Louise Marie Hurel is a PhD researcher in Data, Networks, and Society at the London School of Economics’ (LSE) Department of Media and Communications. Her research focuses on security expertise, cybersecurity imaginaries, and incident response. She holds an MSc in Media and Communications (Data and Society) from LSE and a BA in International Relations from the Pontifical Catholic University of Rio de Janeiro (PUC-Rio). Louise Marie also leads Igarapé Institute’s Digital Security Programme¬ – a think-and-do-tank focused on multidimensional security. Louise Marie is a member of the Advisory Board at the Global Forum of Cyber Expertise (GFCE) and Carnegie Endowment’s Partnership for Countering Influence Operations’ (PCIO). Louise Marie is interested in areas such as cybersecurity and Internet governance, platform and infrastructure studies, cyber norms, non-state actors, computer-mediated communication, critical security studies, risk, and STS.

Twitter: @LouMarieHSD

Website: www.louisemariehurel.com

Throughout the past years a new vocabulary and concepts emerged to describe the heightened levels of insecurity of interconnected systems (ranging from cyber-doom to digital Pearl Harbour). Buchanan notes that rather than realising an apocalyptic vision, “cyber attacks have become a low-grade yet persistent part of geopolitical competition” (2020:3), that is, they happen every day. Despite the high number of cyberattacks being publicly reported, defining what an “incident” is and what knowledge counts to configure it as such, remains a highly debated topic among scholars and practitioners. Independently of whether they are events, occurrences or activities, these definitions highlight the character of incidents as moments where insecurities and vulnerabilities become visible, registered, identified as such – no matter whether a particular incident resulted from intentional or unintentional action (malfunction, error). “Incident” often serves as a label, signifying a specific moment.

However, incidents are an inherent part of the governance and politics of infrastructures. Cyber incidents have become constant reminders that infrastructures are not run by themselves, rather they possess vulnerabilities, require maintenance and labour in order to operate. What is more, they are the object of public contestation (in cases such as the Colonial Pipeline), norms and international disputes. Drawing on the concept of ‘infrastructure inversion’ – that is, the process of questioning the taken for granted activities and work (Bowker, 1994) – this paper engages in a theoretical exercise of asking: how can infrastructural inversion contribute to the study of cybersecurity governance?  

With that in mind, the paper will draw on the Conficker Worm – a well-registered incident that has been extensively reported by different specialists from both public and private sectors – to discuss the role of incidents as part of infrastructural inversion, and the political contingencies present in the governance of cybersecurity. Thus, there are two exercises that underlie this paper. First, a literature review of infrastructure studies and how it relates to the study of cybersecurity incidents. Second, a document analysis (Bowen, 2009) of technical reports, news articles, and official statements.