Degree completed in 2019.

Malware Ecologies: A Politics of Cybersecurity


Academic Profile

Andrew's interests in cybersecurity cut across computer science, geography, and international relations. For his substantive DPhil research, Andrew is at the University's School of Geography and the Environment developing a project on malicious software through an exploration of malware ecologies. This draws upon a range of concepts from geography and computer science to explore how we interact with malware through analysis and detection, and how this is disseminated into broader domains of international relations and public knowledge.

He joined Oxford as part of the Centre for Doctoral Training in Cyber Security in 2014. As part of this centre, a year of intensive training in cyber security is required across a range of topics including security architectures, ethics, international relations and cyber risk. In his first year, Andrew completed two mini-projects between May and September 2014. The first concerned the commercialisation of academic cyber security research with sponsorship from the former UK Department for Business, Innovation and Skills. The second investigated implantable medical devices and cybersecurity, questioning core concepts such as 'security by default' through the philosophical device of security atmospheres.

Prior to joining Oxford, Andrew gained a BA (Hons) in Geography from Durham University where he focused on security, philosophy and geopolitics. After his undergraduate degree, he worked for the technology consultancy, Accenture, as both a market maker in the products division and as a management consultant in financial services.

Thesis Abstract

Computation, in popular imaginations, is at perennial risk of infection from the tools of nefarious hackers, commonly referred to as malware. Today, malware pervade and perform a crucial and constitutive role in the insecurities of contemporary life from financial transactions, to 'critical national infrastructures' - such as electricity, water, and transportation - to devices in our 'smart' homes and cities, and even to potential 'cyberwar.' Yet, critical security research has rarely turned its attention to malware. In contrast, I explore malware and their politics, situated and extended beyond, an (auto)ethnographic study of the malware analysis laboratory of the UK endpoint protection business, Sophos. I argue that malware are currently processed through a patho-logic that conflate organic and non-organic materialities, permitting analogies between biology and computation, and are generative of particular forms of security that relegate malware to the intent of their authors. I explore how endpoint protection businesses are imbibed with these logics in order to attend to how malware are analysed, detected, and curated beyond them. By drawing on my method of 'becoming-analyst,' I critically reflect on how malware become known, are responded to by ad hoc political groups, and can assist in rethinking the role of computational agency in geography, international relations, security studies, and beyond. I instead conceive of malware as performative political actors making limited choices in broader computational ecologies. I therefore advocate for an eco-logical repositioning of malware, where cyberspace is not simply a neutral domain; but is central to the formation of choice that gives space for malware to be political. With four cases - Conficker, Stuxnet, the Dukes, and WannaCry/(Not)Petya - I write new stories on how malware are encountered and dealt with in the twenty-first century. In doing so, I challenge contemporary discourses of cybersecurity to ask if conventional notions of who and what (per)form security are adequate, and how these are reconfigured through a radical 'more-than-human' politics, where malware are not just objects of security, but are active participants in its production and negotiation.

Research Outputs