Cybersecurity Flashcards
1
Q
What is 1 definition of cybersecurity?
A
“All activities necessary to protect cyberspace, its users, and impacted persons from cyber threats”
ENISA
2
Q
What is actor-network theory?
A
- Treats both human and non-human entities (such as software, algorithms, and institutions) as “actors” within a network
- These actors interact and influence each other, collectively shaping cybersecurity practices
- All elements are considered equally important in shaping cybersecurity outcomes.
- It rejects the separation between social and technical factors
3
Q
Case study: Lebanon pager attack
A
- 2024
- Thousands of pagers and walkie-talkies used by Hezbollah operatives in Lebanon and Syria were rigged with explosives and detonated remotely
- The attacks resulted in at least 42 deaths, including civilians, and injured over 3,000 individuals
4
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Key arguments
A
- The relation between cybersecurity and the question of security
- The best conceptual framework to address cybersecurity
- Intersections of cybersecurity with war, terrorism, crime and societal security
- Multiple meanings and practices of cybersecurity
5
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Argument - the relation between cybersecurity and the question of security
A
- Cybersecurity should not be exclusively viewed through the lens of national security or military actions but rather as part of a broader sociopolitical landscape
- Cybersecurity incidents (such as Stuxnet) are framed as active agents that influence political interventions
- Emphasise the need to consider threats as being fluid and dynamic, operating within and across various spaces
- This approach complicates the traditional binary views of security by suggesting a relational perspective, where threats and responses shape one another within a network of actors and institutions
6
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Argument - the best conceptual framework to address cybersecurity
A
- Advocate for the use of actor-network theory as a conceptual framework to analyse cybersecurity more effectively
- ANT allows for a nuanced understanding of the interplay between actors (human and nonhuman), materials and the spatial dimensions of cybersecurity practices
- ANT’s emphasis on the relational aspects of power and the dynamic nature of networks provide insight into how cybersecurity incidents operate and influence policies and perceptions
- By applying ANT, malware is not just a threat but an active participant in shaping the cybersecurity landscape
7
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Argument - intersection of cybersecurity with war, terrorism, crime and societal security
A
- the interpretation of Stuxnet positions it as an act of cyber warfare because it deliberately targeted Iran’s nuclear programme while symbolising broader geopolitical tensions
- Cyber threats blur the lines between state and non-state actors
- Cyber incidents are not just perpetrated by state actors, but also from criminal and terrorist organisations, complicating traditional security responses
- This highlights how security is no longer confined to the state but encompasses a collective concern, where individuals and organisations are active contributors to the security landscape
8
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Argument - multiple meanings and practices of cybersecurity
A
- Cybersecurity embodies several meanings: protecting digital assets and information to ensure national security , protecting critical infrastructure and maintaining societal trust in technology
- this complicates policy formation and necessitates a diverse range of responses
- Existing arguments often view cybersecurity through a narrow lens, focusing distinctly on surveillance, censorship and cyber terrorism without addressing the broader socio-technical context that shapes these security practices
9
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
“Cyber-incidents have…”
A
“…multifaceted spatial effects”
10
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
“ANT assumptions on spatiality enable us to…”
A
“…characterise cybersecurity-incidents as active agents of change”
11
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Strengths
A
- Integration of ANT
- Understanding cyber incidents as active agents
- Focus on fluidity and network dynamics
- Broader implications for policy making
- International relations and securitisation
12
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Strength - integration of ANT
A
- the application of ANT provides a nuanced framework for understanding the relationships between different actors (human and nonhuman) in cybersecurity
- this allows us to see cyber threats as not merely technical problems but as phenomena shaped by social, political and material contexts - enhances our ability to comprehend complex international security issues in a digital age
13
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Strength - understanding cyber incidents as active agents
A
- By conceptualising cyber-incidents as active agents of change, Balzacq explains how these incidents can influence security policies
- This helps anticipate reactions to attacks and develop more effective defence strategies
14
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Strength - focus on fluidity and network dynamics
A
- The emphasis on fluidity disrupts established notions of territoriality and network stability, encouraging a re-evaluation of how security should be conceptualised in an age where boundaries are increasingly permeable
- This insight is vital to CSI, as it reflects the versatile and evolving nature of threats, enabling policymakers to adopt adaptive and responsive security strategies
15
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Strength - broader implications for policy making
A
- this intersection with political and technical aspects informs policymakers about the need for a multi-faceted approach to security that considers technological, social and political dimensions
16
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Strength - International relations and securitisation
A
- The argument that the making and practice of cyber-security are facilitated by broader political discourses allow for a better understanding of how states can construct and perceive threats in the cyber domain
- This is essential for assessing IR dynamics today, particularly how states justify actions in response to cyber threats
17
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Weaknesses
A
- Overemphasis on theoretical frameworks
- Insufficient addressing of human agency
- Challenges in operationalising fluidity
- Neglect of non-cyber factors
18
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Weakness - overemphasis on theoretical frameworks
A
- the reliance on ANT may lead to an epistemological bias that prioritises theoretical explorations over empirical analysis
- This could obscure practical realities and operational challenges faced by security practitioners who require actionable intelligence
19
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Weakness - insufficient addressing of human agency
A
- While acknowledging the role of non-human actants (like malware) is important, this underplays the significance of human agency in cyber incidents
- Cyber actors (hackers or state-sponsored groups) and their strategies play critical roles in shaping cyber threats
- This focus on non-human actants may lead to an incomplete understanding of how human decision-making impacts cyber-security outcomes
20
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Weakness - Challenges in operationalising fluidity
A
- The concept of fluidity presents challenges for actionable policy responses
- Security frameworks often require clear definitions, but the fluid nature of cyber incidents can hinder the development of consistent policy frameworks
21
Q
“A theory of actor-network for cyber-security” - Thierry Balzacq
Weakness - neglect of non-cyber factors
A
- the analysis underemphasises how external geopolitical factors (EG economic instability, social unrest) impacts cybersecurity dynamics
- this oversight may result in incomplete risk assessments and inadequate preparedness for multifaceted security challenges
22
Q
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Key arguments
A
- Relations between cybersecurity and the question of security
- Background, narrative, and origin of cybersecurity
- The best conceptual framework
- Intersections of cybersecurity with war, terrorism, crime and societal security
- Unpacking the multiple meanings and practices of cyber-security
23
Q
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Argument - relation between cybersecurity and the question of security
A
- while there is widespread belief in the potential of cyber warfare to serve as a substitute for military force, empirical evidence suggests this view may be overstated
EG:
- Tactical vs strategic value: the text emphasises that past cyber operations by Russia have not significantly impacted Ukraine’s military effectiveness
- This challenges the notion that cyber strike can replace conventional military tactics
24
Q
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Argument - background, narratives and origin of cybersecurity
A
- Over the past 8 years, Russia has conducted various cyber operations against Ukraine, from election interference to critical infrastructure sabotage
- However these strategies largely failed to compel Ukraine to abandon its pro-western orientation
25
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Argument - the best conceptual framework to address cybersecurity
- Complementarity vs Standalone operations: 3 perspectives on cyber operations:
1. As substitutes for military force, achieving similar strategic ends
2. As complements to military force, providing support without having a significant standalone impact
3. As independent actors in grey zone conflicts
26
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Argument - intersections of cybersecurity with war, terrorism, crime and societal security
1. Cyber warfare and military conflicts:
- Russia’s reliance on conventional military force, despite its cyber capabilities, highlights the limitations of cyber operations in achieving strategic objectives
2. Cyber terrorism and cyber crime:
- Acknowledges that the same cyber operations could also manifest in other forms of aggression, potentially impacting societal security
- The disruption caused by attacks (EG the NotPetya ransomware incident) illustrates unintentional spillover effects that can have wider consequences
27
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
“Exaggerated fears of hypothetical cyber strikes…distract from…”
“…the clear observable threat of invasion”
28
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Strengths
1. Evidence based approach
2. Distinction between theory and practice
3. Understanding of cyber operations as complementary vs standalone tools
29
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Strength - evidence based approach
- The arguments are grounded in empirical data and historical evidence, notably the case of Ukraine
- This allows policymakers to make informed decisions rather than relying on fear-based rhetoric or hypothetical scenarios
- Highlights the importance of real-world effectiveness in cybersecurity operations and informs strategic planning that prioritises reliable capabilities over inflated cyber threat perceptions
30
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Strength - distinction between theory and practice
- Emphasises the need to distinguish between theoretical possibilities of cyber operations and their practical implementation and effectiveness
- This is critical as it encourages a realistic assessment of capabilities
- Understanding these limits helps organisations allocate resources more effectively and avoids the pitfalls of overestimating cyber capabilities, leading to a more robust and resilient cybersecurity framework
31
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Strength - understanding of cyber operations as complementary vs standalone tools
- Examines the role that cyber operations play, whether as complements to military force or as standalone tools
- By clarifying the functions of cyber operations, stakeholders can better integrate cybersecurity strategies into overall defence frameworks
- This informs the development of policies that address cyber threats in conjunction with traditional military strategies, enhancing collective security measures
32
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Weaknesses
1. Underestimation of Cyber Operations’ Evolving nature
2. Narrow focus on state actors
3. Limited consideration of psychological and social impact
33
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Weakness - underestimation of cyber operations’ evolving nature
- Frames cyber operations as largely ineffective or irrelevant, suggesting that prior failures would predict future outcomes
- Overlooks the rapid advancement in cyber capabilities and the increasing sophistication of cyber threats
- What may have been ineffective in the past could become relevant with new technologies or tactics
- By underestimating the potential for evolution in cyber warfare, this may lead to complacency in preparedness and responsiveness -> Stakeholders could miss emerging threats
34
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Weakness - Narrow focus on state actors
- Largely focuses on state-sponsored cyber operations, particularly Russian actions against Ukraine, and does not sufficiently address the role of non-state actors and transnational cyber threats
- In contemporary cybersecurity discussions, non-state actors such as criminal organisations and terrorist groups are increasingly influential
= their motivations and operational strategies differ significantly from state actors
- This narrow focus may lead to an incomplete understanding of the cybersecurity landscape -> Ignoring non-state threats can result in insufficient policy and resource allocation to counter these actors
35
“There is no cyber ‘shock and awe’: plausible threats in the Ukrainian conflict” - Lennart Mascheymer and Nadiya Kostyuk
Weakness - Limited consideration of psychological and social impact
- The arguments primarily assess the strategic and tactical implications of cyber operations without addressing their psychological and societal effects on populations and institutions
- Cyber operations can have significant psychological effects, including undermining public trust, creating societal chaos, and influencing perceptions of security
- By not considering the broader societal implications of cyber operations, the analysis underrepresents the potential for cyber activities to destabilise societies, influence politics, or provoke public fear.
