I joined the first Royal Holloway CDT cohort in September 2013 - Dr Steve Hersee

I joined the first Royal Holloway CDT cohort in September 2013 following careers in the RAF, police and private sector. Having spent 10 years working in security and intelligence I was attracted to a move into academia by the increasing relevance of cyberspace to the field of security, a desire to expose myself to a different perspective and a growing thirst to learn. Traditional PhDs were available but the Cyber Security PhD at Royal Holloway offered something different; a truly multidisciplinary approach, with a close connection between Geopolitics and Information Security; the chance to take classes as well as conduct research; a close connection to the real world through industrial placements; and a cohort environment where we had others around us to learn from, help us out and reassure us that we weren’t as far behind as we thought we were.

I began with no clear idea of my research area but soon realised that there was one topic which both interested me and animated the InfoSec community. In June 2013 Edward Snowden caused uproar by leaking top secret information from the National Security Agency and GCHQ. Within my previous world of security and intelligence Snowden had committed a cardinal sin, compromising our capabilities and assets and handing a massive advantage to our enemies. But to much of academia Snowden had exposed the reckless activities of the security agencies, who had run roughshod over individual privacy and left the Internet more insecure. Whilst the InfoSec community was working to improve network security, the security agencies were apparently undermining it.

Early within the CDT we held a debate amongst CDT students, geopolitics students and staff members about whether Snowden was a hero or a traitor. I led the argument against Snowden but was surprised by the passion and anger expressed by the other side and I sensed some hostility at my deviation from the academic status quo. The debate was great fun and was followed by further discussion in common rooms and pubs over the coming weeks, but this only succeeded in entrenching our pre-existing views. Mirroring the Crypto Wars, we were stuck in the same seemingly intractable problems of privacy versus security and state versus individual.

During this time, I attended Geopolitics classes with MSC students from the Department of Geography and I was exposed to a whole new way of thinking about security. Instead of focussing on how to create security we focussed on security practices and queried whose security we were trying to defend. One concept which caught my interest was that of securitisation; a constructivist approach which describes the process by which an issue becomes a matter of security due to the existence of an existential threat. Once an issue has become securitised in this way extraordinary activity (usually by a government) can be justified to counter this threat.

Within this framework I saw an interesting opportunity to study the crypto wars from a different perspective. To avoid becoming entangled in the debate I could use the securitisation framework to study how each side constructed their own versions of security. In doing so I hoped to bypass questions of who was right and expose ways by which better outcomes could be delivered for everyone.

Some limited literature covered the securitisation of cyberspace but focussed almost entirely on how the British and American governments justified mass surveillance through the securitisation of terrorism, cyber attacks and hostile states. The literature was interesting but often seemed highly partisan and designed to fuel the debate rather than help solve it.

I began to realise that whilst these acts of securitisation formed the building blocks of the crypto wars, they were also fuelling each other. Fearing threats to national security the state banned encryption but fearing a totalitarian state digital rights activists overturned the ban; the state enforced key escrow but activists resisted it; the state siphoned data from technology companies but those companies implemented end-to end encryption. As actions by one side lead to reactions by the other we descend into a spiral of increasing fear and insecurity.

Whilst looking for a way to describe this decent into insecurity I discovered the international relations concept of the spiral model, more commonly known as the security dilemma. This describes the process by which two parties can end up at war despite their peaceful nature. Initial distrust leads one side to take security measures which spook the other causing them to respond in kind. To the first party this action looks hostile they increase their own security further leading to a spiral of insecurity and fear ends in open conflict.

I realised that I could use this model and the vast volume of research surrounding it to study the crypto wars. My focus became not the actions of each side but the feelings of fear and insecurity which drove these actions. This required me to focus on personal experiences, which I was lucky enough to collect through interviews with staff at GCHQ and directors within the Open Rights Group. And through a random and serendipitous event I was able to use my industrial placement to participate in a show called ‘Hunted’, which investigated experiences of the surveillance state.

Through the unique opportunities presented by the CDT and the support of my supervisors I hope I have produced a unique thesis which adds a different perspective to the literature. I’m proud of what I achieved at Royal Holloway and left not only more qualified but more capable of embracing new ideas and viewing the world from different perspectives. I also left with a wife and 3 children but that’s a different story; a PhD really is a long old process.


Comments

Post a Comment

Popular posts from this blog

Post-PhD thoughts on the Cyber Security field: Amy Ertan, 2017 CDT Cohort, now Cyber and Hybrid Policy Officer at NATO HQ in Brussels.

It has been just over a year since I successfully completed my viva – a milestone that initially felt both terrifying and insurmountable when I first joined the CDT. Now, I have the privilege of reflecting on my PhD journey and how its opportunities have shaped my present. I also wish to inspire curious students to embrace the full potential of the CDT and similar programs.   When I first came across the CDT application form, I initially envisioned transforming from a disillusioned city worker into a technical cyber security wizard, focusing on governance or incident response – as those were the only cyber security functions I was familiar with at the time. Very quickly, the CDT taught me that cyber security encompasses a vast and comprehensive range of approaches, offering me a holistic perspective on the field. Supported by the CDT, I engaged with exciting research and practitioner communities to learn about security governance, feminist and critical approaches, geography, the philos
Read more

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

Image
Introducing the project The shift to remote working represents a huge shift for employees and organisations alike, introducing significant implications for cyber security. Amy Ertan and Georgia Crossland are currently working on a research project, in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) and funded by the UK National Cyber Security Centre (NCSC), on the impact of remote working on cyber security and wellbeing. This blog post will give an overview of a section of this project, how remote working impacts cyber security. In response to COVID-19, in March 2020, organisations across the world made the rapid shift away from physical office working to remote working, wherever possible. This shift has had a significant impact across many aspects of organisations. This blog post will offer a high-level overview of how the cyber threat landscape was impacted for many organisations and may further change organisational cyber resilience. Remote workin
Read more

New Publication: Remote Working and (In)Security?: Amy Ertan

Image
A recent research report by CDT researchers Amy Ertan and Georgia Crossland has been published with the Research Institute for Sociotechnical Cyber Security (RISCS). The report examines ‘The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security’, with research carried out through a series of interviews with senior cyber security colleagues between January and April 2021. The full report can be found on the RISCS website: New publication: Remote Working and (In)Security | RISCS. Context In the UK and around the world, the impact of COVID-19 represented a total shift away from what was considered ‘normal living’. One aspect of this change was the rapid transition to remote working as people were encouraged to work from home and limit contact with others as far as possible through repeated lockdown conditions. Fellow CDT colleague Georgia Crossland and I were curious to explore how remote working has impacted the experiences - and se
Read more