INSIDER will map and analyse the fundamental tensions between national security interests and private sector profit motive, often disavowed by policymakers.
The project zooms in on the case of insider threat management programs and (cyber)security compliance products on the market sold to Norwegian private sector operators of critical infrastructure and corporations operating in Norway.
Main goals
INSIDER will
- analyse the fundamental tensions and conflicts of interest built into security compliance and insider threat programs sold as one-stop-shop products by management consulting and tech firms for regulatory and (cyber)security compliance,
- evaluate the national security risks and new threats that may stem from these tensions
and from the implementation of these programs by private sector actors through a multi-level analysis, - place the case study within a larger analysis of the geopolitical context of great power competition, weaponization of interdependence, and the intersection of ‘regulatory capitalism’ and ‘surveillance capitalism’ , and
- deliver a risk analysis of compliance security solutions on the market from the perspective of total defence, national security and the interests of the Norwegian defence sector , critically evaluating the potential risks, unintended consequences, and even threats posed by policy-driven (over)reliance on private sector security compliance solutions in achieving the goals of total defence.
Methods
INSIDER will further utilize open-source analysis, interviews, case studies and reflexive methodology, and qualitative and evaluative approaches as well as risk analysis. This has not been done before; there are no critical academic studies or independent evaluations of insider threat management and security compliance in Norway.
Policy makers have so far relied for advice on the same management consulting firms that sell insider threat programs and security compliance products. INSIDER will fill this serious gap in independent, academic, and policy-relevant knowledge and deliver high-quality research; the project will organize a workshop, a conference, deliver an academic publication, policy brief and an independent risk analysis.
