Unscripted Practices for Uncertain Events: Organizational Problems in Cybersecurity Incident Management

Ashwin Jacob Mathew

doi:10.1177/01622439241240411

Unscripted Practices for Uncertain Events: Organizational Problems in Cybersecurity Incident Management

Ashwin Jacob Mathew^*

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

2 Citations (Scopus)

11 Downloads (Pure)

Abstract

Scripts can help us understand the designer–user relationship, by offering analysis of designers’ intent in technological objects and examination of users’ behaviors through willingness (and unwillingness) to take on scripts. But how are we to understand these relationships in the context of cybersecurity, in the face of adversaries determined to gain unauthorized access to computer systems by actively subverting scripts? In effect, cybersecurity attacks involve re-scripting of computing systems to gain unauthorized access through unscripted features of these systems. Cybersecurity attacks are always uncertain events: attackers can never be certain when re-scripting will be successful, and defenders can never be certain when or where to expect an attack, as unscripted features are difficult to know until they are exploited. In this paper, I study practices of cybersecurity incident response to examine how cybersecurity engineers respond to the novel attacks they encounter daily. I show how these are fundamentally unscripted practices emerging in response to unstable scripts, structured through the uncertainties inherent in cybersecurity engineering practice. The improvised practices and changing networks of social relations which I trace demonstrate the limits of stable scripts and provide new tools for analyzing unstable scripts.

Original language	English
Pages (from-to)	827-850
Number of pages	24
Journal	Science, Technology and Human Values
Volume	49
Issue number	4
Early online date	9 Apr 2024
DOIs	https://doi.org/10.1177/01622439241240411
Publication status	E-pub ahead of print - 9 Apr 2024

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1177/01622439241240411Licence: CC BY-NC

Unscripted Practices for Uncertain_MATHEW_Publishedonline9April2024_GOLD_VoR (CC BY-NC)Final published version, 297 KBLicence: CC BY-NC

Cite this

@article{5a653c8f0bf143dd8d9f2a943f142721,

title = "Unscripted Practices for Uncertain Events: Organizational Problems in Cybersecurity Incident Management",

abstract = "Scripts can help us understand the designer–user relationship, by offering analysis of designers{\textquoteright} intent in technological objects and examination of users{\textquoteright} behaviors through willingness (and unwillingness) to take on scripts. But how are we to understand these relationships in the context of cybersecurity, in the face of adversaries determined to gain unauthorized access to computer systems by actively subverting scripts? In effect, cybersecurity attacks involve re-scripting of computing systems to gain unauthorized access through unscripted features of these systems. Cybersecurity attacks are always uncertain events: attackers can never be certain when re-scripting will be successful, and defenders can never be certain when or where to expect an attack, as unscripted features are difficult to know until they are exploited. In this paper, I study practices of cybersecurity incident response to examine how cybersecurity engineers respond to the novel attacks they encounter daily. I show how these are fundamentally unscripted practices emerging in response to unstable scripts, structured through the uncertainties inherent in cybersecurity engineering practice. The improvised practices and changing networks of social relations which I trace demonstrate the limits of stable scripts and provide new tools for analyzing unstable scripts.",

author = "Mathew, {Ashwin Jacob}",

note = "Publisher Copyright: {\textcopyright} The Author(s) 2024.",

year = "2024",

month = apr,

day = "9",

doi = "10.1177/01622439241240411",

language = "English",

volume = "49",

pages = "827--850",

journal = "Science, Technology and Human Values",

issn = "0162-2439",

publisher = "SAGE Publications Inc.",

number = "4",

}

TY - JOUR

T1 - Unscripted Practices for Uncertain Events

T2 - Organizational Problems in Cybersecurity Incident Management

AU - Mathew, Ashwin Jacob

PY - 2024/4/9

Y1 - 2024/4/9

N2 - Scripts can help us understand the designer–user relationship, by offering analysis of designers’ intent in technological objects and examination of users’ behaviors through willingness (and unwillingness) to take on scripts. But how are we to understand these relationships in the context of cybersecurity, in the face of adversaries determined to gain unauthorized access to computer systems by actively subverting scripts? In effect, cybersecurity attacks involve re-scripting of computing systems to gain unauthorized access through unscripted features of these systems. Cybersecurity attacks are always uncertain events: attackers can never be certain when re-scripting will be successful, and defenders can never be certain when or where to expect an attack, as unscripted features are difficult to know until they are exploited. In this paper, I study practices of cybersecurity incident response to examine how cybersecurity engineers respond to the novel attacks they encounter daily. I show how these are fundamentally unscripted practices emerging in response to unstable scripts, structured through the uncertainties inherent in cybersecurity engineering practice. The improvised practices and changing networks of social relations which I trace demonstrate the limits of stable scripts and provide new tools for analyzing unstable scripts.

AB - Scripts can help us understand the designer–user relationship, by offering analysis of designers’ intent in technological objects and examination of users’ behaviors through willingness (and unwillingness) to take on scripts. But how are we to understand these relationships in the context of cybersecurity, in the face of adversaries determined to gain unauthorized access to computer systems by actively subverting scripts? In effect, cybersecurity attacks involve re-scripting of computing systems to gain unauthorized access through unscripted features of these systems. Cybersecurity attacks are always uncertain events: attackers can never be certain when re-scripting will be successful, and defenders can never be certain when or where to expect an attack, as unscripted features are difficult to know until they are exploited. In this paper, I study practices of cybersecurity incident response to examine how cybersecurity engineers respond to the novel attacks they encounter daily. I show how these are fundamentally unscripted practices emerging in response to unstable scripts, structured through the uncertainties inherent in cybersecurity engineering practice. The improvised practices and changing networks of social relations which I trace demonstrate the limits of stable scripts and provide new tools for analyzing unstable scripts.

UR - http://www.scopus.com/inward/record.url?scp=85190417133&partnerID=8YFLogxK

U2 - 10.1177/01622439241240411

DO - 10.1177/01622439241240411

M3 - Article

SN - 0162-2439

VL - 49

SP - 827

EP - 850

JO - Science, Technology and Human Values

JF - Science, Technology and Human Values

IS - 4

ER -

Unscripted Practices for Uncertain Events: Organizational Problems in Cybersecurity Incident Management

Abstract

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this