Normal Cyber Accidents


Several of the most serious cyber incidents affecting critical infrastructure to date have been the result of collateral damage, indirect effects, malware that ‘escaped’ their intended target and/or incontrollable malware proliferation. This tendency has so far been under-explored in the International Relations (IR) literature, and its potential implications largely overlooked. By focusing on the role of socio-technical system dynamics, this article aims to contribute to advancing our understanding of collateral (incidental) damage and unexpected consequences connected to offensive cyber operations. More specifically, it introduces an analytical framework based on Normal Accidents (NA) theory.


The framework highlights dynamics which make complex systems more difficult to analyse and more prone to cascading failures. Its application is explored using in-depth interviews and empirical case examples of large-scale cyber incidents. The results highlight the difficulty of achieving controlled and precise effects when disrupting components in complex systems. The article concludes with a discussion on the need for renewed attention to escalatory risks connected to destructive offensive cyber.”

Person photo

Sarah Backman

Stockholm University

Sarah Backman is a Postdoctoral Researcher in War Studies at the Swedish Defence University. Sarah’s research focuses on international cybersecurity, in particular the connection between cybersecurity conceptualizations and practice. She has published on topics such as large-scale cyber incidents involving critical infrastructure, securitization, socio-technical perspectives on complex systems, and cyber warfare.

She received her DPhil in International Relations from Stockholm University, Department of Economic History and International Relations. Prior to coming to Stockholm University, she studied at the Swedish Defence University, where she received a B:Sc and M:Sc in Political Science: Security Studies.

Her PhD thesis “Making sense of large-scale cyber incidents – international cybersecurity beyond threat-based security perspectives” explored conceptualizations of cybersecurity in theory and practice, and employed analytical approaches to facilitate the exploration of international cybersecurity beyond ‘traditional’ security perspectives.