Abstract
Beginning with a startling pattern of racialized practices in cybersecurity expert communities in the Gulf States, and drawing on the decolonial insights of the modernity/coloniality school, this article argues that race operates as a marker of who is a legitimate knower of dominant Euro-American knowledges of cybersecurity and who is not, and therefore whose understandings, experiences, and practices of cybersecurity are privileged. In demonstrating that decolonial thought can be fruitfully applied to questions of cybersecurity, this article makes three contributions to security studies. The first is empirical, drawing on original interview data to identify racial hierarchies of rationality and authority in cybersecurity expert communities. The second contribution is theoretical, demonstrating how a decolonial perspective is especially well equipped to understand racialized practices in cybersecurity knowledge production. The third contribution is programmatic, outlining a decolonial research agenda for cybersecurity—or, as we put it in the title, a path toward a decolonial cybersecurity.
“Customers in the Middle East have a naive perspective on cybersecurity … Having a meaningful conversation on a technical level is difficult.”
“There was a focus on shiny technology, buttons, and flashes. Culturally it is almost the hardest to accept that the less sexy stuff is important, more so in the Gulf.”
“I met with people who ran government organizations, and they refused to talk because I’m not White. I turn up—’you’re not British, do you have a passport? Where are you really from? Sorry, I don’t have time for this meeting.’ They are not used to seeing a British Bangladeshi man in a suit … I used to confuse them.”
These quotations, drawn from interviews held in 2016 and 2017 with cybersecurity experts working in the Gulf States, highlight surprisingly racialized aspects of cybersecurity: the supposed naivety of a generalized “Middle Eastern” customer, their perceived “cultural” obsession with technologically dazzling “shiny buttons and flashes,” and even racist assumptions about who can speak authoritatively about state-level cyber threats. Such comments are surprising partly because they were an unexpected part of the research project on cybersecurity in the Gulf States in which they emerged. Interviewees were not asked to comment on racial or related cultural factors; instead, they were asked to share more generally what they thought was important in the overall emergence of cybersecurity as an issue of national priority in the region. Our research question is therefore: How can we better understand the presence, origins, and effects of racialized practices in cybersecurity?
One possible response to the presence of racial comments in the Gulf cybersecurity community is to explain them away as anomalous noise, something peculiar to the region and unrelated to the actual practice of cybersecurity. In this article, we argue that a more fruitful approach is to recognize these empirics as merely the visible tip of an otherwise invisibilized iceberg of global colonial relations in cybersecurity. Although there is a large body of scholarship on how cyber threats affect international politics in the security studies and international relations (IR) fields, these works are entirely silent on whether and how race affects cybersecurity or, more precisely, how race shapes our understandings of cybersecurity threats, victims, and experts. This silence may stem from the perception that cybersecurity is a predominantly technological and technical issue—although the quotations above indicate otherwise. As we argue later, this perception is itself problematic. Moreover, we suggest, race and cybersecurity have not been previously connected in this literature due to the omission of colonial legacies as a relevant constitutive factor in the dominant theories of international politics and security from which cybersecurity analyses are currently derived.
To correct this omission, we draw on insights from the decolonial research program, especially the concept of coloniality, in the specific form of “racial-epistemic hierarchies,”Footnote1 to argue that race operates as a marker of who is a legitimate knower of dominant Euro-American knowledges in cybersecurity and who is not, and therefore whose understandings, experiences, and practices of cybersecurity are privileged. That is, decolonial thought explains racialized dynamics as both the result and source of an epistemic struggle. We thus assert that racial-epistemic hierarchies have clear material implications by foreclosing alternative forms of cybersecurity policy and practice. This is a constitutive claim, as racialized dynamics shape the environment in which cybersecurity knowledge and expertise is developed and applied.
More specifically, we identify two interrelated racial-epistemic hierarchies in Gulf cybersecurity expert communities. The first is what we call a “hierarchy of rationality,” in which sensible, reasonable, and rational cybersecurity “experts” are coded White, whereas individuals coded with other racial categories by these experts are deemed as cognitively inferior, irrational, and naive. The second is a “hierarchy of authority,” in which warnings and advice from those deemed racially “lower” are not taken seriously by those in positions of power. Hierarchies of rationality and authority are practically inextricable, but their analytical separation helps to demonstrate the plurality of racial influences on cybersecurity (there are two hierarchies, not a single hierarchy) and show that they intersect with other aspects of identity, such as gender.Footnote2
This article makes three contributions to security studies. The first is empirical, presenting original interview data to identify racial hierarchies of rationality and authority. This interview data, revealing the day-to-day practices of cybersecurity experts, is rare in the cybersecurity literature, which often focuses either on technical analysis of cyber incidents or “higher-level” strategies and policies. It is even rarer for mainstream cybersecurity scholarship to dialogue with communities outside Europe and the United States. In this way, this article reorients the empirical grounding of cybersecurity studies away from Euro-America, presenting non-Western sites not merely as threats or “gray” networks in cyberspace, but as communities equally engaged with cybersecurity issues, with important global implications.
The second contribution is theoretical, as the article theorizes this empirical data using insights from the decolonial research program. Because decolonial thought may not be familiar to readers of Security Studies, this article synthesizes a large body of work. This is not only necessary for interrogating the empirical data above, but for redressing the absence of decolonial thought—and, significantly, its diverse authors—from the security studies canon. In this way, we intend to expand the horizons of security studies and enable future authors to adopt a decolonial approach without undertaking the extensive review conducted here.
The third contribution of this article is programmatic, outlining a decolonial research agenda for cybersecurity—or, as we put it in the title, a path toward a decolonial cybersecurity. The empirical analysis in this article is admittedly limited, in that we apply selected decolonial insights to cybersecurity, whereas the decolonial research program calls for a critical reexamination of cybersecurity’s Euro-American cultural underpinnings, as well as a radical shift in practice. In the third and final section, we outline where this research program might go, not as an instruction but as an invitation. We highlight the concept of cybersecurity maturity as potentially subject to decolonial examination, the possibility of extending this article’s focus on a specific community to what we call a global “transnational techno-elite,” and finally a search for and equal engagement with alternative, non-Eurocentric cybersecurity knowledges.
As the preceding paragraphs suggest, this article is organized empirics to theory rather than vice versa. The first section presents the interview data, showing how race shapes cybersecurity expert communities in the Gulf. The second section then theorizes this data using a decolonial approach. The third section goes beyond the narrow scope of the empirical analysis toward a broader decolonial research program for cybersecurity. We chose this organization over a theory-driven alternative because it more clearly reflects how our argument emerged. Rather than empirical data conforming neatly to prior theoretical suppositions, our understanding of the role of race in cybersecurity emerged through extended (self-)reflection, discussion, and collaborative thinking following several surprising encounters with interlocutors in the region, and we foreground this process through the article’s structure, as well as its content.
Racialized Hierarchies in Gulf Cybersecurity Expert Communities
This section expands on the quotations at the start of the article, drawing on interviews to characterize a puzzling pattern of racialized practices in cybersecurity expert communities in the Gulf States. We first characterize the interview data itself and the methodological considerations behind it. We then explore how race has produced two hierarchies of rationality and authority in the Gulf cybersecurity community. Finally, we discuss how dominant theories of cybersecurity are insufficient for explaining this data because they do not account for ongoing colonial legacies constituting cybersecurity today.
Interview Methodology and Positionality
This article draws on 35 interviews conducted as part of a research project on the emergence of cybersecurity in the Gulf States. Our interviewees included 14 US and European nationals, 8 Gulf nationals, 4 nationals of Arab countries outside the Gulf, and 9 South Asian nationals. Interviews took place in 2016–17 in London and on three visits to the Gulf: July–August 2016, October–November 2016, and March–April 2017. Interviewees were mainly between the ages of 30 and 50, and had at least one postgraduate qualification, which often combined computer science or engineering with business or management. Nearly all interviewees were men; only two were women. Interviewees were selected through snowball sampling from personal contacts and speakers at cybersecurity industry conferences in the Gulf States. Further details are provided in the online appendix.
The methodological principles guiding these interviews hold that interviewing is a process of mutual performance, based on a wide range of factors, including the circumstances of the interview, the body language and personal responses to the interviewer of the interviewee, and both individuals’ interests and goals.Footnote3 The role of interviews in this article is therefore not to record unambiguous facts about cybersecurity in the Gulf; instead, it is to allow cybersecurity professionals a space in which to perform their identities as experts, their views of relevant threats and responses to those threats, and so on.
Given this approach to interviews, positionality is of particular importance.Footnote4 The author conducting these interviews is a White man from outside the Gulf, and, like all scholars, he brought not just conscious reasons for research to interviews. Interviewees frequently assumed that this author was working for a commercial company or foreign government purely due to his appearance. During and even after interviews, these suspicions were difficult to dispel.
Equally importantly, interviewees whose positionality most closely matched the ideal-typical subject position of a Euro-American White expert (with the qualifications below) often adopted an “us–them” relationship, where they identified Euro-American White experts to include the interviewer as “us,” and other racial identities as “them.” Some quotations below emerge from this setting, where the interviewee felt comfortable sharing views they would not have endorsed publicly—and, in some cases, said so explicitly. This dynamic did not emerge in interviews where the relative positionality differed, with implications for the article’s argument: though many of the quotations below refer to racialized hierarchies, such hierarchies emerge most clearly when the interviewee is speaking in a less professional, more familiar manner. The next section details the racialized hierarchies manifest in Gulf cybersecurity expert communities.
Hierarches of Rationality and Authority
Interviewees identified three main subject positions in cybersecurity expert communities: White Euro-American experts, Gulf clients and “native” managers, and South Asian contractors. The hierarchies of rationality and authority identified in this section operate through, and reinforce, these different subject positions.
The demographics of the interviews suggest that interviewees all possessed roughly the same cybersecurity knowledges, learned from the same manuals and the same courses, and attended the same conferences—and, in most cases, obtained advanced degrees on the subject. It is important to recognize that the center of gravity for this cybersecurity knowledge is Euro-American, with influential courses operated centrally from the United States and exported worldwide, with many cybersecurity professionals (including those in the Gulf) completing postgraduate cybersecurity qualifications in the UK or the United States.Footnote5 We return to this Euro-American centricity and the related question of alternative cybersecurity knowledges later in the article.
For now, the key point is that, despite possessing the same cybersecurity knowledges as their White counterparts, the interviews indicate that racialized hierarchies constitute Gulf citizens and South Asian expatriates as less rational and less authoritative speakers, actors, and decision makers in cybersecurity. Importantly, these subject positions are generalized simplifications operative within these communities, and individual interviewees often struggled to reconcile their own identities with these distinctions, as we discuss further below.
Hierarchy of Rationality
Some interviews revealed a clear hierarchy of rationality between White Euro-American experts and their Gulf interlocutors, with the former being cast as intelligent, rational, and reasonable, and the latter as cognitively inferior, irrational, and naive. For example, one European interviewee claimed that their Gulf clients “are very good at learning by rote—they remember things forever! Like something your wife would do. Another horrible stereotype, but certainly true for the people we worked with, good but no creative spark.”Footnote6 This brief quotation packs in patronizing praise and the ascription of inferior mental capabilities as a feminine quality, as well as recognition of the transgressive nature of the judgment.
Although rarely expressed in such stark—and misogynistic—terms, racial inferiority was evident in other interviewees’ understanding of the deficiencies of Gulf cybersecurity knowledge. As another European interviewee explained, “Customers in the Middle East have a naive perspective on cybersecurity … Having a meaningful conversation on a technical level is difficult,” and “the Middle East does not generally have the organic technical expertise.”Footnote7 Others ventured that “the idea that Kuwaitis or Qataris will acquire these [cybersecurity] skills is unrealistic,”Footnote8 because clients were unable to engage with the subject in a sufficiently detached and objective manner: “It was fantastic to them, the invitation to conceive of unimaginable threats, so unrealistic that people were unable to speak rationally.”Footnote9
Cybersecurity consultants of other subject positions also frequently expressed a hierarchy of rationality disadvantaging Gulf citizens. One interviewee, a Pakistani national, explained, “people here are not tech savvy, you need to teach them what to think”;Footnote10 a Sri Lankan national professed wariness at teaching too much, saying that “it is a bit contradictory—you have to show them issues, but not too deeply.”Footnote11 The former interviewee went on to provide more concrete examples of a hierarchy of “intelligence” based on specific cybersecurity standards: “The world is coming out of ISO270001, but this region is just adopting it now … The region is not intelligent enough to ask for NIST [National Institute for Science and Technology; a US standard] yet, and even if you present it they go for ISO [International Standards Organization] standards instead.”Footnote12
Although consultants express doubts about their clients’ skills and abilities the world over, and also withhold information, to their clients’ frustration everywhere—not least in the field of cybersecurity—the inferiority of the Middle East and the Gulf as a region, especially in comparison to Euro-America, came through strongly in these interviewees’ comments. Some interviewees even explicitly sought to exploit their supposed intellectual superiority for commercial gain:
I have seen in the Middle East that expert technical people profile better over there than here; if you’ve done it, and you’ve seen the world, that can have a disproportionate impact compared to doing all the bowing and scraping and acting well relative to their morals. If you’re a technical expert then they hang off your every word.Footnote13
They want to outsource everything, because it is then the responsibility of someone else to implement it. If they do everything it is their responsibility. They want to have other people, and others’ technology, but at some point you have to have knowledge yourself, you have to know your networks.Footnote17
While the above comments are not directly racialized, explicit cultural, national, and regional characteristics operate as indirect racial markers or racial “codes,” separating and ordering the subject positions identified above. Furthermore, it is notable that these interviewees perceived that “shiny” or “flashy” technologies dazzled their Gulf clients more than their clients in Euro-America. A fetishization of technology is far from unique to cybersecurity in the Gulf, implying that similar characteristics could be observed, to a lesser degree, in many other sites. In other words, interviewees operate within—and participate in reinforcing—a global hierarchy of rationality, rather than its binary presence or absence.
Such perceptions of technological incompetence emerge from the broader political economy of cybersecurity in the Gulf States. Most interviewees worked for cybersecurity companies or government organizations that outsourced or procured cybersecurity services and technologies, and so financial concerns were common to this cybersecurity expert community. Many Euro-American interviewees portrayed the Gulf as a place they visited primarily for commercial gain compared to the rest of the world, and Euro-America in particular. One interviewee said that “it’s astonishing how much they spend—how much they are willing to spend. Gulf countries can afford it.”Footnote21 Another compared their experience to a restrained approach to spending in Europe: “Here [the Gulf] people would buy the whole lot, and you are like ‘wow!’”Footnote22 Interviews with Gulf Cooperation Council (GCC) nationals concurred with this understanding, but emphasized its negative consequences; as one put it, “we are a big ATM machine, that’s the wrong concept people have … they come for money, not for research.”Footnote23 Another confirmed this imbalance: “The vendors make lots of money … And here it is all sales teams, they do not do development.”Footnote24 As we explore in later sections, such economic relationships have a long colonial precedent.
Overall, these interviews reveal a hierarchy of rationality for cybersecurity experts in the Gulf States, with White Euro-American consultants at the top, other subject positions occupying a middle ground, and their Gulf interlocutors at the bottom, with the latter portrayed as irrational, naive, and technologically inept. Euro-American and South Asian consultants alike see the Gulf States as an “ATM machine,” suitable only for sales, rather than intellectually rigorous activities such as research or development.
Hierarchy of Authority
The second hierarchy evident in the interviews is one of authority, in which warnings and advice from those deemed racially “lower” are not taken seriously by those in positions of power. This hierarchy operates differently to the hierarchy of rationality, largely because Gulf citizens are in a far less precarious financial position. According to this hierarchy, other racial subject positions, especially South Asians, possess less authority than Gulf citizens.
In one case, an interviewee—an Indian national—recounted an incident where an economically precarious and “lower”-status cybersecurity expert shared key criticisms, but management dismissed this information due to his race. In his words, attributing the story to “a friend”:
A friend from South Asia gave a final audit but he was told by a UAE [United Arab Emirates] senior to “get out of the room now.” You need to present it as “risk is a risk, but it is not a fault.” Managers take criticism less easily from expats than from Omanis.Footnote25
This self-censorship had knock-on consequences for the kind and quality of work these expatriates performed. As a Pakistani national stated, “The heavy use and high turnover of expats stops knowledge transfer … they create this gap in responsibility.”Footnote29 An Egyptian made the claim more explicitly: “Expats are not incentivized to work hard for a long time or to invest energy due to the system; you know you are going to leave, so you don’t try that hard.”Footnote30 As with the hierarchy of rationality, although these interviewees discuss principal–agent dynamics that can be found worldwide—especially around poor information sharing, which is a cybersecurity issue replicated in the United States, Europe, and beyond—these interviewees perceived the situation to be worse in the Gulf due to the racialized nature of this hierarchy.
Despite the political-economic features of this hierarchy of authority, other interviewees again deployed the racial code of “culture” to explain what they saw as region-wide deficiencies in cybersecurity practices. A Bahraini national claimed that “discretion is cultural, it is worries that make us look bad. Reputation is key.”Footnote31 Similarly, a Pakistani national in the UAE suggested that “here people tend to hide the attack … they don’t want to share their dirty laundry, culturally.”Footnote32 A UK national echoed this point: “In the Middle East if [an attack] happens it is not only disruption but also loss of face. They see it as more important that we do not get hauled out than stopping attacks.”Footnote33 As another interviewee explained, compared to his earlier experience in the UK, “you don’t hear about issues here, they are swept under the carpet, so the frequency of hearing about cyberattacks is much lower.”Footnote34 These quotations erroneously depict the consequences of precarious expatriate employment in the Gulf in general, and for South Asians in particular—a system, as we detail later, tied to power dynamics between Gulf employers and South Asian contractors, originating in British imperial practices—as an unchanging cultural and racial characteristic.
Finally, this hierarchy of authority was especially complex for individuals who perform multiple identities or do not fit easily into any. Interviewees self-identifying as non-Gulf Arab placed themselves in liminal spaces, so an Egyptian interviewee explicitly stated that “as an Arab I have a strange role, neither local nor foreign. It’s better to be an Arab than an expat, but even better to be a national.”Footnote35 Cybersecurity professionals with European passports and South Asian ethnicity encountered different struggles, with one explaining:
I met with people who ran government organizations, and they refused to talk because I’m not White. I turn up—“you’re not British, do you have a passport? Where are you really from? Sorry, I don’t have time for this meeting.” They are not used to seeing a British Bangladeshi man in a suit … I used to confuse them.Footnote36
Problematizing Standard Approaches to Cybersecurity
Dominant theories of cybersecurity lack the conceptual tools to clarify the presence, origins, and effects of race in cybersecurity expert communities outlined above. Our assertion is not that these theories are “alternatives” against which we present the decolonial perspective, but rather that racialized colonial legacies are constitutive of factors already identified by extant explanations.
Most works focus on the strategic implications of structural features of cyberspace, including a vast and constantly evolving attack surface, that make defense against determined adversaries difficult.Footnote37 For this reason, offense has dominated IR discussions of cybersecurity, centering on the proliferation of “offensive cyber capabilities,” how and why states develop such capabilities, and under what conditions they deploy them.Footnote38 These accounts, due to the more general IR theories from which they derive, are largely ahistorical and ignore colonial history. It is thus unsurprising that this literature is silent on the relevance of race to cybersecurity.
A second strand of literature focuses on the complex political-economic dynamics underpinning cybersecurity. There is widely considered to be a skills or expertise “gap” in cybersecurity, with many fewer cybersecurity experts than required, and many organizations possessing insufficient “capacity” to implement adequate cybersecurity protections.Footnote39 Other political-economic dynamics go beyond a simple lack of people or resources to include an inability to allocate resources appropriately, especially a fixation on advanced protection technologies, and adverse economic incentives for everything from information sharing to the most basic remediation after an incident, particularly in the context of a growing cyber insurance market.Footnote40 In contrast to the strategic approaches above, this perspective highlights some elements of the expert interactions identified in our interviews, but it offers no conceptual leverage to understand the racialized nature of these interactions.
Finally, it should be noted that some IR scholars have already offered important constitutive accounts of cyber insecurity, especially around concepts of expertise and knowledge production. These studies have highlighted the role that threat intelligence companies play in shaping states’ and others’ perception of cyber threats, how “the attribution problem” requires extensive expert ability to identify those responsible for an operation, and more broadly the myriad cultural and disciplinary influences on who counts as a cybersecurity expert.Footnote41 This article distinguishes itself from these approaches by highlighting the colonial constitution of cybersecurity communities and practices, particularly the role of racial-epistemic hierarchies in determining who counts as a legitimate knower. It does so by drawing on a set of sources that these works do not include, and to which we now turn: decolonial thought.
Theorizing Racialized Hierarchies in Cybersecurity Using Decolonial Thought
This section uses decolonial thought to theorize and contextualize the racialized hierarchies described above. We show why decolonial thought is particularly well equipped with concepts and propositions that can expose racialized colonial logics and their puzzling relationship to knowledge and (communities of) expertise. This literature also points to other ways of knowing and being in cybersecurity. We first provide an introduction to decolonial thought, focusing on the concept of racial-epistemic hierarchies. We then contextualize Gulf cybersecurity in light of historical semicolonial relations, showing that coloniality, in the form of racial-epistemic hierarchies, constitutes White Euro-American experts as legitimate knowers who set the rational standards to be met by all other racial groups. Conversely, South Asian experts are viewed as low-authority knowers whose expertise is not to be trusted by their Gulf Arab managers.
Decolonial Thought and Racial-Epistemic Hierarchies
We propose the decolonial perspective as a powerful source of theorizing about race and its constitutive effect on cybersecurity expert communities, because this perspective was developed precisely to expose how colonial legacies, such as racial hierarchies, continue to shape knowledge production. That is, according to this perspective, colonial legacies such as race determine what we consider valuable knowledge (Euro-American knowledges), who we consider to be legitimate knowers (White (male) Euro-Americans), and which practices we use to produce and disseminate knowledge (methodologies sanctioned by the above). Racialized dynamics are thus explained as both the source and result of an epistemic struggle.
Also known as the modernity/coloniality school and rooted in the works of Aníbal Quijano, the decolonial perspective is connected to a much broader, unsystematized “family” of Global South philosophies and political theories from various disciplines that share the aim of “decolonizing” the ongoing cultural and epistemic hierarchies that remain after the waning of political colonialism. This expansive tradition includes scholars predominantly from Africa, the Asia-Pacific, and Latin America, with pioneers and influential contemporaries including Syed Hussein Alatas, Gloria Anzaldúa, Gurminder K. Bhambra, Raewyn Connell, María Lugones, Achille Mbembe, Walter D. Mignolo, Sabelo J. Ndlovu-Gatsheni, Linda Tuhiwai Smith, and Ngũgĩ wa Thiong’o.Footnote42 Within the discipline of IR, David L. Blaney and Arlene B. Tickner, Olivia Umurerwa Rutazibwa, Robbie Shilliam, and Lucy Taylor, among others, have specifically elaborated decolonial thought.Footnote43 We build on their scholarship and efforts to decolonize knowledge production in the field.
One of the fundamental notions shaping decolonial thought is that of conceiving of the last 500 years of history as shaped by modernity/coloniality. Modernity is understood as a set of conditions and norms related to individual rationality, the rationalization of communities through the emergence of the modern bureaucratic sovereign state, a belief in perpetual linear progress, and capitalism. It constructs itself especially in opposition to tradition, backwardness, and the historical past.Footnote44 An important feature of modernity is the division of the world, and its knowledges especially, into racial and gendered categories that allow for hierarchization and silencing in ways that elevate White Euro-America.Footnote45 Modernity has been assumed by Euro-America to be the predominant lens through which to understand historical development (for example, thereby constituting notions of premodernity and postmodernity).
Coloniality, on the other hand, includes the “long-standing patterns of power that emerge in the context of colonialism, which redefine culture, labor, intersubjective relations, aspirations of the self, common sense, and knowledge production in ways that accredit the superiority of the colonizer. Surviving long after colonialism has been overthrown, coloniality permeates consciousness and social relations in contemporary life.”Footnote46 Coloniality, then, includes oppressive conditions that continue in cultural, socioeconomic, and epistemic practices despite the waning of formal, political colonialism.
The slash both connecting and dividing modernity and coloniality indicates that they are co-constitutive: we cannot logically conceive of the emergence of a belief in linear progress and objective rationality without reference to the fact that such notions developed by way of Euro-America contrasting itself with the barbaric and irrational “Other” who exists in the backwards past, and practicing these distinctions through colonialism.Footnote47 Therefore, it is impossible to understand the Euro-American experience of modernity without understanding the subaltern experience of coloniality, and vice versa.Footnote48
Race is integral to the concept of coloniality, although the terms are not synonymous.Footnote49 Just as racial hierarchies legitimized colonialism’s extractive and genocidal practices, racial hierarchies operate within coloniality as a means of legitimizing the exclusion or eradication (epistemic violence) of knowledges from racially inferior populations.Footnote50 Race operates to “demarcate certain territories and their non-European and/or non-white populations as lacking in appropriate cultural and political norms and values that make up a ‘standard of civilization.’”Footnote51 Simultaneously, the promulgation of the colonizer’s knowledge to displace the knowledges of others is also per se a colonial mode of maintaining racial superiority.Footnote52 Thus, for example, the rise of the United States in the early nineteenth century was constituted by “racial-epistemic hierarchies” generated “in dialogue with countries to the south which were understood to be racially inferior and economically fair game.”Footnote53 Race operates as a marker of who is the legitimate knower and who is not: thus, coloniality is a racist practice, even if it is not only a racist practice. Building on this, we argue that racial and epistemic hierarchies are inseparable in constituting material cybersecurity relations.
Importantly, racial-epistemic hierarchies are not always explicitly articulated. As we note in the empirical discussion above, cultural, national, and regional characteristics operate as indirect racial markers or “codes.”Footnote54 This requires further qualification, as the relationship between race and culture is complex. On the one hand, and in a relatively narrow sense, culture is part of the construction of racialized identities. The three subject-positions discussed above are not purely differentiated by skin tone but also by “cultural” characteristics: dress, language, behavior, and so on.Footnote55 On the other hand, and at a broader level, “cultures,” understood as vast mediated system of signs, meanings, and practices, incorporate and reify racialized difference in context-specific ways, so racialization is mediated and made possible by and within particular cultural systems.Footnote56 In this way, culture—and especially, to add another layer of symbolic representation and affective commonality present in the interviews above, national culture—is certainly a code for racial-epistemic hierarchies; more than that, it is a fundamental constituent of those hierarchies.
This insight regarding the interrelationship between culture, race, and knowers is not unique to decolonial thought and has been studied across postcolonial and critical literatures.Footnote57 Most famously, Edward W. Said analyzes the simultaneous fetishization and degradation of the “Oriental” Other through the combination of colonial power and cultural production.Footnote58 For Said, racialized difference and cultural superiority combine in academic disciplines and artistic works stretching across countries and centuries.
Finally, it is vital to not conflate decolonial perspectives with analyses concerned with diversity and inclusion. In very crude terms, decoloniality privileges diversity of knowledges over diversity of identities. It is not a perspective primarily concerned with the representation of more racial or gender identities in powerful positions, but with incorporating a plurality of epistemes in the global political economy of knowledge production (the latter of which is itself a vital site of power). These are not separate: in the modern/colonial world, epistemic and racial hierarchies are mutually constitutive and legitimize each other. However, as illustrated above, diverse racial, gendered, and socioeconomic groups may nevertheless still share fundamental epistemes. Conversely, people sharing similar superficial identities may have radically different epistemological positions. Thus, identities and epistemes, like diversity and decolonization, must not be conflated conceptually.
Having provided this outline of decolonial thought and the key concept of racial-epistemic hierarchies, the next section offers a decolonial reading of the Gulf case, explaining from a decolonial perspective the practices revealed in the earlier empirics.
Coloniality in the Gulf: How Racial-Epistemic Hierarchies Constitute Cybersecurity Expert Communities
Applying the above decolonial insights to the semicolonial history of cybersecurity in the Gulf reveals the way race was used and internalized by Euro-American, Gulf, and South Asian actors as a marker for who is a legitimate knower and who is not. We argue that coloniality continues to play a vital role in perpetuating racial-epistemic hierarchies in cybersecurity expert communities in the Gulf today.
First, it is important to note that the Gulf States have long had an ambivalent relationship with colonialism. Colonial sea trade was built on longer histories of port cities in the Gulf as cosmopolitan entrepôts.Footnote59 British colonial policy in the Gulf was to “uphold the independence” of the ruling families but to ensure that British influence “remained supreme”; treaties to guarantee the safety of British shipping to India were signed with the littoral states (hence the “Trucial” states) throughout the nineteenth century.Footnote60 During the first half of the following century, Abdulaziz Al-Saud (known as Ibn Saud) expanded his territory in the central Arabian Peninsula (the Najd) with the cooperation of clerics following the Islamic teachings of Muhammad Al-Wahhab, as well as the co-option of an armed tribal force of the ikhwan (“brotherhood”) and British and American support, formally establishing the state of Saudi Arabia in 1932.Footnote61 The retreat of British imperial power after World War II precipitated a late wave of state formation: the Al-Sabah of Kuwait declared independence in 1961, whereas the ruling families north of Oman formed the states of the UAE (chiefly Al-Nahyan in Abu Dhabi and Al-Maktoum in Dubai), Qatar (Al-Thani), and Bahrain (Al-Khalifa) in 1971 following official British withdrawal. Sultan Qaboos of Oman came to power after a British-organized coup against his father in 1970 and the suppression of a rebellion in Dhofar, the southern province bordering Yemen, between 1970 and 1977. His cousin Haitham succeeded him in 2020.Footnote62
Though imperial power has ended, coloniality continues to constitute security relations, as the Gulf States still rely on international experts and equipment, predominantly from Euro-America. These states have small populations, ranging from around 35 million in Saudi Arabia to fewer than 3 million in Qatar. Their populations and infrastructure grew rapidly after the discovery of oil and gas reserves across the Persian Gulf and Arabian Peninsula, resources initially extracted under semicolonial conditions.Footnote63 This rapid growth created what Steffen Hertog calls a highly bloated form of “segmented clientelism,” with technocratic “islands of efficiency” the only way to circumvent an overwhelming bureaucracy.Footnote64 Individual advisors—local and international—possess crucial scientific and technological expertise, leading to Toby Craig Jones’s description of Saudi Arabia as “a modern technostate, one in which science and expertise, scientific services, and technical capacity came to define the relationship between rulers and ruled.”Footnote65 Calvert W. Jones has expanded this analysis to the UAE, observing that although foreign experts (in education) are “powerful players,” they nonetheless operate in a “precarious environment, marked by intense rivalry and high turnover.”Footnote66
Cybersecurity relations between the Gulf States and former imperial powers are part of broader intelligence and military cooperation and knowledge flows between Euro-America and the Gulf. Intelligence cooperation began with imperial information-gathering throughout the twentieth century; David Easter highlights that the UK had key signals intelligence outposts in Aden, Bahrain, and Iraq.Footnote67 The UK also had a satellite interception station in Seeb, on the coast of Oman, since at least 1990; in 2009 this station was upgraded to provide access to the large number of undersea internet cables coming ashore there. In Saudi Arabia, the British company Cable & Wireless, which often provided access to data for UK signals intelligence agency GCHQ, won several military contracts following King Fahd’s drive for modernization in 1970 and owned a controlling stake in the Bahrain and UAE telecoms operators founded around the same time.Footnote68
The Gulf States are still major recipients of US and UK security assistance, which is often delivered by companies from the “donor” states. In a 2016 launch of the UK’s Gulf Strategy, Prime Minister Theresa May emphasized that UK intelligence agencies would continue to train their regional counterparts “in cybersecurity” as an example of their collaboration.Footnote69 Recent leaks from former Saudi counterterrorism officials reveal the extent of digital intelligence cooperation between Saudi Arabia and the United States in the years after 9/11.Footnote70 Commercial contracts to “modernize” Saudi intelligence agencies are still closely overseen by US intelligence agencies.Footnote71 Despite this cooperation, the countries of the Five Eyes intelligence alliance (the United States, UK, Canada, Australia, and New Zealand) also view the region as an adversarial target for digital intelligence gathering.Footnote72
Crucially, racial-epistemic hierarchies have continued within the vast transfer of military capabilities from White Europe and the United States to the Gulf States since the latter’s formation (a key means of recycling oil rents).Footnote73 White military historians with extensive experience in the region have highlighted a tension between the procurement of advanced equipment by Gulf militaries, mainly from their European and American allies, and a seeming inability to use it effectively.Footnote74 For example, Kenneth M. Pollack ascribes such problems to “patterns of behavior derived from the dominant Arab culture,” listing “traits of centralization of authority, passivity, conformity, deference to authority, shame avoidance, manipulation of information, disdain for technical work, and atomization of knowledge.”Footnote75 In the context of the Emirati air force, Pollack goes on to juxtapose a supposed lack of “initiative, imagination, flexibility, and a motivation to excel” against the ability of the UAE military to “pay vast amounts to have foreigners handle so much of the maintenance and repair.”Footnote76
Theoretically, we can understand these descriptions as exemplary of what Ahmed Salah Hashim and others have called “military Orientalism.”Footnote77 Military Orientalism ahistorically constructs an unchanging “Islamic” or “Arab” way of war, with cultural factors dominating other, less essentialist and less racialized, explanations for “poor” performance—not least the differing functions of militaries in these states.Footnote78 The economic motivations of Euro-American White military experts—the Gulf States “pay vast amounts”—are replicated in our interviews regarding the field of cybersecurity. More importantly, the binary distinctions of military Orientalism, between the Euro-American White expert (rational, knowledgeable) and the (Gulf) Arab client (culturally passive, conformist, and lacking imagination), underpin the hierarchy of rationality in the cybersecurity expert community detailed above, in addition to these states’ broader reliance on external experts since their formation.
The other notorious form of hierarchy in the Gulf is that between expatriate or migrant workers and “native” Gulf citizens, exemplified in the “kafala” system of employment guarantees.Footnote79 The kafala system, rooted in British colonial practices incorporating the Gulf into British trading routes to the Indian subcontinent, was developed further through pre-oil industries such as pearl diving.Footnote80 Though many works investigate the economic implications of kafala and the Gulf’s high proportion of nonresident workers,Footnote81 a growing body of literature emphasizes the racial basis of this hierarchy. Drawing on postcolonial studies, Neha Vora argues that the way kafala “produces particular expatriate subjects” instantiates the modernity/coloniality relationship discussed above, as it is not just a practice derived from colonial histories; it is also “synchronous with the [neoliberal] privatization of migration.”Footnote82 Bina Fernandez takes this argument further, exploring “racial hierarchies of difference” that support “strategies of commodification and exploitation of labour within global capitalist systems.”Footnote83 While here the Gulf citizen is at the top and Asian and African migrants at the bottom, Euro-American subject positions are “relatively privileged migrants, hired for the symbolic superiority denoted by their ‘whiteness.’”Footnote84 Overall, the racial and colonial history and continuing practice of Gulf citizenship and migration is a crucial foundation for understanding the hierarchy of authority discussed in the first section of this article, making plain how authority is constituted by racial codes.
Putting these two aspects together—the military Orientalism underlying the hierarchy of rationality and colonial migration policies surrounding the hierarchy of authority—the almost organic inclusion of racialized responses in interviews that were not intended to invoke such thinking becomes unsurprising. Cybersecurity in the Gulf today is constituted by coloniality in the form of racial-epistemic hierarchies that determine who is a legitimate knower and who is not. Thus, when an Omani interviewee stated that “the Middle East, in general, is a consuming market, we don’t innovate, we don’t create technology. It is hard to get away from that larger trend,” this is a clear explication of the racial-epistemic hierarchy of rationality, constituting the region as a passive recipient of universal knowledge from Euro-America in line with colonial history.Footnote85 Relatedly, when a Singaporean national explained why they would not disclose cybersecurity vulnerabilities, because “if an incident happens, the stakes are high and you could be kicked out of the country,” this underlines the hierarchy of authority, emphasizing how non-Gulf (and especially non-White) knowers of even the same cybersecurity knowledge are deemed illegitimate.Footnote86 Having shown that racial-epistemic hierarchies are an integral part of Gulf cybersecurity relations, we next show how a decolonial approach can benefit the study of cybersecurity generally.
A Decolonial Research Program for Cybersecurity
In this final section, we consider the broader relevance of decolonial thought for cybersecurity. In doing so, we echo calls made by scholars in related fields to decolonize the study of big data,Footnote87 computing,Footnote88 and terrorism.Footnote89 Decolonial thought is at its core concerned with exposing and undoing epistemic violence, which is the eradication or marginalization of the knowledges (cosmologies, ontologies, epistemologies, conceptualizations, etc.) of various communities around the world, usually perpetrated by Euro-American colonialism and its continuing legacies.Footnote90 It also asserts that in taking seriously knowledges from a plurality of communities, scientific knowledge will be more useful for a greater plurality of communities and, importantly, help dismantle the material injustices enabled by colonial knowledges.
While the empirical analysis above focuses on the racial-epistemic categorization of cybersecurity knowers, the decolonial research program calls for a critical reexamination of the Euro-American epistemic underpinnings of cybersecurity knowledge itself, as well as a radical shift in practice. According to decolonial thought, European and North American definitions of knowledge as objective, neutral, and founded on “Western” rationality have dominated global debates on (social) reality at the expense of the epistemologies of others. This domination was achieved through colonialism’s deliberate and systematic displacement of colonized peoples’ knowledges.Footnote91 The assertion is not just that Euro-American knowledge has marginalized the knowledges of other communities, but that it has simultaneously masked its own idiosyncrasy, thereby casting itself as emerging from nowhere in particular—what Mignolo calls the “the zero point epistemology”Footnote92—and serving no agenda in particular while rendering all other knowledges as relativist and particular, and therefore not worthy of general promulgation. This phenomenon may be understood as “arrogant ignorance”—that is, “pretending to be wide-ranging, or even claiming universal validity, while remaining oblivious to the epistemic diversity of the world.”Footnote93
Decolonial scholarship is by no means confined to the realm of the humanities and social sciences; rather, the natural scientific and engineering knowledges that underpin cybersecurity are equally open to decolonial reimagination. Decolonial scholarship has already challenged the Euro-American ontologies and epistemologies that underpin much of the natural sciences (which should not be conflated with debates about the representation of marginalized groups in STEM disciplinesFootnote94), arguing that other knowledges must be equally engaged in questions about the natural world.Footnote95 For example, Indigenous peoples have developed centuries of knowledge about how to understand and live with the natural world that has allowed them not just to survive but to thrive.Footnote96 As we have noted throughout this article, cybersecurity knowledges are not “zero-point” or universal but have their center of gravity in long-standing Euro-American sites of knowledge production, suggesting that a decolonial research program for cybersecurity is sorely needed.
In the remainder of this section, we extend this decolonial research program in three ways. First, we suggest that cybersecurity beyond the Gulf region is not free of coloniality, interrogating the concept of cybersecurity “maturity” as a racial-epistemic hierarchy that reinforces the modernity/coloniality duality globally. One fruitful avenue for a decolonial research program would thus be to investigate the ways that the concept of “maturity” has shaped who is a legitimate knower in cybersecurity relations across the world. Second, we explore an important source of coloniality in cybersecurity by conceptualizing actors we call the “transnational techno-elite,” who, being predominantly White, Euro-American, and masculine, have constructed themselves as the “mature” knowledge leaders of the digital space. Third, we characterize a decolonial cybersecurity studies as a practice of engaging on an equal and critical basis with the knowledges of the silenced.
Problematizing Global Cybersecurity “Maturity”
Coloniality in cybersecurity can be made visible by interrogating the established concept of “cybersecurity maturity.” From the perspective of decolonial thought, maturity is inherently racialized and gendered in ways shaped by the colonial past. Concepts of maturity and immaturity featured extensively in the colonial imaginary.Footnote97 In this imaginary, maturity describes a hierarchy not just of knowers, but also knowledges, in line with modernist thinking about the divide between evolved and backwards communities. Euro-American knowledges and their possessors (usually White, English-speaking men) are mature, whereas those deemed immature and in need of paternalistic guidance are those who possess non-Euro-American knowledges (usually non-White, non-English-speaking, nonmales).
Technological prowess was a central aspect of colonial attempts to evaluate the maturity of societies, races, and “their” knowledges.Footnote98 For example, development scholars have argued that the introduction of new technologies, such as industrial farming techniques in India, was a key means for colonizers to maintain racial superiority, even after independence, by demonstrating greater technological competence.Footnote99 This hierarchy was cemented by artificially narrow accounts of the origins of key technologies, which silenced their non-Euro-American influences.Footnote100 The imbalance in favor of Euro-American producers in modern development projects is especially stark for the deployment of complex technologies,Footnote101 and this intersects with gendered and other hierarchies.Footnote102
In cybersecurity, maturity is now both an intuitive, loosely understood concept, and a matter of adherence to specific cybersecurity standards. These standards include those produced by the US National Institute for Science and Technology (NIST) and the international standards organization ISO,Footnote103 as well as the Global Cybersecurity Index from the International Telecommunications Union.Footnote104 Some cybersecurity experts explicitly connect judgments of maturity to the Capability Maturity Model (CMMI), which Carnegie Mellon University developed for organizational management.Footnote105 Both intuitive and highly specified versions of maturity in cybersecurity appear unconnected to colonial concepts of maturity above: they do not explicitly include racial or other colonially derived hierarchies, and are focused instead on apparently neutral organizational, regulatory, and technological characteristics.
However, colonial hierarchies are certainly present in supposedly “neutral” judgments of maturity in related fields, including economics, management, and development.Footnote106 Such studies show that even apparently neutral, technological contemporary concepts of maturity are problematic because they import racialized meanings rooted in colonial dynamics and perpetuate or exacerbate global inequalities. A decolonial investigation along these lines would follow its cousins in big data and algorithmic justice by focusing on the ways that racial hierarchies valorize specific kinds of cybersecurity knowledge as mature and worthy of emulation, inscribed in state policy and practice, as well as the “capacity-building” actions of international organizations and multinational technology companies.
The Transnational Techno-elite in Cybersecurity
There is also significant potential in decolonial thought to open new avenues of thinking about who occupies the visible modern space in modernity/coloniality. Thus, we must reveal as idiosyncratic and situated, as opposed to universal and objective, the actors generating knowledge about cybersecurity in order to refute the supposed neutrality in which they are cloaked.Footnote107
We suggest conceptualizing the community producing dominant discourses of cybersecurity as the transnational techno-elite. The transnational techno-elite do not just exist in Silicon Valley; they are a diffuse and networked group of individuals that populate government agencies such as foreign ministries and the military; they shape cybersecurity policies at international organizations; they exchange ideas in prestigious Euro-American university departments; and they spread cybersecurity “best practices” while working for large consultancy firms. They are disproportionately male, young, and English-speaking.
This community mirrors what B. S. Chimni calls the “transnational capitalist class,” a diffuse community with shared interests, ideologies, control over the means of production and unrivaled access to powerful institutions in the Global North and South.Footnote108 Similarly, McKenzie Wark describes a “vectoralist class” who “control the vectors along which information circulates. They own the means of realizing the value of information. Information emerges as a concept precisely because it can be quantified, valued and owned.”Footnote109 Although this community undoubtedly has intersectional implications—in terms of hierarchies of gender, sexuality, class, and others—it importantly generates colonial dynamics.
Tenets of the transnational techno-elite that require decolonial interrogation include assumptions of linear progress that put White Euro-America ahead in a technological race to the utopian future, while the rest must merely catch up;Footnote110 a neoliberal myth of postracial equality and meritocracy;Footnote111 and a radical scientism that represents technology as a neutral solution for highly complex and contingent security issues across all cultures.Footnote112 Many communities and subjectivities are systematically marginalized or missing from this elite, and are constructed as “immature”: vast swathes of Global South populations, women, LGBTQI + persons, Indigenous peoples facing settler colonialism, and the working class, among others. The dynamic generated as a result is one of expertise predominantly from Europe, America, and more recently South Asia, educating Global South communities and integrating them into “advanced” ways of adopting digital technologies.Footnote113 The transnational techno-elite’s understandings and practices determine the disadvantageous terms upon which those outside this elite, the immature, enter debates around cybersecurity, and also ensure their silencing within said debates—to which we now turn.Footnote114
Practicing a Decolonial Cybersecurity
Decolonial thought is not simply about exercising epistemic justice but equally about ensuring knowledge materially serves the many and not only a few. It is a practice of theorizing from the margins: it aims to open space for silenced knowledges from subaltern communities to shape dialogues about the human condition.
The ultimate purpose of a decolonial agenda in cybersecurity is equal dialogue among globally diverse knowledges and practices regarding what it means to be (in)secure in cyberspace. The results of such a shift in practice are theorizations, conceptualizations, and methodologiesFootnote115 rooted in the lived experiences and meaning-makings of a plurality of cultures, ensuring equal, critical engagement with other ways of knowing and being. That is, not only will engaging with the variety of what the global stock of knowledges has to offer greatly expand our understanding of what cybersecurity means in the first place, it will also foster cybersecurity research that serves a plurality of communities, not just Euro-American states and the transnational techno-elite.
Such moves are already being made in related contexts. Indigenous peoples are subject to insecurity in a multiplicity of ways, from physical insecurity in the form of sexual violence and murder, to land insecurity, as their territories are seized and exploited without their consent, to epistemic violence, as their cultures are systematically eroded. Digital technologies have an ambivalent relationship with these various insecurities. For example, websites may be a tool for preserving threatened Indigenous knowledges, but their simplistic visual form is also unable to accommodate the multiplicity of ways that Indigenous knowledges are structured.Footnote116 In light of this, scholars at Concordia University have developed a research program on Indigenous AI, which aims to apply Indigenous ontologies and epistemologies to developing the next generation of artificial intelligence while reclaiming the debate about the role of technology in society.Footnote117 A decolonial cybersecurity informed by Indigenous problematizations may be empowering for other marginalized communities.
For LGBTQI + youth, anonymity can be a necessary form of protection from harm as they seek community and connection online while facing threats of homophobia and transphobia. Nevertheless, digital platforms are pushing evermore for aligning real-world identities with online accounts, thus heightening the insecurity of non-cis, non-hetero persons. For LGBTQI + communities in the Global South, in particular, an online presence without anonymity may put them at risk of threats from the state.Footnote118 Cybersecurity should theorize what it means to be (in)secure online from the perspective of gender and sexual minorities across the world.
On the other hand, Black feminists Moya Bailey and Trudy developed the term “misogynoir” to describe the particular kind of insecurity experienced by Black women due to anti-Black racism and misogyny in areas ranging from healthcare to online activism. In disseminating the concept through their online writings, they found their work questioned, then plagiarized, and, later, their roles in originating the concept erased entirely. As the scholars note ironically, this process of invalidation and eventual erasure “itself reflects misogynoir, as people questioned the intelligence and the validity of a concept that centers how Black women experience misogyny.”Footnote119
A decolonial cybersecurity would engage with the knowledges of Global South and Black feminist thought, and beyond, to craft new conceptualizations and new approaches, open new lines of questioning, and foster critical conversations among a plurality of communities about cybersecurity.
Toward a Decolonial Cybersecurity
Drawing on decolonial insights, this article has sought to demonstrate that a decolonial lens can fruitfully be applied to questions of cybersecurity in IR and security studies. It made the constitutive argument that race operates as a marker of who is a legitimate knower of dominant Euro-American knowledges of cybersecurity and who is not, and therefore whose understandings, experiences, and practices of cybersecurity are privileged. Consequently, we cannot understand cybersecurity without understanding its racial and colonial underpinnings—not only in “peripheral” sites where this construction is highly tangible, such as in the Gulf States, but also in sites such as the United States and Europe, which can be understood as the colonial “core.” The article made this argument in three steps, which together enable us to better understand the presence, origins, and effects of racialized practices in cybersecurity.
First, the article used data from original interviews with cybersecurity professionals in the Gulf to characterize the racist hierarchies of rationality and authority present in their cybersecurity expert communities. These racist hierarchies are absent from dominant accounts of cybersecurity in IR because they fail to account for the colonial context in which cybersecurity operates.
Second, the article applied decolonial thought to interpret the semicolonial history of cybersecurity in the Gulf as constituted by coloniality in the form of racial-epistemic hierarchies. This (contemporary) history illuminates how a hierarchy of rationality operates within long-standing frames of military Orientalism, and how a hierarchy of authority derives from colonial practices of migration and citizenship. In this way, decolonial thought helps us puzzle out the presence of racial hierarchies in Gulf cybersecurity, which, to many IR observers, seems out of place in such a technologically dominated knowledge community.
Third, the article highlighted the significant practical implications of decolonial thought in the study of cybersecurity. Although in a preliminary fashion, the article moved from applying selected decolonial insights toward sketching a more thoroughgoing decolonial approach to the topic. It offered suggestions for how to use decolonial thought to critique current structures of knowledge production, including fostering nonhierarchical dialogues about cybersecurity with epistemologies of marginalized communities such as Indigenous knowledges, Global South theories, (decolonial and Black) feminist epistemologies, and Queer theory, thereby producing new epistemic and material dynamics that are overtly emancipatory. Such approaches would seek an explicitly normative transformation of knowledge production by challenging and, ultimately, rendering obsolete dominant notions and practices of cybersecurity and their constitutive presuppositions, silences, and exclusions.
On a final note, this article considered coloniality predominantly in the form of racialized stereotypes of intelligence and technological ability, but these are far from the only form of epistemic dominance exerted by colonial legacies. An intersectional analysis of gendered and other forms of epistemic hierarchy will be a necessary complement to the research undertaken and suggested here.
Acknowledgments
The authors extend their sincere thanks and gratitude to the editors of the special issue on race and security for their support and guidance, as well as the conveners, discussants, and participants at the online workshops held to discuss this special issue in January and February 2022. The authors would also like to thank the organizers and participants at two workshops where previous versions of this article have been presented: the “Center Colloquium” of the Philipps-University Marburg Center for Conflict Studies in June 2022; and a panel on “The International Dimensions of Cybersecurity” at the British International Studies Association conference in Bath in June 2018.
Notes
1 We borrow this term from Lucy Taylor, “Decolonizing International Relations: Perspectives from Latin America,” International Studies Review 14, no. 3 (September 2012): 393.
2 For a gender analysis of cybersecurity, see Deborah Brown and Allison Pytlak, Why Gender Matters in International Cyber Security (Women’s International League for Peace and Freedom; Association for Progressive Communications, 21 April 2020), https://www.apc.org/sites/default/files/Gender_Matters_Report_Web_A4.pdf; Katharine Millar, James Shires, and Tatiana Tropina, Gender Approaches to Cybersecurity: Design, Defence, and Response (Geneva: United Nations Institute for Disarmament Research, 21 January 2021), https://unidir.org/publication/gender-approaches-cybersecurity.
3 See Audie Klotz and Deepa Prakash, eds., Qualitative Methods in International Relations: A Pluralist Guide (Basingstoke, UK: Palgrave Macmillan, 2008); Dvora Yanow and Peregrine Schwartz-Shea, eds., Interpretation and Method: Empirical Research Methods and the Interpretive Turn (London: Routledge, 2013); Beth L. Leech, “Asking Questions: Techniques for Semistructured Interviews,” Political Science & Politics 35, no. 4 (December 2002): 665–68.
4 Jack L. Amoureux and Brent J. Steele, eds., Reflexivity and International Relations: Positionality, Critique, and Practice (New York: Routledge, 2016).
5 James Shires, The Politics of Cybersecurity in the Middle East (London: Hurst, 2021), 56–63.
6 Interview I-1.
7 Interview I-9.
8 Interview I-12.
9 Interview I-11.
10 Interview I-30.
11 Interview I-26.
12 Interview I-30.
13 Interview I-10.
14 Interview I-4.
15 Interview I-10.
16 Interview I-35.
17 Interview I-33.
18 Interview I-2.
19 Interview I-1.
20 Interview I-12.
21 Interview I-35.
22 Interview I-13.
23 Interview I-24.
24 Interview I-33.
25 Interview I-5.
26 Interview I-1.
27 Interview I-15.
28 Interview I-22.
29 Interview I-34.
30 Interview I-33.
31 Interview I-27.
32 Interview I-21.
33 Interview I-10.
34 Interview I-22.
35 Interview I-17.
36 Interview I-2.
37 Erik Gartzke and Jon R. Lindsay, “Weaving Tangled Webs: Offense, Defense, and Deception in Cyberspace,” Security Studies 24, no. 2 (April–June 2015): 316–48; Rebecca Slayton, “What Is the Cyber Offense-Defense Balance? Conceptions, Causes, and Assessment,” International Security 41, no. 3 (Winter 2016/17): 72–109; Michael P. Fischerkeller and Richard J. Harknett, “Deterrence Is Not a Credible Strategy for Cyberspace,” Orbis 61, no. 3 (Summer 2017): 381–93; Richard J. Harknett and Max Smeets, “Cyber Campaigns and Strategic Outcomes,” Journal of Strategic Studies 45, no. 4 (August 2022): 534–67.
38 Jon R. Lindsay, “Stuxnet and the Limits of Cyber Warfare,” Security Studies 22, no. 3 (July–September 2013): 365–404; Aaron Franklin Brantly, The Decision to Attack: Military and Intelligence Cyber Decision-Making (Athens: University of Georgia Press, 2016); Jon R. Lindsay, “Restrained by Design: The Political Economy of Cybersecurity,” Digital Policy, Regulation and Governance 19, no. 6 (1 January 2017): 493–514; Max Smeets, “The Strategic Promise of Offensive Cyber Operations,” Strategic Studies Quarterly 12, no. 3 (Fall 2018): 90–113; Ben Buchanan, The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics (Cambridge, MA: Harvard University Press, 2020).
39 For example, see Hannes Ebert and Tim Maurer, “Contested Cyberspace and Rising Powers,” Third World Quarterly 34, no. 6 (2013): 1054–74; Martha Finnemore and Duncan B. Hollis, “Constructing Norms for Global Cybersecurity,” American Journal of International Law 110, no. 3 (July 2016): 425–79; Robert Morgus, Jocelyn Woolbright, and Justin Sherman, The Digital Deciders (Washington, DC: New America, 22 October 2018); Andrea Calderaro and Anthony J. S. Craig, “Transnational Governance of Cybersecurity: Policy Challenges and Global Inequalities in Cyber Capacity Building,” Third World Quarterly 41, no. 6 (2020): 917–38.
40 See, for example, Daniel W. Woods and Tyler Moore, “Does Insurance Have a Future in Governing Cybersecurity?” IEEE Security & Privacy 18, no. 1 (January/February 2020): 21–27.
41 Lene Hansen and Helen Nissenbaum, “Digital Disaster, Cyber Security, and the Copenhagen School,” International Studies Quarterly 53, no. 4 (December 2009): 1155–75; Myriam Dunn Cavelty, “From Cyber-Bombs to Political Fallout: Threat Representations with an Impact in the Cyber-Security Discourse,” International Studies Review 15, no. 1 (March 2013): 105–22; Tim Stevens, Cyber Security and the Politics of Time (Cambridge: Cambridge University Press, 2016); James Shires, “Enacting Expertise: Ritual and Risk in Cybersecurity,” Politics and Governance 6, no. 2 (2018): 31–40; James Shires, “Cyber-noir: Cybersecurity and Popular Culture,” Contemporary Security Policy, 41, no. 1 (2020): 82–107; Florian J. Egloff, “Contested Public Attributions of Cyber Incidents and the Role of Academia,” Contemporary Security Policy 41, no. 1 (2020): 55–81; Clare Stevens, “Assembling Cybersecurity: The Politics and Materiality of Technical Malware Reports and the Case of Stuxnet,” Contemporary Security Policy 41, no. 1 (2020): 129–52.
42 For important reviews of the various lineages of decolonizing perspectives, see Leon Moosavi, “The Decolonial Bandwagon and the Dangers of Intellectual Decolonisation,” International Review of Sociology 30, no. 2 (2020): 332–54; Breny Mendoza, “Coloniality of Gender and Power: From Postcoloniality to Decoloniality,” in The Oxford Handbook of Feminist Theory, ed. Lisa Disch and Mary Hawkesworth (Oxford: Oxford University Press, 2016), 100–121; Emma D. Velez and Nancy Tuana, “Toward Decolonial Feminisms: Tracing the Lineages of Decolonial Thinking through Latin American/Latinx Feminist Philosophy,” Hypatia 35, no. 3 (Summer 2020): 366–72.
43 Olivia Umurerwa Rutazibwa, “What’s There to Mourn? Decolonial Reflections on (the End of) Liberal Humanitarianism,” Journal of Humanitarian Affairs 1, no. 1 (1 January 2019): 65–67; Robbie Shilliam, “Decolonising the Grounds of Ethical Inquiry: A Dialogue between Kant, Foucault and Glissant,” Millennium: Journal of International Studies 39, no. 3 (May 2011): 649–65; Lucy Taylor, “Welsh–Indigenous Relationships in Nineteenth Century Patagonia: ‘Friendship’ and the Coloniality of Power,” Journal of Latin American Studies 49, no. 1 (February 2017): 143–68; David L. Blaney and Arlene B. Tickner, “Worlding, Ontological Politics and the Possibility of a Decolonial IR,” Millennium: Journal of International Studies 45, no. 3 (June 2017): 293–311.
44 Walter D. Mignolo, “Delinking: The Rhetoric of Modernity, the Logic of Coloniality and the Grammar of de-Coloniality,” Cultural Studies 21, nos. 2–3 (March/May 2007): 453–84; Jean Baudrillard, “Modernity,” Canadian Journal of Political and Social Theory / Revue canadienne de theorie politique et sociale 11, no. 3 (1987): 63–72.
45 María Lugones, “Toward a Decolonial Feminism,” Hypatia 25, no. 4 (Fall 2010): 742–59; Walter D. Mignolo and Madina V. Tlostanova, “Theorizing from the Borders: Shifting to Geo- and Body-Politics of Knowledge,” European Journal of Social Theory 9, no. 2 (May 2006): 205–6.
46 Mendoza, “Coloniality of Gender and Power,” 114; Nelson Maldonado-Torres, “On the Coloniality of Being: Contributions to the Development of a Concept,” Cultural Studies 21, nos. 2–3 (March/May 2007): 243.
47 Arturo Escobar, Encountering Development: The Making and Unmaking of the Third World (Princeton, NJ: Princeton University Press, 2012); Roxanne Lynn Doty, Imperial Encounters: The Politics of Representation in North-South Relations (Minneapolis: University of Minnesota Press, 1996).
48 Thus María Lugones prefers the language of nonmodernity—that is, the notion that there are ways of making sense of the world that are entirely divorced from modernity and instead emerge from the subjects of coloniality. Lugones, “Toward a Decolonial Feminism,” 743.
49 Olivia Umurerwa Rutazibwa, “From the Everyday to IR: In Defence of the Strategic Use of the R-Word,” Postcolonial Studies 19, no. 2 (June 2016): 191–200.
50 Aníbal Quijano, “Coloniality of Power and Eurocentrism in Latin America,” International Sociology 15, no. 2 (June 2000): 215–32.
51 Robbie Shilliam, “Intervention and Colonial-Modernity: Decolonising the Italy/Ethiopia Conflict through Psalms 68:31,” Review of International Studies 39, no. 5 (December 2013): 1134.
52 Walter D. Mignolo, The Darker Side of the Renaissance: Literacy, Territoriality, and Colonization (Ann Arbor: University of Michigan Press, 1995); Taylor, “Welsh–Indigenous Relationships in Nineteenth Century Patagonia.”
53 Taylor, “Decolonizing International Relations,” 393.
54 Stephanie M. Wildman and Adrienne D. Davis, “Language and Silence: Making Systems of Privilege Visible,” Santa Clara Law Review 35, no. 3 (1995): 881.
55 As Walter Benn Michaels puts it, “Cultural identity both descends from and extends the earlier notion of racial identity.” Michaels, “Race into Culture: A Critical Genealogy of Cultural Identity,” Critical Inquiry 18, no. 4 (Summer 1992): 655–85.
56 Kay Anderson, “The Racialization of Difference: Enlarging the Story Field,” Professional Geographer 54, no. 1 (February 2002): 25–30. For a groundbreaking intervention in this large and growing debate, see Stuart Hall and Paul du Gay, eds., Questions of Cultural Identity (Los Angeles: SAGE, 1996).
57 Euro-American critical theories are also subject to the decolonial challenge described in this article. Perspectives such as poststructuralism, feminism, Frankfurt School scholarship, and even postcolonialism remain rooted in Eurocentric epistemologies. Eurocentrism in knowledge production is therefore endemic not just in mainstream perspectives but also in those who position themselves as the traditional challengers within Euro-American scholarly debates. Though decoloniality draws extensively from postcolonialism and overlaps in several ways with it, some have extended this critique to parts of postcolonial scholarship. Thus, “postcolonial theory ultimately constitutes, at least epistemologically, a Eurocentric critique of Eurocentrism,” according to Syed Mustafa Ali, “A Brief Introduction to Decolonial Computing,” XRDS: Crossroads, the ACM Magazine for Students 22, no. 4 (13 June 2016): 19; see also Ramón Grosfoguel, “Decolonizing Post-Colonial Studies and Paradigms of Political-Economy: Transmodernity, Decolonial Thinking, and Global Coloniality,” Transmodernity: Journal of Peripheral Cultural Production of the Luso-Hispanic World 1, no. 1 (2011): 2; Meera Sabaratnam, “Avatars of Eurocentrism in the Critique of the Liberal Peace,” Security Dialogue 44, no. 3 (June 2013): 259–78; Shilliam, “Decolonising the Grounds of Ethical Inquiry.”
58 Edward W. Said, Orientalism, 25th anniversary ed. (London: Penguin Books, 2003); see also Edward W. Said, “Orientalism Reconsidered,” in Postcolonial Criticism, ed. Bart Moore-Gilbert, Gareth Stanton, and Willy Maley (London: Routledge, 1997), 126–44.
59 Rosemary Said Zahlan, The Making of the Modern Gulf States: Kuwait, Bahrain, Qatar, the United Arab Emirates and Oman (Ithaca, NY: Ithaca Press, 1998); Lawrence G. Potter, ed., The Persian Gulf in Modern Times: People, Ports, and History (New York: Palgrave Macmillan, 2014).
60 Lord Curzon, cited in Sean Foley, The Arab Gulf States: Beyond Oil and Islam (Boulder, CO: Lynne Rienner, 2010), 16.
61 See, for example, Madawi Al-Rasheed, A History of Saudi Arabia, 2nd ed. (New York: Cambridge University Press, 2010); Tim Niblock, Saudi Arabia: Power, Legitimacy and Survival (London: Routledge, 2006).
62 Francis Owtram, A Modern History of Oman: Formation of the State since 1920 (London: I. B. Tauris, 2004); Marc Valeri, Oman: Politics and Society in the Qaboos State (London: Hurst, 2017).
63 Robert Vitalis, America’s Kingdom: Mythmaking on the Saudi Oil Frontier (London: Verso, 2009); Laleh Khalili, Sinews of War and Trade: Shipping and Capitalism in the Arabian Peninsula (London: Verso, 2020).
64 Steffen Hertog, Princes, Brokers, and Bureaucrats: Oil and the State in Saudi Arabia (Ithaca, NY: Cornell University Press, 2011). See also Tim Niblock with Monica Malik, The Political Economy of Saudi Arabia (New York: Routledge, 2007).
65 Toby Craig Jones, Desert Kingdom: How Oil and Water Forged Modern Saudi Arabia (Cambridge, MA: Harvard University Press, 2010), 13–15.
66 Calvert W. Jones, Bedouins into Bourgeois: Remaking Citizens for Globalization (New York: Cambridge University Press, 2017), 178.
67 David Easter, “Spying on Nasser: British Signals Intelligence in Middle East Crises and Conflicts, 1956–67,” Intelligence and National Security 28, no. 6 (2013): 824–44; see also Hugh Wilford, America’s Great Game: The CIA’s Secret Arabists and the Shaping of the Modern Middle East (New York: Basic Books, 2014). Richard J. Aldrich, GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency (London: HarperPress, 2010), 17. Sarah Mainwaring and Richard J. Aldrich have taken this argument further, suggesting that signals intelligence was not merely a side benefit of imperial arrangements but, in the 1950s and 1960s, their key driver. Mainwaring and Aldrich, “The Secret Empire of Signals Intelligence: GCHQ and the Persistence of the Colonial Presence,” International History Review 43, no. 1 (February 2021): 54–71.
68 Department for Trade and Industry, Telecommunications Related Opportunities for UK Companies in the Kingdom of Saudi Arabia (London: UK Government, 1988), 106–7.
69 Teresa May, “Prime Minister’s Speech to the Gulf Co-Operation Council 2016” (UK Government, 2016), https://perma.cc/PFL9-73YR.
70 David Ignatius, “The Dazzling Rise and Tragic Fall of Saudi Arabia’s Mohammed bin Nayef,” Washington Post, 6 July 2020, https://www.washingtonpost.com/opinions/2020/07/05/dazzling-rise-tragic-fall-saudi-arabias-mohammed-bin-nayef/.
71 David Ignatius, “Why the State Department Rejected a Plan to Train Saudi Intelligence,” Washington Post, 5 December 2019, https://perma.cc/39Z2-X8BS; but they are increasingly aware of the risks: Julian E. Barnes and Maggie Haberman, “C.I.A. Warns Former Officers about Working for Foreign Governments,” New York Times, 26 January 2021, https://perma.cc/UDF7-QZTY.
72 The “Crypto AG” scandal, concerning a half-century-old European encryption company controlled by the Central Intelligence Agency, revealed that Saudi Arabia and the UAE had been among many countries targeted by this operation. Leaked documents in 2017 indicated that the National Security Agency (NSA) covertly obtained persistent access to a vast quantity of financial information from UAE banking services provider Eastnets. Media reports also suggest the NSA covertly obtained access to airport and hotel data in Dubai. Separately, the most extensive intelligence operation by the Five Eyes countries in the region, however, was named by private cybersecurity companies as “Equation Group,” and widely believed to be the NSA. Equation Group’s tools include the malware family “Regin”: extremely sophisticated malware discovered by cybersecurity companies on a wide range of organizations worldwide. According to Symantec, 24% of Regin infections observed were in Saudi Arabia, the second-highest single country (after Russia with 28%). For further details of these events, see Greg Miller, “The CIA Secretly Bought a Company That Sold Encryption Devices across the World. Then Its Spies Sat Back and Listened,” Washington Post, 11 February 2020, https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/; Jenna McLaughlin and Zack Dorfman, “‘Shattered’: Inside the Secret Battle to Save America’s Undercover Spies in the Digital Age,” Yahoo! News, 30 December 2019, https://news.yahoo.com/shattered-inside-the-secret-battle-to-save-americas-undercover-spies-in-the-digital-age-100029026.html?guccounter=1; Lorenzo Franceschi-Bicchierai, “This Is How the NSA Infiltrated a Huge Banking Network in the Middle East,” Motherboard: Tech by Vice, 19 April 2017, https://www.vice.com/en/article/aemeqe/nsa-eastnets-hack-banking-network-middle-east; Symantec Security Response, “Regin: Top-Tier Espionage Tool Enables Stealthy Surveillance, version 1.1,” Symantec Security Response Blog, 27 August 2015, 6, https://docs.broadcom.com/doc/regin-top-tier-espionage-tool-15-en.
73 Anthony H. Cordesman with Michael Peacock, Military Spending and Arms Sales in the Gulf: How the Arab Gulf States Now Dominate the Changes in the Military Balance (Washington, DC: Center for Strategic & International Studies, 28 April 2015); Pieter D. Wezeman et al., Trends in Arms Transfers, 2018 (Stockholm: Stockholm International Peace Research Institute, March 2019).
74 See, for example, Athol Yates, “Western Expatriates in the UAE Armed Forces, 1964–2015,” Journal of Arabian Studies 6, no. 2 (2016): 182–200; Zoltan Barany, “Foreign Contract Soldiers in the Gulf,” Carnegie Middle East Center, 5 February 2020; David B. Roberts, “Bucking the Trend: The UAE and the Development of Military Capabilities in the Arab World,” Security Studies 29, no. 2 (April–May 2020): 301–34.
75 Kenneth M. Pollack, Sizing Up Little Sparta: Understanding UAE Military Effectiveness (Washington, DC: American Enterprise Institute, October 2020), 33, https://www.aei.org/research-products/report/sizing-up-little-sparta-understanding-uae-military-effectiveness/; for further discussion, see Kenneth M. Pollack, Armies of Sand: The Past, Present, and Future of Arab Military Effectiveness (New York: Oxford University Press, 2019).
76 Pollack, Sizing Up Little Sparta, 34.
77 Ahmed Salah Hashim, “Military Orientalism: Middle East Ways of War,” Middle East Policy 26, no. 2 (Summer 2019): 31–47; Patrick Porter, Military Orientalism: Eastern War through Western Eyes (London: Hurst, 2009); Tarak Barkawi and Keith Stanski, eds., Orientalism and War (New York: Oxford University Press, 2013).
78 In Saudi Arabia specifically, these organizations represent a separate power base but also significant prestige. In the region more widely, they are domestically focused on repression, rather than external threats. See, for example, Hazem Kandil, The Power Triangle: Military, Security, and Politics in Regime Change (Oxford: Oxford University Press, 2016).
79 Although for a critical examination of the complex citizenship claims of UAE “natives,” see Noora Lori, Offshore Citizens: Permanent Temporary Status in the Gulf (Cambridge: Cambridge University Press, 2019).
80 Anh Nga Longva, Walls Built on Sand: Migration, Exclusion, and Society in Kuwait (London: Routledge, 2019 [1997]).
81 For an exploration and critique of this approach, see Abdulhadi Khalaf, Omar AlShehabi, and Adam Hanieh, eds. Transit States: Labour, Migration and Citizenship in the Gulf (London: Pluto Press, 2015).
82 Neha Vora, Impossible Citizens: Dubai’s Indian Diaspora (Durham, NC: Duke University Press, 2013), 3, 14.
83 Bina Fernandez, “Racialised Institutional Humiliation through the Kafala,” Journal of Ethnic and Migration Studies 47, no. 19 (December 15, 2021): 4344–61.
84 Fernandez, “Racialised Institutional Humiliation through the Kafala,” 4348.
85 Interview I-4.
86 Interview I-15.
87 Nick Couldry and Ulises Ali Mejías, “The Decolonial Turn in Data and Technology Research: What Is at Stake and Where Is It Heading?” Information, Communication & Society 26, no. 4 (2023): 786–802.
88 Ali, “Brief Introduction to Decolonial Computing.”
89 Ilyas Mohammed, “Decolonialisation and the Terrorism Industry,” Critical Studies on Terrorism 15, no. 2 (June 2022): 417–40.
90 Aníbal Quijano, “Coloniality and Modernity/Rationality,” Cultural Studies 21, nos. 2–3 (March/May 2007): 168–78.
91 Sabelo J. Ndlovu-Gatsheni, “The Dynamics of Epistemological Decolonisation in the 21st Century: Towards Epistemic Freedom,” Strategic Review for Southern Africa 40, no. 1 (2018): 23–26; see also the crucial Ngũgĩ wa Thiong’o, Decolonising the Mind: The Politics of Language in African Literature, reprint (London: James Currey, 2005), 10–13.
92 Walter D. Mignolo, “Epistemic Disobedience, Independent Thought and Decolonial Freedom,” Theory, Culture & Society 26, no. 7–8 (December 2009): 160.
93 Rosalba Icaza and Rolando Vázquez, “Diversity or Decolonisation? Researching Diversity at the University of Amsterdam,” in Decolonising the University, ed. Gurminder K. Bhambra, Dalia Gebrial, and Kerem Nişancıoğlu (London: Pluto Press, 2018), 112. Note that heteronormativity and anthropocentricity are not problems only of Euro-American knowledge, but Euro-American epistemes require special attention from the decolonial perspective because they are hegemonic.
94 Maureen Mauk, Rebekah Willett, and Natalie Coulter, “The Can-Do Girl Goes to Coding Camp: A Discourse Analysis of News Reports on Coding Initiatives Designed for Girls,” Learning, Media and Technology 45, no. 4 (December 2020): 395–408.
95 Linda Nordling, “How Decolonization Could Reshape South African Science,” Nature 554, no. 7691 (February 2018): 159–62; Robert P. Crease, Joseph D. Martin, and Richard Staley, “Decolonizing Physics: Learning from the Periphery,” Physics in Perspective 21, no. 2 (June 2019): 91–92; Rohan Deb Roy, “Science Still Bears the Fingerprints of Colonialism,” Smithsonian Magazine (blog), 9 April 2018, https://www.smithsonianmag.com/science-nature/science-bears-fingerprints-colonialism-180968709/.
96 Mātauranga Māori is one example, see “Mātauranga Māori and Science,” Science Learning Hub, accessed 21 October 2022, https://www.sciencelearn.org.nz/resources/2545-matauranga-maori-and-science; see also the Decolonizing Light project hosted by Concordia University, Canada, which engages Indigenous knowledges in the study of natural light: “Decolonising Light: Tracing and Countering Colonialism in Contemporary Physics,” Decolonizing Light, accessed 21 October 2022, https://decolonizinglight.com/.
97 This is exemplified by the beginning of Immanuel Kant’s famous essay, “What Is Enlightenment?”: “Enlightenment is man’s emergence from his self-incurred immaturity. Immaturity is the inability to use one’s own understanding without the guidance of another.” The unequal power relationship of “guidance,” implicit in his definition, captures Kant’s contradictory perspective on colonial practices. See Walter D. Mignolo, “The Many Faces of Cosmo-Polis: Border Thinking and Critical Cosmopolitanism,” Public Culture 12, no. 3 (Fall 2000): 733–36; Immanuel Kant, “An Answer to the Question: What Is Enlightenment?” in James Schmidt, ed., What Is Enlightenment? Eighteenth-Century Answers and Twentieth-Century Questions (Berkeley: University of California Press, 1996 [1784]), Katrin Flikschuh and Lea Ypi, eds., Kant and Colonialism: Historical and Critical Perspectives (Oxford: Oxford University Press, 2014); Gayatri Chakravorty Spivak, A Critique of Postcolonial Reason: Toward a History of the Vanishing Present (Cambridge, MA: Harvard University Press, 1999).
98 Michael Adas, Machines as the Measure of Men: Science, Technology, and Ideologies of Western Dominance (Ithaca, NY: Cornell University Press, 2015 [1989]).
99 Akhil Gupta, Postcolonial Developments: Agriculture in the Making of Modern India (Durham, NC: Duke University Press, 1998).
100 John M. Hobson, The Eastern Origins of Western Civilisation (Cambridge: Cambridge University Press, 2004).
101 Madeline Akrich, “The De-Scription of Technical Objects,” in Shaping Technology/Building Society: Studies in Sociotechnical Change, ed. Wiebe E. Bijker and John Law (Cambridge, MA: MIT Press, 1994), 205–24.
102 Sandra Harding, Is Science Multicultural? Postcolonialisms, Feminisms, and Epistemologies (Bloomington: Indiana University Press, 1998).
103 For recent versions, see International Standards Organization, “ISO/IEC 27001: 2022,” October 2022, https://www.iso.org/standard/82875.html; National Institute for Standards and Technology, “Cybersecurity Framework, version 1.1,” April 2018, https://www.nist.gov/cyberframework/framework.
104 The Global Cybersecurity Capacity Centre at the University of Oxford has also designed a well-known maturity model for cybersecurity. However, this model has not been applied in the GCC and it was not mentioned in interviews, so we do not consider it here.
105 CMMI Institute, “What Is Capability Maturity Model Integration (CMMI)®?” 2017, https://perma.cc/QHS6-WFFD.
106 Timothy Mitchell, Rule of Experts: Egypt, Techno-Politics, Modernity (Berkeley: University of California Press, 2002); V. Spike Peterson, A Critical Rewriting of Global Political Economy: Integrating Reproductive, Productive and Virtual Economies (London: Routledge, 2003); John M. Hobson, “Civilizing the Global Economy: Racism and the Continuity of Anglo-Saxon Imperialism,” in Global Standards of Market Civilization, ed. Brett Bowden and Leonard Seabrooke (London: Routledge, 2007), 60–76; Michal Frenkel and Yehouda Shenhav, “From Americanization to Colonization: The Diffusion of Productivity Models Revisited,” Organization Studies 24, no. 9 (November 2003): 1537–61.
107 For example, Ali states that “decolonial computing, as a ‘critical’ project, is about interrogating who is doing computing, where they are doing it, and, thereby, what computing means both epistemologically (i.e. in relation to knowing) and ontologically (i.e. in relation to being),” Ali, “Brief Introduction to Decolonial Computing,” 5. Emphasis in the original. See also Syed Mustafa Ali, “Prolegomenon to the Decolonization of Internet Governance,” in Internet Governance in the Global South: History, Theory and Contemporary Debates, ed. Daniel Oppermann (Sao Paulo: NUPRI University of Sao Paulo, 2018), 118.
108 B. S. Chimni, “International Institutions Today: An Imperial Global State in the Making,” European Journal of International Law 15, no. 1 (February 2004): 4–6; see also William I. Robinson and Jerry Harris, “Towards a Global Ruling Class? Globalization and the Transnational Capitalist Class,” Science & Society 64, no. 1 (Spring 2000): 11–54; Peter M. Haas, “Introduction: Epistemic Communities and International Policy Coordination,” International Organization 46, no. 1 (Winter 1992): 1–35.
109 McKenzie Wark, “Information Wants to Be Free (But Is Everywhere in Chains),” Cultural Studies 20, nos. 2–3 (March/May 2006): 172.
110 Kieron O’Hara, “The Contradictions of Digital Modernity,” AI & Society 35, no. 1 (March 2020): 197–208; Stevens, Cyber Security and the Politics of Time.
111 Safiya Umoja Noble and Sarah T. Roberts, “Technological Elites, the Meritocracy, and Postracial Myths in Silicon Valley,” in Racism Postrace, ed. Roopali Mukherjee, Sarah Banet-Weiser, and Herman Gray (Durham, NC: Duke University Press, 2019), 113–32.
112 Safiya Umoja Noble, Algorithms of Oppression: How Search Engines Reinforce Racism (New York: New York University Press, 2018); Cathy O’Neil, Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy (London: Penguin, 2017); Mario Koran, “Black Facebook Staff Describe Workplace Racism in Anonymous Letter,” Guardian, 13 November 2019, https://amp.theguardian.com/technology/2019/nov/13/facebook-discrimination-black-workers-letter; Mimi Onuoha, “What Is Missing Is Still There,” YouTube video, accessed 21 October 2022, https://www.youtube.com/watch?v=57Lgztk62uY&t=6s.
113 Michael Kwet, “Digital Colonialism: US Empire and the New Imperialism in the Global South,” Race & Class 60, no. 4 (April–June 2019): 3–26; Renata Ávila Pinto, “Digital Sovereignty or Digital Colonialism?” Sur International Journal on Human Rights 15, no. 27 (July 2018): 15–27; Nima Elmi, “Is Big Tech Setting Africa Back?” Argument (blog), Foreign Policy, 2020, https://foreignpolicy.com/2020/11/11/is-big-tech-setting-africa-back/; Ussal Sahbaz, “Artificial Intelligence and the Risk of New Colonialism,” Horizons: Journal of International Relations and Sustainable Development, no. 14 (Summer 2019): 58–71; Gado Alzouma, “Myths of Digital Technology in Africa: Leapfrogging Development?” Global Media and Communication 1, no. 3 (December 2005): 339–56; Rex Troumbley, “Colonization.com: Empire Building for a New Digital Age,” East-West Affairs 1, no. 4 (July–December 2013): 93–107; Toussaint Nothias, “Access Granted: Facebook’s Free Basics in Africa,” Media, Culture & Society 42, no. 3 (April 2020): 329–48; Elia Zureik, “Settler Colonialism, Neoliberalism and Cyber Surveillance: The Case of Israel,” Middle East Critique 29, no. 2 (2020): 219–35; Jason C. Young, “The New Knowledge Politics of Digital Colonialism,” Environment and Planning A: Economy and Space 51, no. 7 (October 2019): 1424–41; Danielle Coleman, “Digital Colonialism: The 21st Century Scramble for Africa through the Extraction and Control of User Data and the Limitations of Data Protection Laws,” Michigan Journal of Race and Law 24, no. 2 (2019): 417–39.
114 While what might be termed the “jaded” character of cybersecurity experts confronted with persistent cyber insecurity would seem to contradict the narratives of technological progress fundamental to the transnational techno-elite, they are in fact two sides of the same coin. Cybersecurity experts must deal with what, in their view, is an inevitable side effect of technological development, but due to its continuous production of dissatisfied or marginalized opponents, such side effects (interpreted as cybersecurity threats) can only ever be contained or kept at bay, never eliminated.
115 Bagele Chilisa, Indigenous Research Methodologies, 2nd ed. (Los Angeles: SAGE, 2020); Linda Tuhiwai Smith, Decolonizing Methodologies: Research and Indigenous Peoples, 3rd ed. (London: Zed Books, 2021).
116 Ben van Gelderen and Kathy Guthadjaka, “The Warramiri Website: Applying an Alternative Yolŋu Epistemology to Digital Development,” Research and Practice in Technology Enhanced Learning 12, no. 1 (December 2017): 14.
117 For the project website, see https://www.indigenous-ai.net/.
118 Laura DeNardis and Andrea M. Hackl, “Internet Control Points as LGBT Rights Mediation,” Information, Communication & Society 19, no. 6 (2016): 762–64.
119 Moya Bailey and Trudy, “On Misogynoir: Citation, Erasure, and Plagiarism,” Feminist Media Studies 18, no. 4 (2018): 764.