Rebecca Slayton scite author profile

Most scholars and policymakers claim that cyberspace favors the offense; a minority of scholars disagree. Sweeping claims about the offense-defense balance in cyberspace are misguided because the balance can be assessed only with respect to specific organizational skills and technologies. The balance is defined in dyadic terms, that is, the value less the costs of offensive operations and the value less the costs of defensive operations. The costs of cyber operations are shaped primarily by the organizational skills needed to create and manage complex information technology efficiently. The current success of offense results primarily from poor defensive management and the relatively simpler goals of offense; it can be very costly to exert precise physical effects using cyberweapons. An empirical analysis shows that the Stuxnet cyberattacks on Iran's nuclear facilities very likely cost the offense much more than the defense. The perceived benefits of both the Stuxnet offense and defense, moreover, were likely two orders of magnitude greater than the perceived costs, making it unlikely that decisionmakers focused on costs.

show abstract

Beyond regulatory capture: Coproducing expertise for critical infrastructure protection

Slayton¹,

Clark‐Ginsberg

2017

Regulation & Governance

View full text Add to dashboard Cite

Complex industries such as petroleum production, civil aviation, and nuclear power produce “public risks” that are widely distributed and temporally remote, and thus tend to be ignored by the risk producers. Regulation is perhaps the most common policy tool for governing such risks, but requires expert knowledge that often resides solely within the industries. Hence, many scholars and policymakers raise concerns about “regulatory capture,” wherein regulation serves private interests rather than the public good. This paper argues that regulatory capture framing has tended to limit understanding of expertise and its role in governing public risks. Most studies of regulatory capture treat expertise as a source of knowledge and skills that are created exogenously to political processes, and which can therefore be politically neutral. By contrast, we draw on work in science and technology studies that highlight the value‐laden and relational nature of knowledge and expertise, showing how its formation is endogenous to political processes. Thus, we argue for both broadening analyses of regulatory capture to consider the historically contingent and uncertain process of creating expert knowledge, and going beyond the capture framing by considering the challenge of negotiating different epistemologies and ways of life. We illustrate this analytic strategy by examining the history of and current debate about critical infrastructure protection standards to protect the United States electric power grid from cyberattack. We conclude by considering the broader implications of these findings for governing public risks.

show abstract

Radical innovation in scaling up: Boeing’s Dreamliner and the challenge of socio-technical transitions

Slayton

Spinardi

2016

Technovation

View full text Add to dashboard Cite

a b s t r a c tRadical technological innovations are needed to achieve sustainability, but such innovations confront unusually high barriers, as they often require sociotechnical transitions. Here we use the theoretical perspectives and methods of Science and Technology Studies (STS) to demonstrate ways that existing theories of innovation and sociotechnical transitions, such as the Multi-Level Perspective (MLP), can be expanded. We test the MLP by applying STS methods and concepts to analyze the history of aircraft composites (lightweight materials that can reduce fuel consumption and greenhouse gas emissions), and use this case to develop a better understanding of barriers to radical innovation. In the MLP, "radical innovation" occurs in local niches-protected spaces for experimentation-and is then selected by a sociotechnical regime. The history of composite materials demonstrates that radical innovation could not be confined to "niches," but that the process of scaling up to a wholly new product itself required radical innovation in composites. Scaling up a process innovation to make a new product itself required radical innovation. These findings suggest a need to refine sociotechnical transitions theories to account for technologies that require radical innovation in the process of scaling up from the level of sociotechnical niche to regime.

show abstract

Governing Uncertainty or Uncertain Governance? Information Security and the Challenge of Cutting Ties

Slayton

2020

Science, Technology, & Human Values

View full text Add to dashboard Cite

Information security governance has become an elusive goal and a murky concept. This paper problematizes both information security governance and the broader concept of governance. What does it mean to govern information security, or for that matter, anything? Why have information technologies proven difficult to govern? And what assurances can governance provide for the billions of people who rely on information technologies every day? Drawing together several distinct bodies of literature—including multiple strands of governance theory, actor–network theory, and scholarship on sociotechnical regimes—this paper conceptualizes networked action on a spectrum from uncertain governance to governing uncertainty. I advance a twofold argument. First, I argue that networks can better govern uncertainty as they become more able not only to enroll actors in a collective agenda, but also to cut ties with those who seek to undermine that agenda. And second, I argue that the dominant conception of information security governance, which emphasizes governing uncertainty through risk management, in practice devolves to uncertain governance. This is largely because information technologies have evolved toward greater connectedness—and with it, greater vulnerability—creating a regime of insecurity. This evolution is illustrated using the history of the US government’s efforts to govern information security.

show abstract

Regulating risks within complex sociotechnical systems: Evidence from critical infrastructure cybersecurity standards

Clark‐Ginsberg

Slayton

2018

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Rebecca Slayton

What Is the Cyber Offense-Defense Balance? Conceptions, Causes, and Assessment

Beyond regulatory capture: Coproducing expertise for critical infrastructure protection

Radical innovation in scaling up: Boeing’s Dreamliner and the challenge of socio-technical transitions

Governing Uncertainty or Uncertain Governance? Information Security and the Challenge of Cutting Ties

Regulating risks within complex sociotechnical systems: Evidence from critical infrastructure cybersecurity standards

Contact Info

Product

Resources

About