Assembling cybersecurity: The politics and materiality of technical malware reports and the case of Stuxnet

Abstract

This is an article about how cybersecurity gets “made,” with a focus on the role of commercial computer security firms in generating knowledge in matters of international cybersecurity. The argument is two-fold. Firstly, malware may be an intangible artefact in some ways, but its success and its interpretation as malware is deeply interwoven in social, technical, and material alliances. Secondly, a materialist-minded examination of Symantec’s Stuxnet reports will demonstrate the politically situated nature of how cybersecurity expertise emerges. The article finds that Symantec’s work was not a-political or neutrally-technical: Their experts made profoundly political choices in their analyses. By showing the processes that go into making cybersecurity, the article contributes to a widening and deepening of debates about what is at stake in cybersecurity knowledge and practices.