Abstract
Big tech companies authoritatively produce data, information, and knowledge about cybersecurity threats to individuals, businesses, and states. But how do they render international cybersecurity phenomena knowable? Through which practices, means, and devices is this knowledge generated? This paper argues that examining the epistemic infrastructural power of big tech companies addresses these questions. Drawing on International Relations and Science and Technology Studies scholarship highlighting infrastructure’s role in knowledge production, the paper first conceptualizes epistemic infrastructural power. Second, it integrates this conceptualization with big tech companies’ unique position forming the infrastructural core of digitized societies, economies, and lives, alongside existing analysis of their security governance role. This develops a conceptual lens enabling exploration of diverse empirical manifestations of big tech epistemic infrastructural power, particularly regarding cybersecurity knowledge production and performativity. This matters politically because cybersecurity knowledge production is not a neutral or a-political endeavor, but a type of practice that co-constitutes entities and relations in the world by naming, categorizing, producing, and presenting specific realities or truths, serving as references for governance and policy decisions and practices. Third, the paper demonstrates this analytical framework's value by exploring Microsoft’s cybersecurity knowledge production during the Ukraine war. Extensive use of Microsoft products in Ukrainian public and private digital infrastructure enabled the company to collect, monitor, and analyze data about malicious network activities, positioning Microsoft as a significant gatekeeper and communicator of war-related cybersecurity knowledge. The paper concludes by reflecting on what governance object cybersecurity becomes through these dynamics and discussing wider implications for global security governance. The analysis reveals how big tech companies’ infrastructural position grants them distinctive epistemic authority in defining cybersecurity threats and shaping corresponding governance responses, raising critical questions about knowledge power in contemporary international security.
Panel: Virtually Transformed? Digital Infrastructures, Competition, and Governance