Article 1

Jayden Hood
Professor Yalpi
CYSE-201S
9/28/25
Article Review #1

Introduction / BLUF

This Chaudhary, Jordan, Salomone, and Baxter (2018) article explains how coordination among non-homogeneous actors in responding to cybersecurity incidents is frustrated by what the authors call “organizational seams.” The authors argue that the response environment is a “patchwork” of public, private, civilian, military, and international actors, and that successful coordination depends on how critical the seams are between them. The paper gives a theoretical structure for cyber response coordination failure diagnosis and policy, institutional design, and collaborative preparedness insight.

Social Science Principles Relation

This work thoroughly embeds social science thought into a domain long imagined as technical. It draws on organizational theory (division of labor, boundaries, specialization), institutionalism (how formal and informal rules shape inter-organizational coordination), and actor–structure duality (how agents and organizations navigate constraints). It imagines cybersecurity as an arena of various actors with different incentives and limited rationality, rather than assuming a monolithic “defender” or “attacker.” This is based on social science theory in agency, institutions, power, and coordination.

Research Question, Hypotheses, IV, DV

  • Research Question: How do “organizational seams” among organizations in the cyber response space constrain or enable coordination in the case of cybersecurity threats?
  • Hypotheses / Propositions: Small seams (i.e., between organizations with similar structure, mission, or culture) are less problematic and can support ad hoc coordination; large seams (large institutional, cultural, legal, or mission differences) will more severely constrain coordination.
  • Independent Variable (IV): The nature/degree of organizational seam between actors (minor vs. major).
  • Dependent Variable (DV): The extent or degree of coordination in a cyber response (i.e., whether coordination is facilitated vs. limited, or how well actors coordinate and act together).
  • Since this is a conceptual/theoretical paper, these are more “propositions” than statistically testable hypotheses.

Research Methods Used

The article takes a theoretical and comparative/case-based research strategy rather than experimental or large-N quantitative approaches. It builds a conceptual framework of organizational seams and coordination, and uses it to explain indicative historical cases of cyber events. The strategy encompasses comparative case analysis (method of agreement and method of difference) and process tracing to illustrate how seams impacted coordination in real events.

Data & Analysis

  • Data Types: Qualitative data from reported cyber incidents (e.g., Sony Pictures hack, DNC hacks, BGP routing errors, Mariposa botnet) and institutional descriptions (organizational structures, mission statements, legal jurisdictions, prior responses).
  • Analysis: Authors consider how the presence of minor vs. major seams along different dimensions (public/private, civil/military, geographic, legal, mission) affected the coordination process. Within-case tracing and cross-case comparison are used by them to demonstrate how seams facilitated or hindered coordination. Statistical models or quantitative inference are not used by them.

Relation to Class / PowerPoint Concepts

  • You can connect this article to class material such as coordination costs, transaction costs, agency problems, network governance, public–private partnerships, and institutional design. For instance:
  • Organizational seams are analogous to transactional frictions or structural holes in network theory.
  • Centralization vs. decentralization push and pull (presented in class) can be observed in the manner control is spread across actors.
  • The article brings to the fore the incentive misalignment (actors have competing missions, risk tolerance, legal restrictions), which we kept bumping into in class when we were discussing threat actors, defenders, and stakeholders.
  • If you had included multi-stakeholder governance, cyber regimes, or public choice / agency theory in your slides, you can show how this article does reveal those tensions in concrete form.

Marginalized Groups: Challenges, Concerns & Contributions

  • Smaller or less-sourced institutions (e.g., small NGOs, rural institutions, local governments) will be most likely to be marginal from the process of coordination because of limited institutional influence or resources to bridge seams. The article’s framework suggests that marginal players face more restrictive seams (cultural, legal, resource) than large institutions.
  • Because coordination has a tendency to benefit the more endowed or central players, marginalized institutions would tend to be overlooked or relegated in response efforts and become more vulnerable to cyber threats.
  • Asymmetry of coordination will almost certainly be self-reinforcing and deepen digital divides and inequalities — some are protected and helped, while others are not.
  • By identifying these coordination fractures, the study adds to more universal institutional design: seams awareness can be converted into policies for better inclusion of marginal actors.

Social Contributions

  • The article continues to advance how we frame coordination failure in the digital world beyond reductionist technical explanations.
  • It offers a set of “organizational seams” that policymakers, incident response planners, and institutions can use to identify where coordination will most likely fail.
  • It helps in directing reforms (e.g., bridging mechanisms, liaison functions, institutional continuity) to increase cyber resilience and joint response.
  • By exposing the means through which gaps in coordination can generate conflict or stymie responses, the article helps to reduce systemic risk in cyberspace.
  • Ultimately, it enriches academic theorizing and practical strategy in cybersecurity and can have the capacity to help advance public safety, national security, and institutional trust.

Conclusion

Chaudhary et al.’s “Patchwork of Confusion” is a compelling and socially grounded lens into the often overlooked institutional barriers of cybersecurity response. It is most effective in linking organizational theory to real cyber incidents and illustrating how seams in the structure hinder coordination. While better as a conceptual work than an empirical one, it lays the groundwork for future quantitative or mixed-methods testing. For your criticism, you may ask whether the framework can be falsified, whether the cases selected are suitably diverse, or whether other explanatory factors (e.g., resources, political will) might equally explain coordination success or failure. All in all, it is a good choice for your Article #1.

Reference (APA Style)

Chaudhary, T., Jordan, J., Salomone, M., & Baxter, P. (2018). Patchwork of confusion: the cybersecurity coordination problemJournal of Cybersecurity, 4(1), tyy005. https://doi.org/10.1093/cybsec/tyy005