Anticipation in Cyber-security

Abstract

Organisations, governments and users are increasingly vulnerable to cyberattacks, which effects may range from threatening the foundation of modern information society, to causing catastrophic failure of nation-wide critical infrastructure. As a result, a great deal of effort has been given to mitigating the risks stemming from cyber-attacks and has established the field of cyber-security. To defend against cyber-attacks, defenders are required to foresee threat actors’ actions some way in advance to implement protective means. This interdependency places anticipatory practice at the heart of cyber-security. Despite the importance of these activities, little work exists that considers the details of anticipatory practices in cyber-security. This chapter explores how a forward-looking stance and the use of that forwardlooking stance to affect a change in the present are a key concept and goal of cybersecurity. Literature on anticipation in cyber-security is reviewed and its importance illustrated through the use of a detailed case study. In this study, we draw upon empirical accounts of five cyber-threat analysts’ day-to-day practices to explore how futures are envisioned and used in the attempt to protect cyber-space. We find that anticipation of the future is, under different names, a wellconsidered stance in cyber-security that attracts attention from practitioners and theorists alike. The practices that were uncovered proved to be highly anticipatory in nature. Defenders take an “attack attitude, ” where they aim to envision possible future attack behaviours to inform their defence responses. Analysts engage in external and internal knowledge acquisition activities to obtain knowledge about the attack and defence space and anticipate the future. Yet, obtaining this knowledge presents a major challenge due to the ambiguity and amount of information available. We conclude that improving cyber-defenders’ anticipatory capabilities may enhance the overall sense-making process and improve decision-making.