Back to search

SAMRISK-2-Samfunnssikkerhet og risiko

Cyber security, knowledge and practices (CYKNOW)

Alternative title: Cybersikkerhet, kunnskap og praksis (CYKNOW)

Awarded: NOK 12.0 mill.

With almost daily news reports of attacks on digital networks and data infrastructures, it has become clear that the rapidly increasing digitalization of modern society goes hand in hand with security challenges. While criminals use cyberattacks to enrich themselves, major powers increasingly see cyberspace as an arena for conflict, where offensive cyber operations to steal secrets or sabotage vital infrastructure of their adversaries have become a daily activity. On the other hand, there is little agreement on what cyber security is, how it is understood and practiced. While the cybersecurity industry frames the problem from a technical understanding that requires a technical solution in a kind of cat and mouse game between attacker and defender, politicians and strategists see this as a great power game where attack is often the best defense. These different interpretations of what cybersecurity is and how it can be achieved form the basis for CYKNOW. CYKNOW starts from the premise that what cybersecurity is, is not a given, but is rather an effect of various processes that configure different actors, practices, technologies and discourses. Configurations that consequently produce different ways of understanding, experiencing and practicing what we generally refer to as cybersecurity. In other words, cybersecurity is best understood as an ongoing process shaped by different elements that mutually transform each other. CYKNOW will promote better understanding of cyber security, as well as develop novel theoretical and methodological tools for cybersecurity research in particular. In addition to shifting the academic research agenda around cybersecurity and international politics, CYKNOW is designed to facilitate increased understanding between the technical and political environments, as well as to inform and expand political debates around cybersecurity and its implications.

With the rapid digitalization of modern societies, exploitation and attacks on digital networks is also surging. As a result, the security of digital systems, or cybersecurity, has become a priority for states and globally. Governments have recognized that protection of digital critical infrastructure and functions is a key national security task, as states increasingly weaponize digital code to intrude into one another’s networks. Still, decision-makers struggle to fully understand and comprehend the threat, and similarly face challenges when designing strategies and means to prevent, mitigate and respond to attacks. Familiar security frameworks and measures, such as defense and deterrence, appear outmoded in the rapidly evolving digital world. This knowledge gap is mirrored in the social science, where dominant theories and models treat cybersecurity as something objectively given, rather than the result of a sociotechnical process. As a consequence, cybersecurity remains academically elusive. This project will help fill this gap through a novel analytical framework that combines social science and technology studies. The aim is to explore how the digital threat landscape is understood among policy makers and engineers alike, how this knowledge is conveyed between them, and how particular cybersecurity policies and practices emerge as a result.

Funding scheme:

SAMRISK-2-Samfunnssikkerhet og risiko