Cybersecurity’s grammars: A more‐than‐human geopolitics of computation

On one June afternoon in 2017, during an autoethnography of a malware analysis and detection laboratory, NotPetya quickly caused destruction. This malware has since been characterised as a key geopolitical event in cybersecurity, causing billions of dollars in damage as it rendered inoperable computers across the world. The hunt to identify those who had written NotPetya occurred almost immediately. However, this paper rearticulates this event through grammar, in a close reading of computation, to urge for a more‐than‐human reading of cybersecurity. By exploring the written propositions of the hackers, various computational materials – including hardware, code, and machine learning algorithms – as well as their ecologies, cybersecurity is understood to be part of an ecology of language‐practice. Engaging with N. Katherine Hayles’ study of non‐human cognition and choice, computation has an ability to read, interpret, and act, and thus intervene. NotPetya is thus not only a tool of hackers but is a political actor which, alongside others, transformed the contours of the geopolitics of cybersecurity. By focusing on grammars, geopolitics does not wholly derive from the (white, male, rational) hacker, analyst, or intelligence agent, but rather from a distributed set of actors that speak to one another. Grammars permit a nuanced appreciation of cyber‐attacks, the hacker's handling of computational cognition and choice, as well as conceptualising the relation between author and computation and the risks of machine learning. Cybersecurity, through grammar, then becomes one of co‐authorship where security is not only performed by humans but is contorted by an alien politics of computation. Short NotPetya caused great damage in June 2017. This paper rearticulates how this malicious software participated in a more‐than‐human politics to render computers inoperable worldwide. Through grammar, it details how propositions, computational cognition and choice, and ecologies offer a new way to think of cybersecurity. Concluding, there is an assessment of the implications and risks of automation and machine learning to cybersecurity in a more‐than‐human world.