Unscripted Practices for Uncertain Events: Organizational Problems in Cybersecurity Incident Management

IF 3.1 2区社会学 Q1 SOCIAL ISSUES

Science Technology & Human Values Pub Date : 2024-04-09 DOI:10.1177/01622439241240411

Ashwin Jacob Mathew

{"title":"Unscripted Practices for Uncertain Events: Organizational Problems in Cybersecurity Incident Management","authors":"Ashwin Jacob Mathew","doi":"10.1177/01622439241240411","DOIUrl":null,"url":null,"abstract":"Scripts can help us understand the designer–user relationship, by offering analysis of designers’ intent in technological objects and examination of users’ behaviors through willingness (and unwillingness) to take on scripts. But how are we to understand these relationships in the context of cybersecurity, in the face of adversaries determined to gain unauthorized access to computer systems by actively subverting scripts? In effect, cybersecurity attacks involve re-scripting of computing systems to gain unauthorized access through unscripted features of these systems. Cybersecurity attacks are always uncertain events: attackers can never be certain when re-scripting will be successful, and defenders can never be certain when or where to expect an attack, as unscripted features are difficult to know until they are exploited. In this paper, I study practices of cybersecurity incident response to examine how cybersecurity engineers respond to the novel attacks they encounter daily. I show how these are fundamentally unscripted practices emerging in response to unstable scripts, structured through the uncertainties inherent in cybersecurity engineering practice. The improvised practices and changing networks of social relations which I trace demonstrate the limits of stable scripts and provide new tools for analyzing unstable scripts.","PeriodicalId":48083,"journal":{"name":"Science Technology & Human Values","volume":null,"pages":null},"PeriodicalIF":3.1000,"publicationDate":"2024-04-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Science Technology & Human Values","FirstCategoryId":"90","ListUrlMain":"https://doi.org/10.1177/01622439241240411","RegionNum":2,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"SOCIAL ISSUES","Score":null,"Total":0}

引用次数: 0

Abstract

Scripts can help us understand the designer–user relationship, by offering analysis of designers’ intent in technological objects and examination of users’ behaviors through willingness (and unwillingness) to take on scripts. But how are we to understand these relationships in the context of cybersecurity, in the face of adversaries determined to gain unauthorized access to computer systems by actively subverting scripts? In effect, cybersecurity attacks involve re-scripting of computing systems to gain unauthorized access through unscripted features of these systems. Cybersecurity attacks are always uncertain events: attackers can never be certain when re-scripting will be successful, and defenders can never be certain when or where to expect an attack, as unscripted features are difficult to know until they are exploited. In this paper, I study practices of cybersecurity incident response to examine how cybersecurity engineers respond to the novel attacks they encounter daily. I show how these are fundamentally unscripted practices emerging in response to unstable scripts, structured through the uncertainties inherent in cybersecurity engineering practice. The improvised practices and changing networks of social relations which I trace demonstrate the limits of stable scripts and provide new tools for analyzing unstable scripts.

查看原文本刊更多论文

针对不确定事件的无脚本做法：网络安全事件管理中的组织问题

脚本可以帮助我们理解设计者与用户之间的关系，它可以分析设计者在技术对象中的意图，并通过用户是否愿意（或不愿意）使用脚本来研究用户的行为。但是，在网络安全的背景下，面对那些决心通过积极颠覆脚本来未经授权访问计算机系统的对手，我们又该如何理解这些关系呢？实际上，网络安全攻击涉及对计算机系统重新编写脚本，以通过这些系统未编写脚本的功能获得未经授权的访问。网络安全攻击始终是不确定的事件：攻击者永远无法确定重写脚本何时会成功，而防御者也永远无法确定何时何地会受到攻击，因为未编写脚本的功能在被利用之前是难以知晓的。在本文中，我研究了网络安全事件响应的实践，以考察网络安全工程师如何应对他们每天遇到的新型攻击。我展示了这些从根本上讲是如何通过网络安全工程实践中固有的不确定性，在应对不稳定脚本时出现的无脚本实践。我所追踪的即兴实践和不断变化的社会关系网络证明了稳定脚本的局限性，并为分析不稳定脚本提供了新的工具。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Science Technology & Human Values SOCIAL ISSUES-

CiteScore

7.70

自引率

6.50%

发文量

期刊介绍： As scientific advances improve our lives, they also complicate how we live and react to the new technologies. More and more, human values come into conflict with scientific advancement as we deal with important issues such as nuclear power, environmental degradation and information technology. Science, Technology, & Human Values is a peer-reviewed, international, interdisciplinary journal containing research, analyses and commentary on the development and dynamics of science and technology, including their relationship to politics, society and culture.