management tasks in the national settings of the cases. The analysis identifies some variation be-tween  the  cases  in  terms  of  transboundary  crisis  features  but  finds  that  the  cases  entailed  similar  prominent  crisis  management  challenges  during  the  performance  of  central  crisis  management  tasks.  Implications  are  discussed  in  terms  of  how  to  advance our understanding of cyber crises and the practical strategic management requirements they entail.

National Category
Political Science Economic History
Identifiers
urn:nbn:se:su:diva-215679 (URN)10.1111/1468-5973.12347 (DOI)2-s2.0-85097819892 (Scopus ID)
Available from: 2023-03-23 Created: 2023-03-23 Last updated: 2023-10-27Bibliographically approved
5. Normal Cyber Accidents
Open this publication in new window or tab >>Normal Cyber Accidents
2023 (English)In: Journal of Cyber Policy, ISSN 2373-8871, Vol. 8, no 1, p. 114-130Article in journal (Refereed) Published
Abstract [en]

Several of the most serious cyber incidents affecting critical infrastructure to date have been the result of collateral damage, indirect effects, malware that ‘escaped’ their intended target and/or incontrollable malware proliferation. This tendency has so far been under-explored in the International Relations (IR) literature, and its potential implications largely overlooked. By focusing on the role of socio-technical system dynamics, this article aims to contribute to advancing our understanding of collateral (incidental) damage and unexpected consequences connected to offensive cyber operations. More specifically, it introduces an analytical framework based on Normal Accidents (NA) theory. The framework highlights dynamics which make complex systems more difficult to analyse and more prone to cascading failures. Its application is explored using in-depth interviews and empirical case examples of large-scale cyber incidents. The results highlight the difficulty of achieving controlled and precise effects when disrupting components in complex systems. The article concludes with a discussion on the need for renewed attention to escalatory risks connected to destructive offensive cyber. 

Keywords
Offensive cyber operations, Normal Accidents theory, cyber incidents
National Category
Political Science (excluding Public Administration Studies and Globalisation Studies)
Research subject
International Relations
Identifiers
urn:nbn:se:su:diva-215681 (URN)10.1080/23738871.2023.2281675 (DOI)
Available from: 2023-03-23 Created: 2023-03-23 Last updated: 2024-02-12

Open Access in DiVA

Making Sense of Large-scale Cyber Incidents: International Cybersecurity Beyond Threat-based Security Perspectives(1775 kB)911 downloads
File information
File name FULLTEXT01.pdfFile size 1775 kBChecksum SHA-512
01846909ad0acf95d7ebfbcdb6433b5a872371b70d6c2e9e3c3ffb1324303425a8653c5449b6e305ba12b9f80caf96465d9ca58c3ee796543bde6fccb528277a
Type fulltextMimetype application/pdf

Authority records

Backman, Sarah

Search in DiVA

By author/editor
Backman, Sarah
By organisation
Department of Economic History and International Relations
Political Science (excluding Public Administration Studies and Globalisation Studies)

Search outside of DiVA

GoogleGoogle Scholar
Total: 911 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 3480 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf