Securing the human in critical security studies: the insecurity of a secure ethics

This article argues that Critical Security Studies (CSS), exemplified by Ken Booth’s Theory of World Security, has outlined an ethics of security as emancipation of the ‘human’, but also a highly problematic security of ethics. After drawing out how the ethics of CSS operates, we examine the security of this ethics by examining it against a hard case, that of the 199899 Kosovo crisis. Confronting this concrete situation, we draw out three possibilities for action used at the time to secure the human: ‘humanitarian containment’, military intervention and hospitality. Assessing each against Booth’s requirements for ethical security action, we counter that, in fact, no option was without risks, pitfalls and ambiguities. Ultimately, if any action to promote the security and the emancipation of the human is possible, it must embrace and prioritise the fundamental insecurity of ethics, or else find itself paralysed through a fear of making situations worse.

Providing User Security Guarantees in Public Infrastructure Clouds

The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants - insulated from the minutiae of hardware maintenance - rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.

Information and anti-terrorist security of Poland. A critical analysis exemplified with the tasks and activity of the Internal Security Agency

The subject matter of the analysis conducted in the text is information and anti-terrorist security of Poland, which has been presented within the context of a clash between two spheres – the state and the private sphere. Furthermore, the issues of security have been supplemented with a description of the tasks and activity of the Internal Security Agency, as well as a synthetic appraisal of a terrorist threat to Poland. The main parts of this work are concerned with: (1) the state and the private sphere, (2) " terrorism " and terrorist offences, (3) the tasks and activity of the Internal Security Agency, (4) an appraisal of a terrorist threat to Poland. Given the necessity to elaborate the research problem, the text features the following research questions: (1) To what extent does referring to a threat to security influence a limitation on rights and freedoms in Poland (with regard to the clash between the state and the private sphere)?, (2) To what extent do the tasks and activity of the Internal Security Agency influence the effectiveness of anti-terrorist security in Poland?

The neoliberal way of war: a critical analysis of contemporary British security in policy and practice.

Dominant paradigms of causal explanation for why and how Western liberal-democracies go to war in the post-Cold War era remain versions of the 'liberal peace' or 'democratic peace' thesis. Yet such explanations have been shown to rest upon deeply problematic epistemological and methodological assumptions. Of equal importance, however, is the failure of these dominant paradigms to account for the 'neoliberal revolution' that has gripped Western liberal-democracies since the 1970s. The transition from liberalism to neoliberalism remains neglected in analyses of the contemporary Western security constellation. Arguing that neoliberalism can be understood simultaneously through the Marxian concept of ideology and the Foucauldian concept of governmentality – that is, as a complementary set of 'ways of seeing' and 'ways of being' – the thesis goes on to analyse British security in policy and practice, considering it as an instantiation of a wider neoliberal way of war. In so doing, the thesis draws upon, but also challenges and develops, established critical discourse analytic methods, incorporating within its purview not only the textual data that is usually considered by discourse analysts, but also material practices of security. This analysis finds that contemporary British security policy is predicated on a neoliberal social ontology, morphology and morality – an ideology or 'way of seeing' – focused on the notion of a globalised 'network-market', and is aimed at rendering circulations through this network-market amenable to neoliberal techniques of government. It is further argued that security practices shaped by this ideology imperfectly and unevenly achieve the realisation of neoliberal 'ways of being' – especially modes of governing self and other or the 'conduct of conduct' – and the re-articulation of subjectivities in line with neoliberal principles of individualism, risk, responsibility and flexibility. The policy and practice of contemporary British 'security' is thus recontextualised as a component of a broader 'neoliberal way of war'.

Immigration, security and the public debate on US language policy : a critical discourse analysis of language attitudes in the United States of America

The narrative of the United States is of a "nation of immigrants" in which the language shift patterns of earlier ethnolinguistic groups have tended towards linguistic assimilation through English. In recent years, however, changes in the demographic landscape and language maintenance by non-English speaking immigrants, particularly Hispanics, have been perceived as threats and have led to calls for an official English language policy.This thesis aims to contribute to the study of language policy making from a societal security perspective as expressed in attitudes regarding language and identity originating in the daily interaction between language groups. The focus is on the role of language and American identity in relation to immigration. The study takes an interdisciplinary approach combining language policy studies, security theory, and critical discourse analysis. The material consists of articles collected from four newspapers, namely USA Today, The New York Times, Los Angeles Times, and San Francisco Chronicle between April 2006 and December 2007.Two discourse types are evident from the analysis namely Loyalty and Efficiency. The former is mainly marked by concerns of national identity and contains speech acts of security related to language shift, choice and English for unity. Immigrants are represented as dehumanised, and harmful. Immigration is given as sovereignty-related, racial, and as war. The discourse type of Efficiency is mainly instrumental and contains speech acts of security related to cost, provision of services, health and safety, and social mobility. Immigrants are further represented as a labour resource. These discourse types reflect how the construction of the linguistic 'we' is expected to be maintained. Loyalty is triggered by arguments that the collective identity is threatened and is itself used in reproducing the collective 'we' through hegemonic expressions of monolingualism in the public space and semi-public space. The denigration of immigrants is used as a tool for enhancing societal security through solidarity and as a possible justification for the denial of minority rights. Also, although language acquisition patterns still follow the historical trend of language shift, factors indicating cultural separateness such as the appearance of speech communities or the use of minority languages in the public space and semi-public space have led to manifestations of intolerance. Examples of discrimination and prejudice towards minority groups indicate that the perception of worth of a shared language differs from the actual worth of dominant language acquisition for integration purposes. The study further indicates that the efficient working of the free market by using minority languages to sell services or buy labour is perceived as conflicting with nation-building notions since it may create separately functioning sub-communities with a new cultural capital recognised as legitimate competence. The discourse types mainly represent securitising moves constructing existential threats. The perception of threat and ideas of national belonging are primarily based on a zero-sum notion favouring monolingualism. Further, the identity of the immigrant individual is seen as dynamic and adaptable to assimilationist measures whereas the identity of the state and its members are perceived as static. Also, the study shows that debates concerning language status are linked to extra-linguistic matters. To conclude, policy makers in the US need to consider the relationship between four factors, namely societal security based on collective identity, individual/human security, human rights, and a changing linguistic demography, for proposed language intervention measures to be successful.

The Asian Infrastructure Investment Bank (AIIB): China’s new multilateralism and the erosion of the West. Security Policy Brief No. 63, April 2015

China will launch a new development bank for Asia later this year, called the AIIB. 58 countries worldwide have already applied to become founding members, including numerous Western nations. This policy brief argues that the AIIB constitutes an important international development, as it reflects a new geopolitical reality and marks a new turn in China’s practice of multilateralism. It also looks critically at the European uncoordinated response to the AIIB, and what it tells about Europe’s shrinking role in the world.

Identifying critical components during information security evaluations

Electronic communications devices intended for government or military applications must be rigorously evaluated to ensure that they maintain data confidentiality. High-grade information security evaluations require a detailed analysis of the device's design, to determine how it achieves necessary security functions. In practice, such evaluations are labour-intensive and costly, so there is a strong incentive to find ways to make the process more efficient. In this paper we show how well-known concepts from graph theory can be applied to a device's design to optimise information security evaluations. In particular, we use end-to-end graph traversals to eliminate components that do not need to be evaluated at all, and minimal cutsets to identify the smallest group of components that needs to be evaluated in depth.

Fault evaluation for security-critical communications devices

Communications devices for government or military applications must keep data secure, even when their electronic components fail. Combining information flow and risk analyses could make fault-mode evaluations for such devices more efficient and cost-effective.

Reinforcing the security of corporate information resources:a critical review of the role of the acceptable use policy

Increasingly users are seen as the weak link in the chain, when it comes to the security of corporate information. Should the users of computer systems act in any inappropriate or insecure manner, then they may put their employers in danger of financial losses, information degradation or litigation, and themselves in danger of dismissal or prosecution. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of inappropriate behaviours, and in so doing, protecting corporate information, is through the formulation and application of a formal ‘acceptable use policy (AUP). Whilst the AUP has attracted some academic interest, it has tended to be prescriptive and overly focussed on the role of the Internet, and there is relatively little empirical material that explicitly addresses the purpose, positioning or content of real acceptable use policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and composition of a sample of authentic policies – taken from the higher education sector – rather than simply making general prescriptions about what they ought to contain. There are two important conclusions to be drawn from this study: (1) the primary role of the AUP appears to be as a mechanism for dealing with unacceptable behaviour, rather than proactively promoting desirable and effective security behaviours, and (2) the wide variation found in the coverage and positioning of the reviewed policies is unlikely to be fostering a coherent approach to security management, across the higher education sector.

The information security policy unpacked:a critical study of the content of university policies

Ensuring the security of corporate information, that is increasingly stored, processed and disseminated using information and communications technologies [ICTs], has become an extremely complex and challenging activity. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of security breaches, and in so doing, protecting corporate information, is through the formulation and application of a formal information security policy (InSPy). Whilst a great deal has now been written about the importance and role of the information security policy, and approaches to its formulation and dissemination, there is relatively little empirical material that explicitly addresses the structure or content of security policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and content of authentic information security policies, rather than simply making general prescriptions about what they ought to contain. Having established the structure and key features of the reviewed policies, the paper critically explores the underlying conceptualisation of information security embedded in the policies. There are two important conclusions to be drawn from this study: (1) the wide diversity of disparate policies and standards in use is unlikely to foster a coherent approach to security management; and (2) the range of specific issues explicitly covered in university policies is surprisingly low, and reflects a highly techno-centric view of information security management.

Dialogue, partnership and empowerment for network and information security:the changing role of the private sector from objects of regulation to regulation shapers

The protection of cyberspace has become one of the highest security priorities of governments worldwide. The EU is not an exception in this context, given its rapidly developing cyber security policy. Since the 1990s, we could observe the creation of three broad areas of policy interest: cyber-crime, critical information infrastructures and cyber-defence. One of the main trends transversal to these areas is the importance that the private sector has come to assume within them. In particular in the area of critical information infrastructure protection, the private sector is seen as a key stakeholder, given that it currently operates most infrastructures in this area. As a result of this operative capacity, the private sector has come to be understood as the expert in network and information systems security, whose knowledge is crucial for the regulation of the field. Adopting a Regulatory Capitalism framework, complemented by insights from Network Governance, we can identify the shifting role of the private sector in this field from one of a victim in need of protection in the first phase, to a commercial actor bearing responsibility for ensuring network resilience in the second, to an active policy shaper in the third, participating in the regulation of NIS by providing technical expertise. By drawing insights from the above-mentioned frameworks, we can better understand how private actors are involved in shaping regulatory responses, as well as why they have been incorporated into these regulatory networks.