Myriam Dunn Cavelty, Christine Eriksen, Benjamin Scharte
{"title":"Making cyber security more resilient: adding social considerations to technological fixes","authors":"Myriam Dunn Cavelty, Christine Eriksen, Benjamin Scharte","doi":"10.1080/13669877.2023.2208146","DOIUrl":null,"url":null,"abstract":"Abstract How can a focus on socio-technical vulnerability and uncertainty make cyber security more resilient? In this article, we provide a conceptual discussion of how to increase cyber resilience. First, we show how cyber security and resilience thinking co-evolved through their connection to critical infrastructures, and how the ensuing dominant technical focus inevitably always falls short due to the diverse societal values that underpin their critical social functions. We argue that a sole focus on aggregate systems neglects the important differences in how cyber threats are experienced and dealt with by individuals. Second, we draw on insights from social resilience and disaster management literature to establish a better link between individuals and cyber systems. We focus on two key aspects of cyber security that highlight its social nature: vulnerability and uncertainty. Instead of thinking of cyber security as a “technical problem + humans,” we suggest cyber security should be conceptualized as a “social problem + technology.” We conclude by highlighting three ways forward for researchers, policymakers, and practitioners: interdisciplinary research, public debate about a set of normative questions, and the need for an uncertainty discourse in politics and policymaking.","PeriodicalId":16975,"journal":{"name":"Journal of Risk Research","volume":"26 1","pages":"801 - 814"},"PeriodicalIF":2.4000,"publicationDate":"2023-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Risk Research","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1080/13669877.2023.2208146","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"SOCIAL SCIENCES, INTERDISCIPLINARY","Score":null,"Total":0}
引用次数: 2
Abstract
Abstract How can a focus on socio-technical vulnerability and uncertainty make cyber security more resilient? In this article, we provide a conceptual discussion of how to increase cyber resilience. First, we show how cyber security and resilience thinking co-evolved through their connection to critical infrastructures, and how the ensuing dominant technical focus inevitably always falls short due to the diverse societal values that underpin their critical social functions. We argue that a sole focus on aggregate systems neglects the important differences in how cyber threats are experienced and dealt with by individuals. Second, we draw on insights from social resilience and disaster management literature to establish a better link between individuals and cyber systems. We focus on two key aspects of cyber security that highlight its social nature: vulnerability and uncertainty. Instead of thinking of cyber security as a “technical problem + humans,” we suggest cyber security should be conceptualized as a “social problem + technology.” We conclude by highlighting three ways forward for researchers, policymakers, and practitioners: interdisciplinary research, public debate about a set of normative questions, and the need for an uncertainty discourse in politics and policymaking.
期刊介绍:
The Journal of Risk Research is an international journal that publishes peer-reviewed theoretical and empirical research articles within the risk field from the areas of social, physical and health sciences and engineering, as well as articles related to decision making, regulation and policy issues in all disciplines. Articles will be published in English. The main aims of the Journal of Risk Research are to stimulate intellectual debate, to promote better risk management practices and to contribute to the development of risk management methodologies. Journal of Risk Research is the official journal of the Society for Risk Analysis Europe and the Society for Risk Analysis Japan.