Approaching the international perspective on cybersecurity
OCSC: Dear Dr. Slayton, based on your research at the intersection of technology and policy, could you highlight some key ways in which the international approach to cybersecurity has changed in response to new technological realities?
Dr. Rebecca Slayton: This is a great question. The answer likely depends on what we mean by things like “international approach,” “cybersecurity,” and “technological realities”. My research has generally focused on how state and non-state approaches to international cybersecurity are actively shaping technological realities, rather than the reverse. For example, U.S. policies towards foreign companies like Kaspersky are reportedly reducing Kaspersky’s sales in North America [2], while increasing sales in Russia. While I have yet to see solid numbers, it is likely that the Russian invasion of Ukraine in 2022 is exacerbating this trend. Similarly, the U.S. Chips Act offers U.S. companies ample funding for semiconductor manufacturing, on the condition that they not expand manufacturing in China. The Forum of Incident Response and Security Teams (FIRST) recently was forced to suspend the membership of Huawei and other Chinese companies over changes to U.S. export control policies. These are just a few of the ways in which international conflict is shaping the ways that technologies are produced, maintained, and used.
OCSC: Given your insights into the 'smart' grid, what are some of the cybersecurity challenges that this innovation presents, and how might they inform broader security practices and collaborations, including those related to incident management?
Dr. Rebecca Slayton: Smart grid means different things to different people, but the general trend towards digitizing and networking “operational technology”—that is, systems that control physical processes, like the electrical grid, manufacturing plants, or transportation infrastructure—comes with unique security challenges. For well over a decade, engineers have been trying to close the “gap” between operational technology (OT) and information technology (IT). The practices commonly used to secure office computers and networks such as frequent software updates and stringent password management practices are more difficult to implement in operational technology, which typically operates 24/7 and can create physical hazards. Operators of these physical systems achieve reliable operation by minimizing the changes that are so often needed to secure software. They are also wary of tough passwords that could leave them locked out in an emergency.
OCSC: How does Incident Response itself apply to it?
Dr. Rebecca Slayton: “Incident response” is more general than and actually precedes the establishment of cybersecurity incident response. Technically it includes the long-standing concerns of workers in operational technology, who must respond to potentially hazardous physical malfunctions on short notice. Identifying this commonality may be one way of helping bridge the gap.
OCSC: Does this gap have wider implications?
Dr. Rebecca Slayton: More broadly, the “gap” between OT and IT is a reminder of the need for respectful collaboration between organizations and cultures that may not share the same understanding of what security means. Cybersecurity incident responders have recognized the need for collaboration across diverse organizational and cultural contexts since their work was first institutionalized in the late 1980s. [1] However, the dominant discourse of incident response, with its emphasis on a shared interest in “security,” often elides different understandings of what security means. This becomes most obvious in the context of nation-state conflicts, when incident responders from one nation are sometimes obligated to follow different security practices than those from another. Would it be helpful to more clearly articulate where different visions of security align and misalign? Or is it easier to leave that as a space of strategic ambiguity? I’d be interested in hearing how people in the field think about such questions.
OCSC: How do you perceive the role of conferences like OCSC in shaping cybersecurity professionals, and what practical impacts do you believe could emerge from these collaborative platforms?
Dr. Rebecca Slayton: My observation is that all new and important initiatives in cybersecurity have emerged from relationships between people, typically forged in face-to-face interactions. So, meetings like the Open Cyber Security Conference are essential for building trust and creative solutions to contemporary security problems.
OCSC: Thank you very much Rebecca and see you soon in Tenerife for OCSC24!
Dr. Rebecca Slayton: Thanks, see you there!
Interesting reads:
[1] Slayton, R., & Clarke, B. (2020). Trusting Infrastructure: The Emergence of Computer Security Incident Response, 1989–2005. Technology and Culture 61(1), 173-206.
https://doi.org/10.1353/tech.2020.0036.
https://preprint.press.jhu.edu/tec/sites/default/files/Slayton_Clarke_preprint.pdf