Skip to main content

A theory of actor-network for cyber-security

  • Thierry Balzacq (a1) (a2) and Myriam Dunn Cavelty (a3)

This article argues that some core tenets of Actor-Network Theory (ANT) can serve as heuristics for a better understanding of what the stakes of cyber-security are, how it operates, and how it fails. Despite the centrality of cyber-incidents in the cyber-security discourse, researchers have yet to understand their link to, and affects on politics. We close this gap by combining ANT insights with an empirical examination of a prominent cyber-incident (Stuxnet). We demonstrate that the disruptive practices of cyber-security caused by malicious software (malware), lie in their ability to actively perform three kinds of space (regions, networks, and fluids), each activating different types of political interventions. The article posits that the fluidity of malware challenges the consistency of networks and the sovereign boundaries set by regions, and paradoxically, leads to a forceful re-enactment of them. In this respect, the conceptualisation of fluidity as an overarching threat accounts for multiple policy responses and practices in cyber-security as well as attempts to (re-)establish territoriality and borders in the virtual realm. While this article concentrates on cyber-security, its underlying ambition is to indicate concretely how scholars can profitably engage ANT’s concepts and methodologies.

Corresponding author
*Correspondence to: Professor Thierry Balzacq, 1 Place Joffre, 75700 Paris SP07. Author’s email:
Hide All

1 Healey, Jason (ed.), A Fierce Domain: Cyber Conflict 1986 to 2012 (Arlington: Cyber Conflict Studies Association, 2013).

2 Brown, Kathi Ann, Critical Path: A Brief History of Critical Infrastructure Protection in the United States (Arlington: George Mason University Press, 2006), p. 51.

3 The literature is vast. For a start, see Shaviro, Steven, Connected, or What it Means to Live in the Network Society (Minneapolis: University of Minnesota Press, 2003); Castells, Manuel, The Rise of the Network Society (Oxford: Blackwell, 1996); Stalder, Felix, Manuel Castells and the Theory of the Network Society (Cambridge: Polity Press, 2006).

4 Bingham, Nick, ‘Objections: From technological determinism towards geographies of relations’, Environment and Planning D: Society and Space, 14:6 (1996), p. 32.

5 Graham, Stephen, ‘The end of geography or the explosion of place? Conceptualizing space, place and information technology’, Progress in Human Geography, 22:2 (1998), p. 178.

6 Bueger, Christian and Bethke, Felix, ‘Actor-networking the failed state: an enquiry into the life of concepts’, Journal of International Relations and Development, 17:1 (2014), p. 34.

7 Law, John, ‘Actor network theory and material semiotics’, in B. S. Turner (ed.), The New Blackwell Companion to Social Theory (Oxford: Blackwell, 2009), p. 145f.

8 Connolly, William E., ‘The “new materialism” and the fragility of things’, Millennium – Journal of International Studies, 41:3 (2013), pp. 399412.

9 Mukerji, Chandra, ‘The material turn’, Emerging Trends in the Social and Behavioural Sciences: An Interdisciplinary, Searchable, and Linkable Resource (2015), pp. 113.

10 Schatzki, Theodore R., Knorr-Cetina, Karin, and von Savigny, Eike (eds), The Practice Turn in Contemporary Theory (London: Routledge, 2001).

11 See Law, John, ‘Objects and spaces’, Theory, Culture & Society, 19:5/6 (2002), pp. 91105; Mol, Annemarie and Law, John, ‘Regions, networks and fluids: Anaemia and social topology’, Social Studies of Science, 24 (1994), pp. 641671; Law, John and Mol, Annemarie, ‘On metrics and fluids: Notes on otherness’, in Robert Chia (ed.), Organized Worlds: Explorations in Technology, Organization and Modernity (London: Routledge, 1998), pp. 2038; Law, John and Singleton, Vicky, ‘Object lessons’, Organization, 12:2 (2005), pp. 331355.

12 See, for example, Gombert, David C. and Libicki, Martin, ‘Cyber warfare and sino-American crisis instability’, Survival: Global Politics and Strategy, 56:4 (2014), pp. 722; Denning, Dorothy E., ‘Activism, hacktivism, and cyberterrorism: the Internet as a tool for influencing foreign policy’, in J. Arquilla and D. F. Ronfeldt (eds), Networks and Netwars: The Future of Terror, Crime, and Militancy (2001), pp. 239288.

13 It is noteworthy, however, that a few cyber-security related articles have been published in high-ranking political science journals recently: Gartzke, Erik, ‘The myth of cyberwar: Bringing war in cyberspace back down to Earth’, International Security, 38:2 (2013), pp. 4173 or Valeriano, Brandon G. and Maness, Ryan, ‘The dynamics of cyber conflict between rival antagonists, 2001–11’, Journal of Peace Research, 51:3 (2014), pp. 347360.

14 Deibert, Cf. Ronald, ‘Black code: Censorship, surveillance, and the militarisation of cyberspace’, Millennium: Journal of International Studies, 32:3 (2003), pp. 501530; Deibert, Ronald and Rohozinski, Rafal, ‘Risking security: Policies and paradoxes of cyberspace security’, International Political Sociology, 4:1 (2010), pp. 1532.

15 Eriksson, Johan, ‘Cyberplagues, IT, and security: Threat politics in the information age’, Journal of Contingencies and Crisis Management, 9:4 (2001), pp. 211222; Cavelty, Myriam Dunn, Cyber-Security and Threat Politics: US Efforts to Secure the Information Age (London: Routledge, 2008); Hansen, Lene and Nissenbaum, Helen, ‘Digital disaster, cyber security, and the Copenhagen School’, International Studies Quarterly, 53 (2009), pp. 11551175; Lawson, Sean, ‘Beyond cyber-doom: Assessing the limits of hypothetical scenarios in the framing of cyber-threats’, Journal of Information Technology & Politics, 10:1 (2013), pp. 86103.

16 Barnard-Wills, David and Ashenden, Debi, ‘Securing virtual space: Cyber war, cyber terror, and risk’, Space and Culture, 15:2 (2012), pp. 110112; Stevens, Tim and Betz, David J., ‘Analogical reasoning and cyber security’, Security Dialogue, 44:2 (2013), pp. 147164; Cavelty, Myriam Dunn, ‘From cyber-bombs to political fallout: Threat representations with an impact in the cyber-security discourse’, International Studies Review, 15:1 (2013), pp. 105122.

17 Balzacq, Thierry, ‘The three faces of securitization: Political agency, audience and context’, European Journal of International Relations, 11:2 (2005), pp. 171201; Léonard, Sarah and Kaunert, Christian, ‘Reconceptualizing the audience in securitization theory’, in Thierry Balzacq (ed.), Securitization Theory: How Security Problems Emerge and Dissolve (London: Routledge, 2011), pp. 5776.

18 Vuori, Juha A., ‘Illocutionary logic and strands of securitization: Applying the theory of securitization to the study of non-democratic political orders’, European Journal of International Relations, 14:1 (2008), pp. 6599.

19 Huysmans, Jef, ‘What’s in an act? On security speech acts and little security nothings’, Security Dialogue, 42:4–5 (2011), p. 371.

20 Hansen, Lene, Security as Practice: Discourse Analysis and the Bosnian War (London: Routledge, 2006), p. 64.

21 For an exception from a different discipline, see Parikka, Jussi, Digital Contagions – A Media Archaeology of Computer Viruses (New York: Peter Lang Publishing, 2007).

22 See, for example, Thomas Rid, Cyber War Will Not Take Place (London: Hurst & Company, 2013).

23 May, Chris et al., ‘Advanced Information Assurance Handbook’, CERT®/CC Training and Education Center (Pittsburgh: Carnegie Mellon University, 2004).

24 To name a few: Bueger, Christian and Gadinger, Frank, ‘Reassembling and dissecting: International Relations practice from a science studies perspective’, International Studies Perspectives, 8:1 (2007), pp. 90110; Best, Jacqueline and Walters, William, ‘Translating the sociology of translation’, International Political Sociology, 7:3 (2013), pp. 345349; Bueger, Christian, ‘Actor-Network Theory, methodology, and international organization’, International Political Sociology, 7:3 (2013), pp. 338342; Nexon, Daniel H. and Pouliot, Vincent, ‘Things of networks: Situating ANT in International Relations’, International Political Sociology, 7:3 (2013), pp. 342345. A paper that raises the different challenges that come with adopting ANT in IR is Barry, Andrew, ‘Translation zone: Between Actor-Network Theory and International Relations’, Millennium: Journal of International Studies, 41:3 (2013), pp. 413429.

25 Aradau, Claudia, ‘Security that matters: Critical infrastructure and objects of protection’, Security Dialogue, 41:5 (2010), pp. 491514; Jackson, Patrick T. and Nexon, Daniel H., ‘Relations before states: Substance, process, and the study of world politics’, European Journal of International Relations, 5:3 (1999), pp. 291332.

26 In this article, we stress the deliberate element to differentiate them from ‘failures’ and ‘accidents’. This is justified by the fact that ‘attacks’, potentially damaging events orchestrated by a human adversary, are the sole focus of the current cyber-security discourse.

27 Turner, Raymond, ‘Understanding programming language’, Mind and Machines, 17:2 (2007), pp. 129133; Strachey, Christopher, ‘Fundamental concepts in programming languages’, Higher Order and Symbolic Computations, 13 (2000), pp. 1149.

28 Parikka, Jussi, ‘Ethologies of software art: What can a digital body of code do?’, in Stephen Zepke (ed.), Deleuze and Contemporary Art (Edinburgh: Edinburgh University Press, 2010), p. 118.

29 Ibid., p. 119.

30 Arns, Inke, ‘Code as performative speech act’, Artnodes (2005), p, 7, available at: {} accessed 23 August 2014.

31 Parikka, ‘Ethologies of software art’, p. 125.

32 Skibell, Reid, ‘The myth of the computer hacker’, Information, Communication & Society, 5:3 (2002), pp. 336356.

33 Malware comes in different shapes and categories: The best-known form is probably the computer virus, but there are others such as worms, Trojan horses, spyware, etc., predefined by how they spread through the information environment and/or by their purpose. To be able to categorise malware, one needs to understand how it functions – which is either done through observation of its performance or through so-called reverse engineering. See Skoudis, Ed and Zeltser, Lenny, Malware: Fighting Malicious Code (Upper Saddle River: Prentice Hall, 2004).

34 See, for a general discussion of this aspect, Cohen, Fred, ‘Computer viruses – theory and experiments’, Computers and Security, 6:1 (1987), pp. 2235; Bontchev, Vesselin, ‘Are “good” computer viruses still a bad idea?’, Proceedings of the EICAR ’94 Conference (1994), pp. 2547.

35 Anderson, Ross, ‘Why information security is hard – an economic perspective’, in IEEE Computer Society (ed.), Proceedings of the 17th Annual Computer Security Applications Conference (Washington, DC: IEEE Computer Society, 2001), pp. 358365.

36 Moore, Tyler, ‘Introducing the economics of cybersecurity: Principles and policy options’, in National Academies of Sciences (ed.), Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy (Boston: National Academies Press, 2010); Simonite, Tom, Welcome to the Malware-Industrial Complex (Boston: MIT Technology Review, 2013).

37 Preda, Alex, ‘The turn to things: Arguments for a sociological theory of things’, The Sociological Quarterly, 40:2 (1999), p. 357; Latour, Bruno, ‘Pragmatogonies: a mythical account of how humans and non-humans swap properties’, American Behavioral Scientist, 37:6 (1994), pp. 791808; Latour, Bruno, We Have Never Been Modern (London: Harvester Wheatsheaf, 1993); Doyle, E. McCarthy, ‘Toward a sociology of the physical world: George Herbert Mead on physical objects’, Studies in Symbolic Interaction, 5 (1984), pp. 105121.

38 Law, John, ‘Notes of the theory of actor-network: Ordering, strategy, and heterogeneity’, Systems Practice, 5:4 (1992), p. 383.

39 For reasons of space, we will not deal with other actants here. But see Gershon, Ilana, ‘Bruno Latour’, in Jon Simons (ed.), Agamben to Zizek: Contemporary Critical Theorists (Edinburgh: Edinburgh University Press, 2010), for a discussion of different types of actants.

40 Latour, Bruno, Reassembling the Social: An Introduction to Actor-Network Theory (Oxford: Oxford University Press, 2005), p. 128.

41 Callon, Michel, ‘Techno-economic networks and irreversibility’, in John Law (ed.), A Sociology of Monsters: Essays on Power, Technology and Domination, Sociological Review Monograph, 38 (New York: Routledge, 1991), p. 153

42 Latour, Bruno, Pandora's Hope: Essays on the Reality of Science Studies (Cambridge: Harvard University Press, 1999).

43 Best and Walters, ‘Translating the sociology of translation’, p. 346.

44 Yet, not all ANT research has been based on ethnography and it has not been exclusively committed to fieldwork. For instance, Law’s work on Portuguese vessels and international control has relied upon a detailed historical reconstruction. Law, John, ‘On the methods of long distance control: Vessels, navigation and the Portuguese route to India’, in J. Law (ed.), Power, Action and Belief: A New Sociology of Knowledge? (London: Routledge & Kegan Paul, 1986), pp. 234263 or Law, John, Organizing Modernity (Oxford: Blackwell, 1994).

45 Vrasti, Wanda, ‘The strange case of ethnography and International Relations’, Millennium: Journal of International Studies, 37:2 (2008), pp. 279301; Nimmo, Richie, ‘Actor-Network Theory and methodology: Social research in a more-than-human world’, Methodological Innovations Online, 6:3 (2011), pp. 108119.

46 Best and Walters, ‘Translating the sociology of translation’, p. 346.

47 Law, ‘Objects and spaces’, p. 96.

48 Latour, Bruno, The Pasteurization of France (Cambridge: Harvard University Press, 1988), pp. 344.

49 Law and Singleton, ‘Object lessons’; Law and Mol, ‘On metrics and fluids’.

50 Mol and Law, ‘Regions, networks and fluids’, p. 643.

51 Walker, R. B. J., Inside/Outside: International Relations as Political Theory (Cambridge: Cambridge University Press, 1992).

52 Arquilla, John and Ronfeldt, David F., The Advent of Netwar (Santa Monica: RAND, 1996).

53 Parikka, Jussi, ‘Politics of swarms: Translation between entomology and biopolitics’, Parallax, 14 (1996), pp. 112124.

54 Law, ‘Objects and spaces’, p. 95.

55 Mol and Law, ‘Regions, networks and fluids’, p. 649.

56 Law, John, ‘Actor Network Theory and Material Semiotics’ (April 2007), p. 8, available at: {http://www.} accessed August 2013.

57 Harvey, David, Justice, Nature and the Geography of Difference (Oxford: Blackwell, 1996), pp. 260261.

58 Bloomfield, Brian P. and Vurdubakis, Theo. ‘The outer limits: Monsters, actor networks and the writing of displacement’, Organization, 6:4 (1999), p. 626, emphasis in original.

59 Mol and Law, ‘Regions, networks and fluids’, p. 660.

60 Ibid., p. 652.

61 Ibid., p. 661.

62 Ibid., p. 662.

63 Law, ‘Objects and spaces’, p. 102.

64 Suteanu, Cristian, ‘Complexity, science and the public: the geography of a new interpretation’, Theory, Culture & Society, 22:5 (2005), p. 130.

65 Szor, Peter, The Art of Computer Virus Research and Defense (Boston: Addison-Wesley, 2005).

66 Microsoft, Understanding Anti-Malware Technologies (White Paper, 2007); McAfee, New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection (White Paper, 2013).

67 Firewalls, another very common defensive mechanism, work similarly but will not be discussed in more detail here.

68 Microsoft, ‘Microsoft Security Intelligence Report Website’, available at: {}; Symantec, ‘Annual Threat Report’, available at:{}; Sophos, ‘Security Threat Report’, available at:{}, etc.

70 See the Microsoft Security Blog on ‘Lessons from Least Infected Countries’, available at: {}.

71 The Google Transparency Report now also includes sources of malware, available at: {}.

72 Bhattacharjee, Yudhijit, ‘How a remote town in Romania has become cybercrime central’, Wired (2011), available at: {} accessed 31 January 2011; Kshetri, Nir, ‘Cybercrimes in the former Soviet Union and Central and Eastern Europe: Current status and key drivers’, Crime, Law and Social Change, 60:1 (2013), pp. 3965.

73 Segal, Adam, ‘Chinese computer games – keeping safe in cyberspace’, Foreign Affairs, 3:4 (2012), pp. 1420.

74 Mol and Law, ‘Regions, networks and fluids’, p. 649.

75 That means all the computers infected with Code Red tried to contact the White House website at the same time, overloading the machines and making it become unavailable. See Dolak, John C., ‘The Code Red worm’, Security Essentials, 1:2 (SANS Institute, 2001).

76 Tiirmaa-Klaar, Heli et al., Botnets, Springer Briefs in Cybersecurity (New York: Springer, 2013).

77 See, for example, the ISO 27000 series, available at: {} or the OECD Guidelines for the Security of Information Systems and Networks.

78 European Union Agency for Network and Information Security, ‘Inventory of Risk Management / Risk Assessment Methods and Tools’, available at: { risk/risk-management-inventory}.

79 United Nations Office on Drugs and Crime, ‘Comprehensive Study on Cybercrime’ (Vienna: UNODC, 2013) available at: {}.

80 European Commission, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (Brussels: JOIN, 2013); European Commission, Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union, 2013/0027 (COD).

81 See, for example, Schmitt, Michael N. (ed.), Tallinn Manual on the International Law Applicable to Cyber Warfare (New York: Cambridge University Press, 2013).

82 Parikka, ‘Ethologies of software art’, p. 125.

83 Spafford, Eugene H., ‘The Internet worm: Crisis and aftermath’, Communications of the ACM, 32:6 (1989), pp. 678687.

84 Parikka, Jussi, ‘Contagion and repetition: On the viral logic of network culture’, Ephemera, 7:2 (2007), pp. 287308.

85 Clark, David D. and Landau, Susan, ‘Untangling attribution’, National Academies of Sciences, Proceedings of a Workshop on Deterring Cyber Attacks: Informing Strategies and Developing Options for U.S. Policy (Washington: National Academies Press, 2010), pp. 2540.

86 Deibert, Ronald and Rohozinski, Rafal, ‘Tracking GhostNet: Investigating a cyber-espionage network’, Information Warfare Monitor, available at: {}.

87 Sommer, Peter and Brown, Ian, ‘Reducing systemic cyber security risk’, Report of the International Futures Project (Paris: OECD, 2011); Robinson, Neil, Horvath, Veronica, Cave, Jonathan, Roosendaal, Arnold, and Klaver, Marieke, Data and Security Breaches and Cyber-Security Strategies in the EU and its International Counterparts (Strasbourg: Europa Parliament, Committee on Industry, 2013), p. 58.

88 Law, ‘Objects and spaces’, p. 102.

89 Gross, M. J., ‘Stuxnet worm: a declaration of cyber-war’, Vanity Fair, 4 (2011).

90 Sanger, David, ‘Obama order sped up wave of cyberattacks against Iran’, New York Times, available at: {} accessed 1 June 2012.

91 Symantec, ‘Security Response’, available at: {}.

92 See, for example, Langner, Ralph, ‘Stuxnet: Dissecting a cyberwarfare weapon’, Security & Privacy, IEEE, 9:3 (2011), pp. 4951; Chen, T. M., and Abu-Nimeh, S., ‘Lessons from Stuxnet’, Computer, 44:4 (2011), pp. 9193.

93 See, for example, James, Farwell and Rohozinski, Rafal, ‘Stuxnet and the future of cyber-war’, Survival, Global Politics and Strategy, 53:1 (2011), pp. 2340; Collins, Sean and McCombie, Stephen, ‘Stuxnet: the emergence of a new cyber weapon and its implications’, Journal of Policing, Intelligence and Counter Terrorism, 7:1 (2012), pp. 8091; Lindsay, Jon R., ‘Stuxnet and the limits of cyber warfare’, Security Studies, 22:3 (2013), pp. 365404.

94 Kapersky, Eugene, ‘The man who found Stuxnet – Sergey Ulasen in the spotlight’, Eugene Kapersky Official Blog, available at: {}.

95 Keiser, Gregg, ‘Why did Stuxnet worm spread’, Computerworld, available at: {} accessed 1 October 2014.

96 KrebsonSecurity, ‘Experts warn of new windows shortcut flaw’, available at: {}; ‘Microsoft to issue emergency patch for critical windows-bug’, available at: {www.}.

97 Wilders security, ‘Rootkit’, available at: {}.

98 A Command and Control server (C&C server) is the centralised computer that issues commands to infected computers.

99 Symantec, ‘W32.Stuxnet Dossier’, available at: {}; See also Ginter, Andrew, ‘The Stuxnet worm and options for remediation’, Industrial Ethernet Book Issue, 61:35 (2010), available at: {}.

100 Langner, ‘Stuxnet logbook sep 16 2010 1200 hoursmesz’, available at: {}.

101 Schneier, Bruce, ‘Stuxnet’, Schneier on Security, available at: {}.

102 BBC, ‘Iran fends off new Stuxnet cyber attack’, BBC News, available at: { middle-east-20842113} accessed on 22 April 2015.

103 Albright, David, Brannan, Paul, and Walrond, Christina, ‘Did Stuxnet take out 1,000 centrifuges at the Natanz Enrichment Plant? Preliminary assessment’, Institute for Science and International Security, available at: {} accessed 22 December 2014.

104 Markoff, John and Sanger, David E., ‘In a computer worm, a possible Biblical clue’, New York Times, available at: {} 30 October 2010.

105 Ibid.

106 Rivva, ‘Computer-virus Stuxnet trifft deutsche industrie’, Süddeutsche Zeitung, available at: {} accessed 2 October 2014.

107 Zeiter, Kim, ‘Stuxnet timeline shows correlation among events’, Wired, available at: {}.

108 Car, Jeffrey, ‘Dragons, tigers, pearls, and yellowcake: 4 Stuxnet targeting scenarios’, Forbes, available at: {} accessed 22 November 2014; Jeffrey Car, ‘Stuxnet's Finnish-Chinese connection’, Forbes, available at: {} accessed 14 December 2014.

109 Broad, William J., Markoff, John, and Sanger, David E., ‘Israeli test on worm called crucial in Iran nuclear delay’, New York Times, available at: {} accessed 16 January 2014.

110 Melmann, Yossi, ‘Israel finally moving to define national policy on Iran’, Haaretz, available at: {} accessed 10 March 2014.

111 Sanger, ‘Obama order sped up wave of cyberattacks against Iran’.

112 Perlroth, Nicole, ‘Researchers find clues in malware’, New York Times, available at: {} accessed 30 May 2014.

113 Appelbaum, Jacob and Poitras, Laura, ‘Edward Snowden interview: the NSA and its willing helpers’, Spiegel, available at: {} accessed 9 July 2013.

114 An interesting (and underexplored) question is why this specific version (Stuxnet as a targeted attack against Iran, launched by the US and Israel) became the truth way before The New York Times article provided more ‘evidence’, even though many alternative explanations, from highly-respected security specialists, existed.

115 Clarke, Richard, Cyber War: The Next Threat to National Security and What to Do About It (New York: Ecco, 2010).

116 Lynn, William J., ‘Defending a new domain: the Pentagon’s cyberstrategy’, Foreign Affairs (Sept./Oct. 2010), pp. 97108.

117 Demchak, Chris C. and Dombrowski, Peter, ‘Rise of a cybered Westphalian age’, Strategic Studies Quarterly, 3 (2011), pp. 3261.

118 Preda, Alex, ‘The turn to things: Arguments for a sociological theory of things’, The Sociological Quarterly, 40:2 (1999), p. 357.

Recommend this journal

Email your librarian or administrator to recommend adding this journal to your organisation's collection.

European Journal of International Security
  • ISSN: 2057-5637
  • EISSN: 2057-5645
  • URL: /core/journals/european-journal-of-international-security
Please enter your name
Please enter a valid email address
Who would you like to send this to? *



Altmetric attention score

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed