PhD Thesis | Malware Ecologies

Malware Ecologies: A Politics of Cybersecurity

My doctoral research considered how we conceptualise malware and computation to its relation to its analysis, detection, and curation and how this intersects with popular cultures, politics, and international relations. This was primarily considered through (auto)ethnographic work in a malware analysis laboratory, and draws upon several case study malware forms to explore how malware can re-render security itself. The thesis engaged with malware in order to challenge how cybersecurity is negotiated and practised and, in the process, rethink how cyberspace is a place for the formation of the political.


The official link to my thesis at the University of Oxford is here. Please cite from this location.

You can also access my thesis hosted on this website here.


Computation, in popular imaginations, is at perennial risk of infection from the tools of nefarious hackers, commonly referred to as malware. Today, malware pervade and perform a crucial and constitutive role in the insecurities of contemporary life from financial transactions, to ‘critical national infrastructures’ – such as electricity, water, and transportation – to devices in our ‘smart’ homes and cities, and even to potential ‘cyberwar.’ Yet, critical security research has rarely turned its attention to malware. In contrast, I explore malware and their politics, situated and extended beyond, an (auto)ethnographic study of the malware analysis laboratory of the UK endpoint protection business, Sophos. I argue that malware are currently processed through a patho-logic that conflate organic and non-organic materialities, permitting analogies between biology and computation, and are generative of particular forms of security that relegate malware to the intent of their authors. I explore how endpoint protection businesses are imbibed with these logics in order to attend to how malware are analysed, detected, and curated beyond them. By drawing on my method of ‘becoming-analyst,’ I critically reflect on how malware become known, are responded to by ad hoc political groups, and can assist in rethinking the role of computational agency in geography, international relations, security studies, and beyond. I instead conceive of malware as performative political actors making limited choices in broader computational ecologies. I therefore advocate for an eco-logical repositioning of malware, where cyberspace is not simply a neutral domain; but is central to the formation of choice that gives space for malware to be political. With four cases – ConfickerStuxnetthe Dukes, and WannaCry / (Not)Petya – I write new stories on how malware are encountered and dealt with in the twenty-first century. In doing so, I challenge contemporary discourses of cybersecurity to ask if conventional notions of who and what (per)form security are adequate, and how these are reconfigured through a radical ‘more-than-human’ politics, where malware are not just objects of security, but are active participants in its production and negotiation.