Cybersecurity is a complex and contested issue in international politics. By focusing on 'great powers' - the US, the EU, Russia and China - studies in the field often fail to capture the specific politics of cybersecurity in the Middle East, especially in Egypt and the GCC states. Drawing on new interviews and original fieldwork, James Shires shows how the label of cybersecurity is repurposed by states, companies and other organisations to encompass a variety of concepts, including state conflict, targeted spyware, domestic information controls and foreign interference through leaks and disinformation.
Intro -- Half Title -- Title -- Copyright -- Contents -- Acknowledgments -- List of Tables -- Note on Transliteration -- Introduction -- 1. Connecting Cybersecurity and Middle East Politics -- 2. The Middle East in Global Cybersecurity -- 3. Cyber Conflict -- 4. Targeted Surveillance -- 5. Information Controls -- 6. Foreign Interference -- Conclusion -- List of Acronyms and Abbreviations -- Notes -- Bibliography -- Index -- Back Cover.
Access options:
The following links lead to the full text from the respective local libraries:
This article applies the concept of ritual to cybersecurity expertise, beginning with the cybersecurity "skills gap": the perceived lack of suitably qualified professionals necessary to tackle contemporary cybersecurity challenges. It proposes that cybersecurity expertise is best understood as a skilled performance which satisfies decision-makers' demands for risk management. This alternative understanding of cybersecurity expertise enables investigation of the types of performance involved in key events which congregate experts together: cybersecurity conferences. The article makes two key claims, which are empirically based on participant observation of cybersecurity conferences in the Middle East. First, that cybersecurity conferences are ritualized activities which create an expert community across international boundaries despite significant political and social differences. Second, that the ritualized physical separation between disinterested knowledge-sharing and commercial advertisement at these conferences enacts an ideal of "pure" cybersecurity expertise rarely encountered elsewhere, without which the claims to knowledge made by cybersecurity experts would be greatly undermined. The approach taken in this article is thus a new direction for cybersecurity research, with significant implications for other areas of international politics.
This article applies the concept of ritual to cybersecurity expertise, beginning with the cybersecurity "skills gap": the perceived lack of suitably qualified professionals necessary to tackle contemporary cybersecurity challenges. It proposes that cybersecurity expertise is best understood as a skilled performance which satisfies decision-makers' demands for risk management. This alternative understanding of cybersecurity expertise enables investigation of the types of performance involved in key events which congregate experts together: cybersecurity conferences. The article makes two key claims, which are empirically based on participant observation of cybersecurity conferences in the Middle East. First, that cybersecurity conferences are ritualized activities which create an expert community across international boundaries despite significant political and social differences. Second, that the ritualized physical separation between disinterested knowledge-sharing and commercial advertisement at these conferences enacts an ideal of "pure" cybersecurity expertise rarely encountered elsewhere, without which the claims to knowledge made by cybersecurity experts would be greatly undermined. The approach taken in this article is thus a new direction for cybersecurity research, with significant implications for other areas of international politics.
Offensive cyber capabilities (OCCs) are the combination of people, technologies, and organizational attributes that jointly enable offensive cyber operations: the adversarial manipulation of digital services or networks. Most works on OCCs focus on their (de-)escalatory potential in terms of diplomatic tension, instability, or power. This article argues for a re-orientation toward the normatively prior question of their relative violence. It asks: how are OCCs integrated into violent state capacities and what are the consequences? The article proposes three logics of integration by which OCCs are included in violent state actions, in both repressive and interstate situations. These logics—substitution, support, and complement—weigh the benefits of using OCCs against an adversary instead of, as part of, and in addition to other means of violence, respectively. The article argues that the violence of OCCs depends on two things: first, whether one adopts a narrowly physical or a more expansive definition of violence and, second, which logic of integration governs their use. On a narrow definition of violence, substitutive and supportive uses of OCCs are less likely to be violent than conventional alternatives, and complementary uses of OCCs are not violent at all. On a wider definition, both substitutive and supportive uses of OCCs can lead to more violence than conventional alternatives, while complementary uses of OCCs are highly likely to increase violence overall. Acknowledging the different logics of integration for OCCs, and understanding their violent effects, has important analytical and policy benefits for global security studies.
Abstract Offensive cyber capabilities (OCCs) are the combination of people, technologies, and organizational attributes that jointly enable offensive cyber operations: the adversarial manipulation of digital services or networks. Most works on OCCs focus on their (de-)escalatory potential in terms of diplomatic tension, instability, or power. This article argues for a re-orientation toward the normatively prior question of their relative violence. It asks: how are OCCs integrated into violent state capacities and what are the consequences? The article proposes three logics of integration by which OCCs are included in violent state actions, in both repressive and interstate situations. These logics—substitution, support, and complement—weigh the benefits of using OCCs against an adversary instead of, as part of, and in addition to other means of violence, respectively. The article argues that the violence of OCCs depends on two things: first, whether one adopts a narrowly physical or a more expansive definition of violence and, second, which logic of integration governs their use. On a narrow definition of violence, substitutive and supportive uses of OCCs are less likely to be violent than conventional alternatives, and complementary uses of OCCs are not violent at all. On a wider definition, both substitutive and supportive uses of OCCs can lead to more violence than conventional alternatives, while complementary uses of OCCs are highly likely to increase violence overall. Acknowledging the different logics of integration for OCCs, and understanding their violent effects, has important analytical and policy benefits for global security studies.
AbstractTransformations in state violence are intimately associated with technological capacity. Like previous era-defining technologies, global digital networks have changed state violence. Offensive cyber capabilities (OCCs) appear to constitute a major technological development that offers the potential for reducing state violence. This article asks: are OCCs really the better angels of our digital nature? Current scholarship in strategic studies, adopting a narrow definition of violence, conceives of OCCs as largely non-violent. This ignores how technology has given rise to new forms of harm to individuals and communities, particularly in the context of violent state repression. We propose using an expanded definition of violence, including affective and community harms, and argue that OCCs relocate, rather than reduce, state violence towards non-bodily harms. Even though their lethal effects are limited, OCCs are not, as is supposed, a non-violent addition to state arsenals. This conclusion has important implications for international affairs, including re-orienting defensive cybersecurity efforts and altering calculations around the perception of OCCs by adversaries.
This article discusses a problem that has received scant attention in literature: microtargeted propaganda by foreign actors. Microtargeting involves collecting information about people, and using that information to show them targeted political advertisements. Such microtargeting enables advertisers to target ads to specific groups of people, for instance people who visit certain websites, forums, or Facebook groups. This article focuses on one type of microtargeting: microtargeting by foreign actors. For example, Russia has targeted certain groups in the US with ads, aiming to sow discord. Foreign actors could also try to influence European elections, for instance by advertising in favour of a certain political party. Foreign propaganda possibilities existed before microtargeting. This article explores two questions. In what ways, if any, is microtargeted propaganda by foreign actors different from other foreign propaganda? What could lawmakers in Europe do to mitigate the risks of microtargeted propaganda?
This article discusses a problem that has received scant attention in literature: microtargeted propaganda by foreign actors. Microtargeting involves collecting information about people, and using that information to show them targeted political advertisements. Such microtargeting enables advertisers to target ads to specific groups of people, for instance people who visit certain websites, forums, or Facebook groups. This article focuses on one type of microtargeting: microtargeting by foreign actors. For example, Russia has targeted certain groups in the US with ads, aiming to sow discord. Foreign actors could also try to influence European elections, for instance by advertising in favour of a certain political party. Foreign propaganda possibilities existed before microtargeting. This article explores two questions. In what ways, if any, is microtargeted propaganda by foreign actors different from other foreign propaganda? What could lawmakers in Europe do to mitigate the risks of microtargeted propaganda?
