PhD Research

Malware Ecologies: Disrupting the Geographies of Cyberspace and Cybersecurity

My research considers how we as humans can face a more-than-human other, namely, malware. This brings together strands of thought from the philosophers Deleuze, Foucault, Guattari, Serres among others into encounters with computer sciences, politics, international relations and geography. The aim of the thesis is to discover how we can think through malware to challenge how we do cybersecurity and indeed think of (cyber) spaces as similar to how space has always been constructed. Therefore an exploration of malware can help us comprehend both space and cybersecurity in alternative ways that may be productive to our engagement with malicious software.

Below is the current iteration of the abstract for my thesis:

Malicious software, oft abbreviated to malware, is affecting society at greater depth and frequency through our growing dependency on computing devices. To explore this form of maliciousness in our epoch, Andrew conducted an (auto)ethnographic study of a malware analysis lab in a process of ‘becoming-analyst’. This enables an exploration of three core tenets of how we collectively comprehend malware: in its analysis, detection, and curation. This triad enables a tracing of technical process, human intuition, and malware’s impact on the world, whilst appreciating that this is always a partial knowledge. With the support of five case study forms (Conficker, Dridex, Stuxnet, the Dukes, and WannaCry/Petya), Andrew asks how societies encounter and understand threats presented by malicious software in the 21st century. He argues this requires a new way of thinking about malware. This moves away from more traditional imaginaries that see malware as a defined object moving within existing networks, or as a kind of disease or virus infecting computer systems, to thinking of malware as part of a much broader cyber ecology. Thinking ecologically brings together everyday security practice, bureaucracy, emotion, government, software(s), analyst, air conditioning, and Twitter amongst others, showing that malware’s geographies extend far beyond the boundaries of what has previously been considered ‘virtual’ or ‘cyber’ space. This provides a platform to critique contemporary cybersecurity discourse to consider whether conventional notions of space and hence security are suitable, and in so doing, presenting malware ecologies as an alternative for cybersecurity theorisation.