A paper I co-authored with Coye Cheshire, “Risky Business: Social Trust and Community in the Practice of Cybersecurity for Internet Infrastructure”, has been accepted to HICSS 50, coming up in January 2017. I’m really happy to get these ideas out into the world, since they represent a really interesting set of directions that I’ve been evolving in my work. Here’s the abstract:
The security of computer networks and systems on the Internet is a growing and ongoing set of concerns for nation states, corporations, and individuals. Although substantial and valuable work is in progress to secure the hardware and software technologies of the Internet, less attention has been paid to the everyday practices of the people involved in maintaining this infrastructure. In this paper, we focus on issues in cybersecurity as they apply to computer networks, to show how effective practices of network security are premised upon social relationships of trust formed within communities of cybersecurity professionals, and enacted in the practice of cybersecurity. We describe three key cybersecurity problems that involve Internet infrastructural technologies: IP address hijacking, email spam, and DNS spoofing. Through our analysis of these three problems, we argue that social trust between people – not just assurances built into the underlying technologies – must be emphasized as a central aspect of securing Internet infrastructure.