The technopolitics of cybersecurity Sociotechnical configurations, epistemic devices, and the production of knowledge

This thesis critically examines how cybersecurity knowledge is produced and the political implications thereof. Dominant approaches tend to frame cybersecurity as a technical or strategic tool to defend powerful states and corporations. This enacts a universalised conception of danger that legitimises pervasive surveillance, anticipatory intervention, and hierarchical authority. Such framings risk neglecting the mundane, everyday practices and unintended consequences of cybersecurity technologies that shape how insecurity is imagined and governed. At the intersection of Critical Security Studies (CSS) and Science and Technology Studies (STS), this thesis develops a conceptual vocabulary for analysing cybersecurity as sociotechnical configurations in which humans and technologies are co-produced. Empirically, it demonstrates how cybersecurity infrastructures and practices – from standardisation processes to intrusion detection systems – create imaginaries of omniscience that privilege Western, state-centric interests while marginalising alternative epistemologies and lived experiences. By studying how knowledge about threats and risks is constructed through computational ordering and automation, the thesis shows how irregularities are increasingly suspicioned as dangers, producing new categories of insecurity. Ultimately, it argues that cybersecurity is not merely reactive but a technopolitical project that reproduces asymmetries of power, erodes democratic oversight, and transforms everyday security practices into instruments of algorithmic governance. By resisting closures that cast the world as inherently insecure, this research contributes to a broader critical project that reasserts the political stakes of cybersecurity and opens space for democratic contestation and alternative futures.