critical infrastructure lab

Niels ten Oever, Christoph Becker

University of Amsterdam – critical infrastructure lab

This paper argues that the production of ‘infrastructural insecurity’ is an inherent part of the standardization of information networks. Infrastructural insecurity is the outcome of an intentional process within infrastructural production, standardization, and maintenance that leaves end-users of the infrastructure vulnerable to attacks that benefit a particular actor. We ground this analysis in an interrogation of the responses to the disclosure of three security vulnerabilities in telecommunications networks, namely (1) a security flaw in Signaling System No. 7 (SS7) that allows for the data interception and surveillance, SMS interception and location tracking by third parties, (2) the lack of encryption of permanent identifiers that allowed for the deployment of rogue base stations, which allowed for man-in-the-middle attacks, resulting in interception of all voice and data traffic in a physical signal vicinity, and (3) the lack of forward secrecy between user-equipment and the home network, which allows for the decryption of current encrypted data stream if credentials were obtained in the past. To research the shaping of communication and infrastructure architectures in the face of insecurities, we develop a novel approach to the study of Internet governance and standard-setting processes that leverages web scraping and computer-assisted document set discovery software tools combined with document analysis. We bring these methods into conversation with theoretical approaches from material media studies, science and technology studies, and critical security studies. This is an important contribution because it asks fundamental questions about the adequacy and legitimacy of standardization processes.

https://www.conftool.org/aoir2023/index.php?page=browseSessions&form_session=375#paperID219