Dissertation/Thesis Abstract

Weary Giants of Flesh and Steel: Three Articles on the State and Information Security
by Herr, Trey, Ph.D., The George Washington University, 2016, 317; 10076294
Abstract (Summary)

This dissertation explores the dynamic of control between politics and technology, looking at three particular facets – assimilation, restriction, and standardization – as examples of the evolving relationship between the state and information security. Chapter 1 looks at the process of assimilation as the state attempts to use information security toward its own ends. Critiquing contemporary arguments on the presence of an offensive advantage in information security, this chapter breaks open the previously black boxed process of developing and deploying offensive capabilities by the state. Particularly, it examines how the software development process impacts, and often limits, the state’s ability to employ malicious tools especially in lieu of conventional alternatives like precision guided bombs. Advancing the argument that there is substantial complexity in the offensive process, the chapter concludes that existing assumptions for ease of use and the likelihood of rapid escalation prevalent in literature on the topic are exaggerated owing to the challenges in assimilating and employing information security tools in a conflict environment. 

Chapter 2 takes up the question of control through restriction, explaining the repeated use of export controls to regulate the diffusion of information security products globally. Set against a collection of legal tools seemingly ill-fitted to controlling the flow of software, the Departments of Commerce, State, and Defense have persisted in the application of export controls to limit trade in information security products. Rather than adapt to a changing commercial and research environment or craft policy tools better suited to curtail the spread of information security products abroad, the U.S. continued to apply and only moderately tweak the composition of export controls despite their limited effectiveness. This chapter explains the selection of these controls and their persistence as a product of boundedly rational behavior to minimize transaction costs and change in standard operating procedures, even at the cost of reduced regulatory efficacy. 

Chapter 3 looks at standardization, trying to answer if the recent emergence of the information security insurance industry as a means of private governance is a product of the state’s failure to set and enforce standards or the private sector’s opportunistic action to lock in material benefit. Synthesizing previous state efforts to create standards with literature on private governance and its internal debates, the chapter examines the history and process of insurance. It argues that a market driven enforcement mechanism was key to providing financial benefit to companies willing to lead in the governance process.

Indexing (document details)
Advisor: Sell, Susan K.
Commitee: Adcock, Robert, Balla, Steven J., Friedman, Allan, Hoffman, Lance J.
School: The George Washington University
Department: Political Science
School Location: United States -- District of Columbia
Source: DAI-A 77/08(E), Dissertation Abstracts International
Subjects: Information Technology, Political science, Computer science
Keywords: Cybersecurity, Export controls, Insurance, Malware
Publication Number: 10076294
ISBN: 978-1-339-58596-3
Copyright © 2020 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy