Malware Ecologies: Disrupting the Geographies of Cyberspace and Cybersecurity


Academic Profile

Andrew's interests in cybersecurity cut across computer science, geography, and international relations. For his substantive DPhil research, Andrew is at the University's School of Geography and the Environment developing a project on malicious software through an exploration of malware ecologies. This draws upon a range of concepts from geography and computer science to explore how we interact with malware through analysis and detection, and how this is disseminated into broader domains of international relations and public knowledge.

He joined Oxford as part of the Centre for Doctoral Training in Cyber Security in 2014. As part of this centre, a year of intensive training in cyber security is required across a range of topics including security architectures, ethics, international relations and cyber risk. In his first year, Andrew completed two mini-projects between May and September 2014. The first concerned the commercialisation of academic cyber security research with sponsorship from the former UK Department for Business, Innovation and Skills. The second investigated implantable medical devices and cybersecurity, questioning core concepts such as 'security by default' through the philosophical device of security atmospheres.

Prior to joining Oxford, Andrew gained a BA (Hons) in Geography from Durham University where he focused on security, philosophy and geopolitics. After his undergraduate degree, he worked for the technology consultancy, Accenture, as both a market maker in the products division and as a management consultant in financial services.

Current Research

Malicious software, oft abbreviated to malware, is affecting society at greater depth and frequency through our growing dependency on computing devices. To explore this form of maliciousness in our epoch, Andrew conducted an (auto)ethnographic study of a malware analysis lab in a process of 'becoming-analyst'. This enables an exploration of three core tenets of how we collectively comprehend malware: in its analysis, detection, and curation. This triad enables a tracing of technical process, human intuition, and malware's impact on the world, whilst appreciating that this is always a partial knowledge. With the support of five case study forms (Conficker, Dridex, Stuxnet, the Dukes, and WannaCry/Petya), Andrew asks how societies encounter and understand threats presented by malicious software in the 21st century. He argues this requires a new way of thinking about malware. This moves away from more traditional imaginaries that see malware as a defined object moving within existing networks, or as a kind of disease or virus infecting computer systems, to thinking of malware as part of a much broader cyber ecology. Thinking ecologically brings together everyday security practice, bureaucracy, emotion, government, software(s), analyst, air conditioning, and Twitter amongst others, showing that malware's geographies extend far beyond the boundaries of what has previously been considered 'virtual' or 'cyber' space. This provides a platform to critique contemporary cybersecurity discourse to consider whether conventional notions of space and hence security are suitable, and in so doing, presenting malware ecologies as an alternative for cybersecurity theorisation.