CIRCUIT: Assessment Framework

The assessment framework is designed to demonstrate sophisticated understanding of how cybersecurity emerges through assemblages while developing practical capabilities for analyzing and improving critical infrastructure protection in complex sociotechnical contexts.

Assessment Overview

This assessment framework employs posthuman cybersecurity analysis to examine the Ribera Municipal Utilities incident through analytic lenses that recognize distributed agency and relational responsibility while simultaneously tracing how temporal complexity manifests across multiple scales—from microsecond SCADA responses to decades-long infrastructure modernization cycles—revealing how cybersecurity emerges not through individual human decisions or isolated technological capabilities but through dynamic assemblages where humans, technologies, protocols, and institutions continuously negotiate threat landscapes. It’s about the networks. The framework deliberately refuses the artificial separation between social and technical domains that characterizes most cybersecurity education.

Customization

This framework serves as your starting point for the CIRCUIT demonstration case—adapt it ruthlessly to match your students’ developmental needs and institutional context.

Prerequisites and Conceptual Framework

What You Need Before Starting

Before engaging with this assessment framework, students should understand:

Basic cybersecurity concepts: Threat detection, incident response, vulnerability management
Industrial control systems fundamentals: SCADA, HMI, OT/IT networks (see Section 2.2 for refresher)
Academic analysis skills: Close reading of technical documents, evidence-based argumentation
Critical theory foundations: Familiarity with questioning traditional assumptions about technology and society

Cognitive Load Management

This assessment integrates multiple challenging domains simultaneously. If students seem to be struggling, focus first on understanding the technical artifacts (Section 2.2) before moving to posthuman theoretical applications. The worked example in Section 2.4 demonstrates integration strategies.

Technical Background

To effectively analyze the CIRCUIT artifacts, you need familiarity with industrial control system architecture and cybersecurity practices in critical infrastructure contexts.

SCADA Systems (Supervisory Control and Data Acquisition) monitor and control industrial processes like power generation and distribution. These systems collect data from sensors across the infrastructure and allow operators to adjust settings remotely. Modern SCADA implementations integrate with business networks while maintaining operational isolation.

Human-Machine Interface (HMI) systems provide the graphical displays and controls that operators use to interact with SCADA systems. HMIs translate automated system data into human-readable formats and allow operators to override automated responses when necessary.

OT/IT Network Architecture: Operational Technology (OT) controls physical processes like opening circuit breakers or adjusting voltage levels. Information Technology (IT) manages data communications and business processes. Smart grid modernization increasingly integrates these previously separate domains.

Industrial Communication Protocols: Unlike standard internet protocols, industrial systems use specialized communications including Modbus (serial communication for device networking), DNP3 (power system automation), and EtherNet/IP (industrial Ethernet). These protocols prioritize reliability and deterministic timing over flexibility.

Smart Grid Infrastructure enhances traditional electrical systems with two-way digital communication capabilities. Smart meters, automated switching systems, and distributed energy resources create new capabilities for grid optimization—and new attack surfaces for cybersecurity threats.

Posthuman Cybersecurity Concepts

The assessment framework applies theoretical concepts that may be unfamiliar from traditional cybersecurity education. These concepts require careful application to avoid oversimplification.

Assemblages are heterogeneous networks of human actors, technological systems, protocols, and institutions that produce outcomes through their relationships rather than through individual capabilities. In cybersecurity contexts, security emerges from assemblage dynamics rather than from human decisions or technological features alone.

Key insight: Don’t think of assemblages as “teams” or “systems.” They’re dynamic networks that form and reform based on specific situations. The Ribera Municipal Utilities response assemblage included automated SCADA responses, human operator expertise, vendor support networks, regulatory compliance requirements, and federal coordination—all operating simultaneously.

Distributed Agency recognizes that both humans and non-human actors (technologies, protocols, institutions) participate actively in producing outcomes. This differs from treating technology as neutral tools that humans control or autonomous systems that replace human judgment.

Key insight: Look for moments where technological systems make decisions independently (automated threat isolation) AND where human expertise is essential (interpreting alerts within operational contexts). Agency distributes across these relationships rather than residing in individual actors.

Response-ability (Donna Haraway’s concept) refers to relational responsibility that emerges through network relationships rather than individual accountability. Response-ability involves the capacity to respond appropriately to others (human and non-human) within specific situations.

Key insight: Instead of asking “Who was responsible for security?” ask “How did different actors demonstrate response-ability to each other throughout the incident?” This shifts focus to relational ethics rather than individual blame.

Material-Semiotic Practices recognize that technical systems and meaning-making practices co-constitute each other. Technologies don’t just implement human intentions—they actively shape what becomes possible to think and do.

Key insight: Smart grid technologies don’t just make infrastructure “more efficient”—they transform what infrastructure governance means, who participates in it, and how cybersecurity gets practiced.

Worked Example: Posthuman Analysis of SCADA Logs

To demonstrate how posthuman concepts apply to technical cybersecurity artifacts, consider this brief analysis of SCADA alert patterns from the Ribera Municipal Utilities incident:

Traditional Analysis Approach

“At 14:23:07, the SCADA system detected unauthorized access attempts and alerted human operators, who then decided to isolate affected substations.”

Posthuman Analysis Approach

“The 14:23:07 SCADA alerts demonstrate distributed agency operating across human-technology assemblages. The automated systems didn’t simply ‘detect’ threats—they actively participated in threat assessment by correlating multiple sensor inputs, comparing patterns against baseline operations, and prioritizing alerts based on grid stability algorithms. Simultaneously, human operators David Kim and Maria Santos brought interpretive capabilities that allowed them to contextualize these alerts within broader operational knowledge, including understanding of equipment maintenance schedules and regional load patterns that automated systems couldn’t access.

The isolation response emerged through assemblage coordination rather than individual decision-making. Automated protocols initiated preliminary isolation procedures based on threat severity algorithms, while human expertise guided selective overrides to maintain power delivery to critical services like . Neither humans nor technologies could have achieved effective threat containment independently—security emerged through their relational coordination.”

Key Differences:

Moves from sequential causation (system detects → human decides → action happens) to relational emergence
Recognizes both automated and human contributions without privileging either
Shows how security outcomes emerge from assemblage coordination rather than individual capabilities
Avoids both techno-solutionism (“better systems solve problems”) and anthropocentrism (“humans control technology”)

Applying This Approach

When analyzing artifacts, look for moments where:

Multiple actors contribute simultaneously to outcomes
Technologies make independent decisions that shape what becomes possible
Human expertise complements rather than controls technological capabilities
Coordination emerges dynamically rather than following predetermined procedures
Responsibility distributes across networks rather than residing in individuals

Use specific artifact evidence to demonstrate these dynamics rather than simply asserting they exist.

Learning Objectives

Through this engagement with posthuman cybersecurity methodology, students develop competencies that extend beyond traditional human-centered or technology-focused approaches to infrastructure protection, demonstrating sophisticated understanding of how agency distributes across sociotechnical networks while simultaneously developing practical capabilities for analyzing multi-stakeholder coordination challenges that emerge during critical incidents. Students will:

Trace distributed agency patterns across automated systems, human expertise, and organizational protocols during critical infrastructure incidents
Map multi-stakeholder coordination networks as they form and evolve across municipal, vendor, regulatory, and federal response domains
Apply posthuman ethics frameworks to responsibility distribution in complex sociotechnical systems. This means abandoning individual blame.
Design response strategies that work with assemblages rather than treating technology as neutral tool
Analyze technical communication and media mediation by examining how cybersecurity incidents become transformed through tech journalism practices and public discourse formation

Example I: Artifact Trace Analysis

Using the complete artifact collection, trace how agency distributes across human and non-human actors throughout the incident—examining not just what people decided or what technologies accomplished, but how cybersecurity outcomes emerged through the dynamic interactions between SCADA systems, human operators, organizational protocols, regulatory frameworks, and communication infrastructures that collectively constitute the response assemblage. This isn’t about cataloging actors. This approach recognizes that cybersecurity effectiveness materializes through relationships rather than individual capabilities.

Enhanced Analysis Note: During development of this methodology, I discovered that GRID WIRE’s journalistic representation itself demonstrates distributed agency operating between technical experts, journalists, and emerging public understanding. Pay attention to how cyberpunk narrative elements like “The Grid Fought Back” actively shape perception of technological agency rather than simply reflecting it.

Distributed Agency Recognition

Analysis Framework:

Technological Agency Documentation
- SCADA System Actions: How did automated systems participate in threat detection and response coordination? What actions did systems take independently of human operators?
- Smart Grid Infrastructure: How did smart meter networks and communication protocols shape both vulnerability patterns and protective capabilities?
- Network Segmentation: How did automated isolation protocols participate in containing the threat while maintaining grid operations?

Evidence Needed: Ground your analysis in specific artifact content—alert logs, email exchanges, regulatory filings—that reveals technological agency operating beyond simple tool use. Look for moments where systems act.

Human-Technology Coordination
- Operational Expertise: How did David Kim and Maria Santos work symbiotically with technological systems throughout the incident?
- Interpretive Capabilities: Where did human expertise complement technological capabilities in threat assessment and response coordination?
- Multi-Domain Knowledge: How did human operators translate between technological alerts and organizational/regulatory requirements?

Evidence Needed: Document those crucial moments where human expertise and technological capabilities worked symbiotically to produce outcomes neither could achieve independently—this is where posthuman approaches become practically visible in cybersecurity work.

Assemblage Formation Analysis
- Network Mobilization: How did different organizations (RMU, Phoenix Edison, ACC, DHS) form a coordinated response network?
- Infrastructure Relationships: What role did both human relationships and technological infrastructures play in enabling rapid multi-stakeholder coordination?
- Temporal Dynamics: How did the assemblage evolve over the 72-hour incident period?

Evidence Needed: Map the formation and evolution of response networks through artifact analysis. Show how assemblages emerge dynamically. They don’t exist as fixed organizational structures waiting to be activated—they coalesce through the incident itself.

Format: 1,500-2,000 words with specific artifact citations

Evaluation Criteria

Conceptual Understanding: Demonstrates comprehension of distributed agency as distinct from individual human or technological action
Evidence Integration: Uses specific artifact details to support analysis rather than general observations
Assemblage Mapping: Shows how networks of actors (human and non-human) formed dynamically in response to the incident
Critical Analysis: Goes beyond description to analyze how distributed agency shaped cybersecurity outcomes

Example II: Multi-Stakeholder Ethics Assessment

This analysis examines how responsibility for critical infrastructure protection distributes across stakeholder networks while revealing how ethical obligations emerge through relationships rather than residing in individual decisions or organizational mandates—a fundamentally different approach to cybersecurity ethics that recognizes accountability as relational achievement rather than individual possession. Responsibility is networked. The framework draws from feminist science and technology studies to understand how “response-ability” operates across human-technology assemblages rather than being contained within traditional organizational boundaries.

Enhanced Analysis Note: The GRID WIRE coverage reveals fascinating tensions between journalist ethics in reporting critical infrastructure vulnerabilities and operational security requirements—tensions that themselves demonstrate how ethical obligations emerge relationally rather than through individual professional codes.

Response-ability in Infrastructure Security

Ethical Framework Application:

Multi-Actor Accountability Analysis
- Responsibility Distribution: Based on the artifacts, how should accountability for infrastructure protection be distributed among automated systems, human operators, vendor support, and regulatory oversight?
- Relational Ethics: How do ethical obligations emerge through relationships between stakeholders rather than existing as individual responsibilities?
- Response-ability: Using Donna Haraway’s concept of “response-ability,” analyze how stakeholders demonstrated the ability to respond to each other and to technological systems during the incident.

Evidence Needed: Use specific artifact examples to demonstrate how responsibility operates across networks. Individual actors don’t “have” responsibility—they participate in responsibility networks.

Temporal Ethics Assessment
- Future-Making: What obligations emerge from this incident for future infrastructure development? How do current technological choices affect future vulnerability and protection possibilities?
- Intergenerational Responsibility: How does smart grid modernization create both opportunities and obligations for future community security?
- Anticipatory Ethics: How should the response to this incident shape proactive measures for emerging threats not yet imagined?

Evidence Needed: Connect artifact evidence to broader questions about how present decisions actively shape future possibilities for both vulnerability and protection—this is where posthuman approaches reveal their practical implications for cybersecurity policy.

Community Care Analysis
- Care Networks: How did different stakeholders demonstrate care for community welfare throughout the incident? Consider utility workers, city officials, federal agencies, and media coverage.
- Situated Ethics: How did specific local contexts (municipal utility, Arizona regulatory environment, federal coordination) shape ethical responses?
- Public Engagement: Evaluate the media coverage and community advocacy response through frameworks of care ethics and public accountability.

Evidence Needed: Analyze artifact evidence for demonstrations of care that extend beyond formal compliance. Look for care practices that exceed professional obligations—these reveal how ethical responses emerge through relationships rather than rules.

Format: 1,500-2,000 words with theoretical framework integration

Evaluation Criteria

Theoretical Application: Effectively applies posthuman ethics concepts to infrastructure cybersecurity context
Relational Analysis: Demonstrates understanding of how ethical obligations emerge through relationships rather than individual decisions
Community Context: Connects cybersecurity incident to broader questions of community care and public welfare
Future Orientation: Considers how current decisions shape future possibilities and responsibilities

Example III: Assemblage-Informed Recommendations

Develop evidence-based recommendations for improving critical infrastructure cybersecurity that work with assemblages rather than against them—recognizing that effective security emerges through enhanced human-technology coordination rather than through better human control over technological systems or more sophisticated technological replacement of human judgment. Security is relational. Your recommendations should demonstrate understanding of how to design interventions that strengthen assemblage formation rather than optimizing individual components in isolation.

Enhanced Analysis Note: Communication strategies for translating technical incidents into public policy discussions themselves participate in cybersecurity assemblages by shaping how communities understand infrastructure vulnerabilities and protection possibilities. Assess how media framing actively influences public support for infrastructure cybersecurity investments rather than simply reflecting technical realities.

Posthuman Cybersecurity Strategy

Strategy Development Framework:

Human-Technology Integration Enhancement
- Symbiotic Coordination: Based on incident analysis, recommend specific improvements to human-technology coordination in cybersecurity monitoring and response
- Expertise Distribution: How should technical knowledge be distributed across human operators and automated systems to optimize threat detection and response?
- Training Integration: What forms of education and training would enhance human-technology collaboration demonstrated in the incident?

Requirements: Ground recommendations in specific incident evidence. Demonstrate understanding of posthuman approaches to technology design—this means designing for assemblages rather than users.

Multi-Stakeholder Network Strengthening
- Assemblage Optimization: Recommend improvements to coordination mechanisms between municipal utilities, vendor support, regulatory oversight, and federal resources
- Information Sharing: How should threat intelligence and response coordination be enhanced across organizational boundaries?
- Preparedness Integration: What forms of multi-stakeholder preparedness would strengthen the assemblages demonstrated during the incident?

Requirements: Address both technical and relational dimensions of network coordination through artifact evidence. Technical improvements and relational improvements are not separate—they co-evolve through assemblage dynamics.

Community Resilience Planning
- Public Engagement: Recommend approaches to community engagement about critical infrastructure cybersecurity that balance transparency with security requirements
- Democratic Oversight: How should communities participate in decisions about cybersecurity investments and risk management for critical infrastructure?
- Resilience Building: What forms of community preparedness would complement the technical and organizational measures demonstrated in the incident?

Requirements: Connect cybersecurity strategy to broader questions about community resilience and democratic governance. Infrastructure cybersecurity is always already political—recognize this explicitly rather than treating it as technical optimization problem.

Format: 1,500-2,000 words with specific, implementable recommendations

Evaluation Criteria

Evidence-Based: Recommendations clearly connected to incident analysis and artifact evidence
Posthuman Integration: Demonstrates understanding of how to design strategies that work with assemblages rather than treating technology as neutral tool
Implementation Feasibility: Recommendations are specific and implementable within realistic resource and regulatory constraints
Community Context: Addresses broader questions of democratic governance and community resilience

Example IV: Cross-Case Connections, Methodological Transfer and Scaling

Connect the Ribera Municipal Utilities incident to broader patterns emerging across critical infrastructure cybersecurity contexts while identifying opportunities for methodological transfer that recognizes both sectoral specificities and cross-domain assemblage dynamics—understanding how posthuman approaches scale across different infrastructure contexts without losing attention to local sociotechnical relationships and community contexts. Pattern recognition here isn’t about finding universal solutions. It’s about understanding how assemblage dynamics operate across different technological and social configurations.

Assemblage Patterns Across Infrastructure Sectors

Connection Development:

Sectoral Pattern Recognition
- Infrastructure Similarities: How do the assemblage dynamics observed in the municipal utility incident connect to cybersecurity challenges in other critical infrastructure sectors (healthcare, financial services, transportation)?
- Technology Patterns: What similarities exist between smart grid technologies and other infrastructure modernization projects in terms of creating new assemblage relationships?
Methodological Transfer
- Assessment Framework: How could the posthuman analysis framework applied to this incident be adapted for other infrastructure cybersecurity contexts?
- Artifact-Based Learning: What types of authentic artifacts from other sectors would provide similar learning opportunities about distributed agency and multi-stakeholder coordination?
Scaling Considerations
- Regional Coordination: How might the multi-stakeholder coordination demonstrated in this local incident scale to regional or national infrastructure protection?
- Policy Implications: What policy changes would better support the assemblage-based approaches to cybersecurity demonstrated in the incident response?

Format: 750-1,000 words

Evaluation Criteria

Pattern Recognition: Identifies meaningful connections across infrastructure sectors and cybersecurity contexts
Methodological Sophistication: Demonstrates understanding of how posthuman approaches can be adapted across contexts
Policy Integration: Connects analysis to broader policy and governance questions

Assessment Rubric

The comprehensive evaluation criteria shown in Table 1 provides a 100-point assessment framework that evaluates student understanding across four dimensions—conceptual understanding, evidence use, critical analysis, and media analysis—while recognizing that excellence emerges through integration rather than component optimization. Assessment here mirrors the theoretical framework. Students demonstrate sophistication through relational analysis rather than individual mastery of discrete skills.

Table 1: Assessment Rubric

Performance Level	Conceptual Understanding	Evidence Use	Critical Analysis	Media Analysis
Excellent 90-100 points	Sophisticated understanding of posthuman cybersecurity concepts and their application to infrastructure contexts	Extensive use of artifact evidence to support analysis and recommendations	Original insights that go beyond course material to develop new connections and applications	Demonstrates understanding of how tech journalism conventions shape technical content reception and public discourse
Proficient 80-89 points	Good understanding of posthuman concepts with appropriate application to case study context	Adequate use of artifact evidence with some specific examples supporting analysis	Some original insights connecting course concepts to case study evidence	Shows awareness of media framing effects on cybersecurity discourse
Developing 70-79 points	Basic understanding of posthuman concepts with limited application to cybersecurity context	General use of case study material with few specific artifact citations	Limited original insights, primarily restating course concepts	Basic recognition of journalism vs. technical documentation differences
Inadequate Below 70 points	Minimal understanding of posthuman concepts or failure to connect to cybersecurity context	Little use of specific case study evidence or artifact material	No original insights or critical analysis beyond basic summary	No analysis of media representation impacts on cybersecurity discourse

Individual Component Evaluation

Each major component (Examples I-IV) includes specific evaluation criteria that work together to assess students’ developing competency in posthuman cybersecurity analysis—recognizing that success emerges through integrated understanding rather than sequential skill acquisition. Success requires:

Conceptual Integration: Effective use of posthuman theory to analyze cybersecurity assemblages as they actually operate rather than as they should operate according to organizational charts
Evidence Application: Specific citation and analysis of artifact content to support arguments rather than general theoretical application
Critical Analysis: Development of original insights that go beyond summarizing provided materials to reveal new connections and implications
Implementation Orientation: Recommendations that demonstrate practical understanding of complex sociotechnical systems. Avoid techno-solutionism.
Cross-Artifact Synthesis: Integration between technical logs and media coverage analysis that reveals their mutual constitution rather than treating them as separate domains
Media Literacy Demonstration: Critical assessment of how journalist interpretation practices actively shape rather than simply report cybersecurity incidents

Submission Guidelines

Example Submission

This is simply a sample of how one might assign all the examples above.

Format Requirements

Length: 5,000-6,500 words total across all components—substantial enough for sophisticated analysis without encouraging word padding
Citations: Specific references to case study artifacts integrated with course theoretical materials rather than applied to them
Organization: Clear section headers corresponding to assessment framework components while maintaining analytical flow across sections
Academic Writing: Graduate-level analysis that uses cybersecurity and posthuman theoretical vocabulary precisely rather than impressively

Citation Requirements

Case Study Artifacts: Cite specific documents, email excerpts, technical logs, etc. using format:

“Based on the SCADA alert logs, automated systems detected…” (CIRCUIT: SCADA System Alert Log)

Theoretical Integration: Connect analysis to course readings on posthuman ethics, assemblage theory, and critical cybersecurity studies

External Sources: Additional sources welcome but not required; focus on deep analysis of provided case study materials

Submission Process

Submit via course learning management system by [date to be specified by instructor]. Include:

Complete analysis document (PDF or DOCX)
Brief reflection memo (500 words) discussing what you learned about posthuman approaches to cybersecurity through engaging with the artifact-based methodology

Additional Resources

Posthuman Cybersecurity Theory

Key concepts for assessment framework application:

Assemblage Theory: Deleuze and Guattari’s concept of heterogeneous networks producing outcomes through relationships
Actor-Network Theory: Bruno Latour’s approach to analyzing how humans and non-humans participate in network formation
Postphenomenological Ethics: Don Ihde and Peter-Paul Verbeek’s analysis of how technologies mediate human relationships
Response-ability: Donna Haraway’s concept of relational responsibility and care across networks
Critical Infrastructure Studies: Analysis of how technical systems and social relationships co-constitute security outcomes

Technical Cybersecurity Context

For students needing additional technical background:

SCADA Systems: Supervisory control and data acquisition systems for industrial process monitoring and control
Industrial Protocols: Communication standards (Modbus, DNP3, EtherNet/IP) used in operational technology networks
Smart Grid Architecture: Integration of digital communication and control capabilities with traditional electrical infrastructure
OT/IT Convergence: Operational technology and information technology integration creating new attack surfaces and defensive capabilities
Critical Infrastructure Protection: Multi-stakeholder approaches to securing essential services and systems

Progressive Learning Scaffolding

Cognitive Load Management Strategy:

Stage 1: Technical Artifact Analysis
- Focus on understanding SCADA logs, email exchanges, and regulatory filings
- Use provided artifact navigation guide for key technical concepts
- Complete Part I analysis before moving to media components
Stage 2: Media Representation Analysis
- Apply media analysis framework for systematic journalism evaluation
- Compare GRID WIRE coverage with technical artifacts
- Identify differences between technical accuracy and public engagement
Stage 3: Integrated Synthesis
- Use synthesis templates for connecting technical and narrative elements
- Complete cross-modal analysis and policy implications
- Integrate all components into final submission

Reuse

CC BY-NC-SA 4.0

--- title: "CIRCUIT: Assessment Framework" description: "The assessment framework is designed to demonstrate sophisticated understanding of how cybersecurity emerges through assemblages while developing practical capabilities for analyzing and improving critical infrastructure protection in complex sociotechnical contexts." --- ```{r} #| label: setup #| include: false # This chunk allows for single-file rendering for development source("_scripts/solo_render.R") ``` ## Assessment Overview {#sec-assessment-overview} This assessment framework employs **posthuman cybersecurity analysis** to examine the `r world$utility_name` incident through analytic lenses that recognize distributed agency and relational responsibility while simultaneously tracing how temporal complexity manifests across multiple scales—from microsecond SCADA responses to decades-long infrastructure modernization cycles—revealing how cybersecurity emerges not through individual human decisions or isolated technological capabilities but through dynamic assemblages where humans, technologies, protocols, and institutions continuously negotiate threat landscapes. It's about the networks. The framework deliberately refuses the artificial separation between social and technical domains that characterizes most cybersecurity education. ::: {.pedagogical-consideration title="Customization"} This framework serves as your starting point for the CIRCUIT demonstration case—adapt it ruthlessly to match your students' developmental needs and institutional context. ::: ## Prerequisites and Conceptual Framework {#sec-prerequisites} ### What You Need Before Starting {#sec-prereq-check} Before engaging with this assessment framework, students should understand: - **Basic cybersecurity concepts**: Threat detection, incident response, vulnerability management - **Industrial control systems fundamentals**: SCADA, HMI, OT/IT networks (see @sec-technical-background for refresher) - **Academic analysis skills**: Close reading of technical documents, evidence-based argumentation - **Critical theory foundations**: Familiarity with questioning traditional assumptions about technology and society ::: {.cognitive-load-alert title="Cognitive Load Management"} This assessment integrates multiple challenging domains simultaneously. If students seem to be struggling, focus first on understanding the technical artifacts (@sec-technical-background) before moving to posthuman theoretical applications. The worked example in @sec-worked-example demonstrates integration strategies. ::: ### Technical Background {#sec-technical-background} To effectively analyze the CIRCUIT artifacts, you need familiarity with industrial control system architecture and cybersecurity practices in critical infrastructure contexts. **SCADA Systems** (Supervisory Control and Data Acquisition) monitor and control industrial processes like power generation and distribution. These systems collect data from sensors across the infrastructure and allow operators to adjust settings remotely. Modern SCADA implementations integrate with business networks while maintaining operational isolation. **Human-Machine Interface (HMI)** systems provide the graphical displays and controls that operators use to interact with SCADA systems. HMIs translate automated system data into human-readable formats and allow operators to override automated responses when necessary. **OT/IT Network Architecture**: Operational Technology (OT) controls physical processes like opening circuit breakers or adjusting voltage levels. Information Technology (IT) manages data communications and business processes. Smart grid modernization increasingly integrates these previously separate domains. **Industrial Communication Protocols**: Unlike standard internet protocols, industrial systems use specialized communications including Modbus (serial communication for device networking), DNP3 (power system automation), and EtherNet/IP (industrial Ethernet). These protocols prioritize reliability and deterministic timing over flexibility. **Smart Grid Infrastructure** enhances traditional electrical systems with two-way digital communication capabilities. Smart meters, automated switching systems, and distributed energy resources create new capabilities for grid optimization—and new attack surfaces for cybersecurity threats. ### Posthuman Cybersecurity Concepts {#sec-posthuman-concepts} The assessment framework applies theoretical concepts that may be unfamiliar from traditional cybersecurity education. These concepts require careful application to avoid oversimplification. **Assemblages** are heterogeneous networks of human actors, technological systems, protocols, and institutions that produce outcomes through their relationships rather than through individual capabilities. In cybersecurity contexts, security emerges from assemblage dynamics rather than from human decisions or technological features alone. *Key insight*: Don't think of assemblages as "teams" or "systems." They're dynamic networks that form and reform based on specific situations. The `r world$utility_name` response assemblage included automated SCADA responses, human operator expertise, vendor support networks, regulatory compliance requirements, and federal coordination—all operating simultaneously. **Distributed Agency** recognizes that both humans and non-human actors (technologies, protocols, institutions) participate actively in producing outcomes. This differs from treating technology as neutral tools that humans control or autonomous systems that replace human judgment. *Key insight*: Look for moments where technological systems make decisions independently (automated threat isolation) AND where human expertise is essential (interpreting alerts within operational contexts). Agency distributes across these relationships rather than residing in individual actors. **Response-ability** (Donna Haraway's concept) refers to relational responsibility that emerges through network relationships rather than individual accountability. Response-ability involves the capacity to respond appropriately to others (human and non-human) within specific situations. *Key insight*: Instead of asking "Who was responsible for security?" ask "How did different actors demonstrate response-ability to each other throughout the incident?" This shifts focus to relational ethics rather than individual blame. **Material-Semiotic Practices** recognize that technical systems and meaning-making practices co-constitute each other. Technologies don't just implement human intentions—they actively shape what becomes possible to think and do. *Key insight*: Smart grid technologies don't just make infrastructure "more efficient"—they transform what infrastructure governance means, who participates in it, and how cybersecurity gets practiced. ### Worked Example: Posthuman Analysis of SCADA Logs {#sec-worked-example} To demonstrate how posthuman concepts apply to technical cybersecurity artifacts, consider this brief analysis of SCADA alert patterns from the `r world$utility_name` incident: **Traditional Analysis Approach** > "At 14:23:07, the SCADA system detected unauthorized access attempts and alerted human operators, who then decided to isolate affected substations." **Posthuman Analysis Approach** > "The 14:23:07 SCADA alerts demonstrate distributed agency operating across human-technology assemblages. The automated systems didn't simply 'detect' threats—they actively participated in threat assessment by correlating multiple sensor inputs, comparing patterns against baseline operations, and prioritizing alerts based on grid stability algorithms. Simultaneously, human operators `r world$power_operator_fullname` and `r world$it_manager_fullname` brought interpretive capabilities that allowed them to contextualize these alerts within broader operational knowledge, including understanding of equipment maintenance schedules and regional load patterns that automated systems couldn't access. > > The isolation response emerged through assemblage coordination rather than individual decision-making. Automated protocols initiated preliminary isolation procedures based on threat severity algorithms, while human expertise guided selective overrides to maintain power delivery to critical services like `r world$hospital_name`. Neither humans nor technologies could have achieved effective threat containment independently—security emerged through their relational coordination." **Key Differences**: - Moves from sequential causation (system detects → human decides → action happens) to relational emergence - Recognizes both automated and human contributions without privileging either - Shows how security outcomes emerge from assemblage coordination rather than individual capabilities - Avoids both techno-solutionism ("better systems solve problems") and anthropocentrism ("humans control technology") ::: {.scaffolding-tip title="Applying This Approach"} When analyzing artifacts, look for moments where: 1. **Multiple actors contribute simultaneously** to outcomes 2. **Technologies make independent decisions** that shape what becomes possible 3. **Human expertise complements rather than controls** technological capabilities 4. **Coordination emerges dynamically** rather than following predetermined procedures 5. **Responsibility distributes across networks** rather than residing in individuals Use specific artifact evidence to demonstrate these dynamics rather than simply asserting they exist. ::: ### Learning Objectives {#sec-learning-objectives} Through this engagement with posthuman cybersecurity methodology, students develop competencies that extend beyond traditional human-centered or technology-focused approaches to infrastructure protection, demonstrating sophisticated understanding of how agency distributes across sociotechnical networks while simultaneously developing practical capabilities for analyzing multi-stakeholder coordination challenges that emerge during critical incidents. Students will: 1. **Trace distributed agency patterns** across automated systems, human expertise, and organizational protocols during critical infrastructure incidents 2. **Map multi-stakeholder coordination networks** as they form and evolve across municipal, vendor, regulatory, and federal response domains 3. **Apply posthuman ethics frameworks** to responsibility distribution in complex sociotechnical systems. This means abandoning individual blame. 4. **Design response strategies** that work with assemblages rather than treating technology as neutral tool 5. **Analyze technical communication and media mediation** by examining how cybersecurity incidents become transformed through tech journalism practices and public discourse formation ## Example I: Artifact Trace Analysis {#sec-distributed-agency} Using the complete artifact collection, trace how agency distributes across human and non-human actors throughout the incident—examining not just what people decided or what technologies accomplished, but how cybersecurity outcomes emerged through the dynamic interactions between SCADA systems, human operators, organizational protocols, regulatory frameworks, and communication infrastructures that collectively constitute the response assemblage. This isn't about cataloging actors. This approach recognizes that cybersecurity effectiveness materializes through relationships rather than individual capabilities. **Enhanced Analysis Note**: During development of this methodology, I discovered that `r world$tech_magazine_name`'s journalistic representation itself demonstrates distributed agency operating between technical experts, journalists, and emerging public understanding. Pay attention to how cyberpunk narrative elements like "The Grid Fought Back" actively shape perception of technological agency rather than simply reflecting it. ::: {.assessment-strategy title="Distributed Agency Recognition" collapse="true"} **Analysis Framework**: 1. Technological Agency Documentation - **SCADA System Actions**: How did automated systems participate in threat detection and response coordination? What actions did systems take independently of human operators? - **Smart Grid Infrastructure**: How did smart meter networks and communication protocols shape both vulnerability patterns and protective capabilities? - **Network Segmentation**: How did automated isolation protocols participate in containing the threat while maintaining grid operations? > **Evidence Needed**: Ground your analysis in specific artifact content—alert logs, email exchanges, regulatory filings—that reveals technological agency operating beyond simple tool use. Look for moments where systems act. 2. Human-Technology Coordination - **Operational Expertise**: How did `r world$power_operator_fullname` and `r world$it_manager_fullname` work symbiotically with technological systems throughout the incident? - **Interpretive Capabilities**: Where did human expertise complement technological capabilities in threat assessment and response coordination? - **Multi-Domain Knowledge**: How did human operators translate between technological alerts and organizational/regulatory requirements? > **Evidence Needed**: Document those crucial moments where human expertise and technological capabilities worked symbiotically to produce outcomes neither could achieve independently—this is where posthuman approaches become practically visible in cybersecurity work. 3. Assemblage Formation Analysis - **Network Mobilization**: How did different organizations (RMU, Phoenix Edison, ACC, DHS) form a coordinated response network? - **Infrastructure Relationships**: What role did both human relationships and technological infrastructures play in enabling rapid multi-stakeholder coordination? - **Temporal Dynamics**: How did the assemblage evolve over the 72-hour incident period? > **Evidence Needed**: Map the formation and evolution of response networks through artifact analysis. Show how assemblages emerge dynamically. They don't exist as fixed organizational structures waiting to be activated—they coalesce through the incident itself. ::: **Format**: 1,500-2,000 words with specific artifact citations **Evaluation Criteria** - **Conceptual Understanding**: Demonstrates comprehension of distributed agency as distinct from individual human or technological action - **Evidence Integration**: Uses specific artifact details to support analysis rather than general observations\ - **Assemblage Mapping**: Shows how networks of actors (human and non-human) formed dynamically in response to the incident - **Critical Analysis**: Goes beyond description to analyze how distributed agency shaped cybersecurity outcomes ## Example II: Multi-Stakeholder Ethics Assessment {#sec-ethics-assessment} This analysis examines how responsibility for critical infrastructure protection distributes across stakeholder networks while revealing how ethical obligations emerge through relationships rather than residing in individual decisions or organizational mandates—a fundamentally different approach to cybersecurity ethics that recognizes accountability as relational achievement rather than individual possession. Responsibility is networked. The framework draws from feminist science and technology studies to understand how "response-ability" operates across human-technology assemblages rather than being contained within traditional organizational boundaries. **Enhanced Analysis Note**: The `r world$tech_magazine_name` coverage reveals fascinating tensions between journalist ethics in reporting critical infrastructure vulnerabilities and operational security requirements—tensions that themselves demonstrate how ethical obligations emerge relationally rather than through individual professional codes. ::: {.implementation-guidance title="Response-ability in Infrastructure Security" collapse="true"} **Ethical Framework Application**: 1. Multi-Actor Accountability Analysis - **Responsibility Distribution**: Based on the artifacts, how should accountability for infrastructure protection be distributed among automated systems, human operators, vendor support, and regulatory oversight? - **Relational Ethics**: How do ethical obligations emerge through relationships between stakeholders rather than existing as individual responsibilities? - **Response-ability**: Using Donna Haraway's concept of "response-ability," analyze how stakeholders demonstrated the ability to respond to each other and to technological systems during the incident. > **Evidence Needed**: Use specific artifact examples to demonstrate how responsibility operates across networks. Individual actors don't "have" responsibility—they participate in responsibility networks. 2. Temporal Ethics Assessment - **Future-Making**: What obligations emerge from this incident for future infrastructure development? How do current technological choices affect future vulnerability and protection possibilities? - **Intergenerational Responsibility**: How does smart grid modernization create both opportunities and obligations for future community security? - **Anticipatory Ethics**: How should the response to this incident shape proactive measures for emerging threats not yet imagined? > **Evidence Needed**: Connect artifact evidence to broader questions about how present decisions actively shape future possibilities for both vulnerability and protection—this is where posthuman approaches reveal their practical implications for cybersecurity policy. 3. Community Care Analysis - **Care Networks**: How did different stakeholders demonstrate care for community welfare throughout the incident? Consider utility workers, city officials, federal agencies, and media coverage. - **Situated Ethics**: How did specific local contexts (municipal utility, Arizona regulatory environment, federal coordination) shape ethical responses? - **Public Engagement**: Evaluate the media coverage and community advocacy response through frameworks of care ethics and public accountability. > **Evidence Needed**: Analyze artifact evidence for demonstrations of care that extend beyond formal compliance. Look for care practices that exceed professional obligations—these reveal how ethical responses emerge through relationships rather than rules. ::: **Format**: 1,500-2,000 words with theoretical framework integration **Evaluation Criteria** - **Theoretical Application**: Effectively applies posthuman ethics concepts to infrastructure cybersecurity context - **Relational Analysis**: Demonstrates understanding of how ethical obligations emerge through relationships rather than individual decisions - **Community Context**: Connects cybersecurity incident to broader questions of community care and public welfare - **Future Orientation**: Considers how current decisions shape future possibilities and responsibilities ## Example III: Assemblage-Informed Recommendations {#sec-response-strategy} Develop evidence-based recommendations for improving critical infrastructure cybersecurity that work with assemblages rather than against them—recognizing that effective security emerges through enhanced human-technology coordination rather than through better human control over technological systems or more sophisticated technological replacement of human judgment. Security is relational. Your recommendations should demonstrate understanding of how to design interventions that strengthen assemblage formation rather than optimizing individual components in isolation. **Enhanced Analysis Note**: Communication strategies for translating technical incidents into public policy discussions themselves participate in cybersecurity assemblages by shaping how communities understand infrastructure vulnerabilities and protection possibilities. Assess how media framing actively influences public support for infrastructure cybersecurity investments rather than simply reflecting technical realities. ::: {.learner-experience title="Posthuman Cybersecurity Strategy" collapse="true"} **Strategy Development Framework**: 1. Human-Technology Integration Enhancement - **Symbiotic Coordination**: Based on incident analysis, recommend specific improvements to human-technology coordination in cybersecurity monitoring and response - **Expertise Distribution**: How should technical knowledge be distributed across human operators and automated systems to optimize threat detection and response? - **Training Integration**: What forms of education and training would enhance human-technology collaboration demonstrated in the incident? > **Requirements**: Ground recommendations in specific incident evidence. Demonstrate understanding of posthuman approaches to technology design—this means designing for assemblages rather than users. 2. Multi-Stakeholder Network Strengthening - **Assemblage Optimization**: Recommend improvements to coordination mechanisms between municipal utilities, vendor support, regulatory oversight, and federal resources - **Information Sharing**: How should threat intelligence and response coordination be enhanced across organizational boundaries? - **Preparedness Integration**: What forms of multi-stakeholder preparedness would strengthen the assemblages demonstrated during the incident? > **Requirements**: Address both technical and relational dimensions of network coordination through artifact evidence. Technical improvements and relational improvements are not separate—they co-evolve through assemblage dynamics. 3. Community Resilience Planning - **Public Engagement**: Recommend approaches to community engagement about critical infrastructure cybersecurity that balance transparency with security requirements - **Democratic Oversight**: How should communities participate in decisions about cybersecurity investments and risk management for critical infrastructure? - **Resilience Building**: What forms of community preparedness would complement the technical and organizational measures demonstrated in the incident? > **Requirements**: Connect cybersecurity strategy to broader questions about community resilience and democratic governance. Infrastructure cybersecurity is always already political—recognize this explicitly rather than treating it as technical optimization problem. ::: **Format**: 1,500-2,000 words with specific, implementable recommendations **Evaluation Criteria** - **Evidence-Based**: Recommendations clearly connected to incident analysis and artifact evidence - **Posthuman Integration**: Demonstrates understanding of how to design strategies that work with assemblages rather than treating technology as neutral tool - **Implementation Feasibility**: Recommendations are specific and implementable within realistic resource and regulatory constraints - **Community Context**: Addresses broader questions of democratic governance and community resilience ## Example IV: Cross-Case Connections, Methodological Transfer and Scaling {#sec-cross-case-connections} Connect the `r world$utility_name` incident to broader patterns emerging across critical infrastructure cybersecurity contexts while identifying opportunities for methodological transfer that recognizes both sectoral specificities and cross-domain assemblage dynamics—understanding how posthuman approaches scale across different infrastructure contexts without losing attention to local sociotechnical relationships and community contexts. Pattern recognition here isn't about finding universal solutions. It's about understanding how assemblage dynamics operate across different technological and social configurations. ::: {.scaffolding-tip title="Assemblage Patterns Across Infrastructure Sectors" collapse="true"} **Connection Development**: 1. Sectoral Pattern Recognition - **Infrastructure Similarities**: How do the assemblage dynamics observed in the municipal utility incident connect to cybersecurity challenges in other critical infrastructure sectors (healthcare, financial services, transportation)? - **Technology Patterns**: What similarities exist between smart grid technologies and other infrastructure modernization projects in terms of creating new assemblage relationships? 2. Methodological Transfer - **Assessment Framework**: How could the posthuman analysis framework applied to this incident be adapted for other infrastructure cybersecurity contexts? - **Artifact-Based Learning**: What types of authentic artifacts from other sectors would provide similar learning opportunities about distributed agency and multi-stakeholder coordination? 3. Scaling Considerations - **Regional Coordination**: How might the multi-stakeholder coordination demonstrated in this local incident scale to regional or national infrastructure protection? - **Policy Implications**: What policy changes would better support the assemblage-based approaches to cybersecurity demonstrated in the incident response? ::: **Format**: 750-1,000 words **Evaluation Criteria** - **Pattern Recognition**: Identifies meaningful connections across infrastructure sectors and cybersecurity contexts - **Methodological Sophistication**: Demonstrates understanding of how posthuman approaches can be adapted across contexts - **Policy Integration**: Connects analysis to broader policy and governance questions ## Assessment Rubric {#sec-assessment-rubric} The comprehensive evaluation criteria shown in @tbl-rubric provides a 100-point assessment framework that evaluates student understanding across four dimensions—conceptual understanding, evidence use, critical analysis, and media analysis—while recognizing that excellence emerges through integration rather than component optimization. Assessment here mirrors the theoretical framework. Students demonstrate sophistication through relational analysis rather than individual mastery of discrete skills. ::: {.column-page} | Performance Level | Conceptual Understanding | Evidence Use | Critical Analysis | Media Analysis | |:------------------|:-------------------------|:-------------|:------------------|:---------------| | **Excellent**<br/>90-100 points | Sophisticated understanding of posthuman cybersecurity concepts and their application to infrastructure contexts | Extensive use of artifact evidence to support analysis and recommendations | Original insights that go beyond course material to develop new connections and applications | Demonstrates understanding of how tech journalism conventions shape technical content reception and public discourse | | **Proficient**<br/>80-89 points | Good understanding of posthuman concepts with appropriate application to case study context | Adequate use of artifact evidence with some specific examples supporting analysis | Some original insights connecting course concepts to case study evidence | Shows awareness of media framing effects on cybersecurity discourse | | **Developing**<br/>70-79 points | Basic understanding of posthuman concepts with limited application to cybersecurity context | General use of case study material with few specific artifact citations | Limited original insights, primarily restating course concepts | Basic recognition of journalism vs. technical documentation differences | | **Inadequate**<br/>Below 70 points | Minimal understanding of posthuman concepts or failure to connect to cybersecurity context | Little use of specific case study evidence or artifact material | No original insights or critical analysis beyond basic summary | No analysis of media representation impacts on cybersecurity discourse | : Assessment Rubric {#tbl-rubric} ::: ### Individual Component Evaluation {#sec-component-evaluation} Each major component (Examples I-IV) includes specific evaluation criteria that work together to assess students' developing competency in posthuman cybersecurity analysis—recognizing that success emerges through integrated understanding rather than sequential skill acquisition. Success requires: - **Conceptual Integration**: Effective use of posthuman theory to analyze cybersecurity assemblages as they actually operate rather than as they should operate according to organizational charts - **Evidence Application**: Specific citation and analysis of artifact content to support arguments rather than general theoretical application - **Critical Analysis**: Development of original insights that go beyond summarizing provided materials to reveal new connections and implications - **Implementation Orientation**: Recommendations that demonstrate practical understanding of complex sociotechnical systems. Avoid techno-solutionism. - **Cross-Artifact Synthesis**: Integration between technical logs and media coverage analysis that reveals their mutual constitution rather than treating them as separate domains - **Media Literacy Demonstration**: Critical assessment of how journalist interpretation practices actively shape rather than simply report cybersecurity incidents ## Submission Guidelines {#sec-submission-guidelines} ::: {.implementation-guidance title="Example Submission"} This is simply a sample of how one might assign *all* the examples above. ::: ### Format Requirements {#sec-format-requirements} - **Length**: 5,000-6,500 words total across all components—substantial enough for sophisticated analysis without encouraging word padding - **Citations**: Specific references to case study artifacts integrated with course theoretical materials rather than applied to them - **Organization**: Clear section headers corresponding to assessment framework components while maintaining analytical flow across sections - **Academic Writing**: Graduate-level analysis that uses cybersecurity and posthuman theoretical vocabulary precisely rather than impressively ### Citation Requirements {#sec-citation-requirements} **Case Study Artifacts**: Cite specific documents, email excerpts, technical logs, etc. using format: > "Based on the SCADA alert logs, automated systems detected..." (CIRCUIT: SCADA System Alert Log) **Theoretical Integration**: Connect analysis to course readings on posthuman ethics, assemblage theory, and critical cybersecurity studies **External Sources**: Additional sources welcome but not required; focus on deep analysis of provided case study materials ### Submission Process {#sec-submission-process} Submit via course learning management system by \[date to be specified by instructor\]. Include: - Complete analysis document (PDF or DOCX) - Brief reflection memo (500 words) discussing what you learned about posthuman approaches to cybersecurity through engaging with the artifact-based methodology ## Additional Resources {#sec-additional-resources} ### Posthuman Cybersecurity Theory {#sec-posthuman-theory} Key concepts for assessment framework application: - **Assemblage Theory**: Deleuze and Guattari's concept of heterogeneous networks producing outcomes through relationships - **Actor-Network Theory**: Bruno Latour's approach to analyzing how humans and non-humans participate in network formation - **Postphenomenological Ethics**: Don Ihde and Peter-Paul Verbeek's analysis of how technologies mediate human relationships - **Response-ability**: Donna Haraway's concept of relational responsibility and care across networks - **Critical Infrastructure Studies**: Analysis of how technical systems and social relationships co-constitute security outcomes ### Technical Cybersecurity Context {#sec-technical-context} For students needing additional technical background: - **SCADA Systems**: Supervisory control and data acquisition systems for industrial process monitoring and control - **Industrial Protocols**: Communication standards (Modbus, DNP3, EtherNet/IP) used in operational technology networks - **Smart Grid Architecture**: Integration of digital communication and control capabilities with traditional electrical infrastructure\ - **OT/IT Convergence**: Operational technology and information technology integration creating new attack surfaces and defensive capabilities - **Critical Infrastructure Protection**: Multi-stakeholder approaches to securing essential services and systems ### Progressive Learning Scaffolding {#sec-progressive-scaffolding} **Cognitive Load Management Strategy**: - **Stage 1**: Technical Artifact Analysis - Focus on understanding SCADA logs, email exchanges, and regulatory filings - Use provided **artifact navigation guide** for key technical concepts - Complete Part I analysis before moving to media components - **Stage 2**: Media Representation Analysis - Apply **media analysis framework** for systematic journalism evaluation - Compare `r world$tech_magazine_name` coverage with technical artifacts - Identify differences between technical accuracy and public engagement - **Stage 3**: Integrated Synthesis - Use **synthesis templates** for connecting technical and narrative elements - Complete cross-modal analysis and policy implications - Integrate all components into final submission