Assembling cybersecurity: the politics and materiality of technical malware reports and the case of Stuxnet

Clare Louise Stevens

Research output: Contribution to journalArticlepeer-review

38 Downloads (Pure)


This is an article about how cybersecurity gets “made,” with a focus on the role of commercial computer security firms in generating knowledge in matters of international cybersecurity. The argument is two-fold. Firstly, malware may be an intangible artefact in some ways, but its success and its interpretation as malware is deeply interwoven in social, technical, and material alliances. Secondly, a materialist-minded examination of Symantec’s Stuxnet reports will demonstrate the politically situated nature of how cybersecurity expertise emerges. The article finds that Symantec’s work was not a-political or neutrally-technical: Their experts made profoundly political choices in their analyses. By showing the processes that go into making cybersecurity, the article contributes to a widening and deepening of debates about what is at stake in cybersecurity knowledge and practices.
Original languageEnglish
Pages (from-to)129-152
JournalContemporary Security Policy
Issue number1
Publication statusPublished - 15 Oct 2019


  • Intangible artifacts
  • cybersecurity
  • security studies
  • materiality
  • Stuxnet
  • UKRI
  • ESRC
  • ES/P000630/1

Cite this