Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/23/2015
11:05 AM
John B. Dickson
John B. Dickson
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

We Need A New Word For Cyber

It's time to find an alternative for 'cyber' (an adjective or noun) before the term - like 'google' -- becomes a verb.

One of the hits of Black Hat 2015 in Las Vegas was a T-shirt featuring a growling Sam Jackson from one of Pulp Fiction’s more memorable scenes. Pointing his oversized handgun downrange, Jackson’s character threatens, “Say Cyber One More Time…” There was at least one word at the end that added even more emphasis, but the message was clear. Some clever designer captured what many security folks at the conference quietly thought. The word “cyber” has become so overused it is nearly meaningless. The term “cyber” has risen to the level of “information superhighway” or “web 2.0” and is clearly a target for ridicule. At the same time, others, mostly .gov and .mil guys, still use it in a forceful and matter of fact way.

Coming off the annual Cybersecurity Month in October and having the opportunity to recently speak at CyberMaryland, I’m all “cyber’ed” out. At least I’m painfully aware when it’s used in casual conversation, and I even wince when I use the term “cybersecurity” to describe what I do to the vast unwashed masses. What’s becoming increasingly obvious is that we need a new word for cyber. I want to actively debate this and find an alternative before “cyber” (an adjective, or noun) becomes a verb, as Google is to “googling” something. I never want to hear that a client was “cyber’ed” by a nation state threat, or that someone “cyberfied” their network to make it more resilient to attack. That bleak prospect is so gravely serious that we need to put tongue firmly in cheek and start talking….

As Alcoholics Anonymous and other recovery groups state, admitting you have a problem is the first step towards recovery. Yes, we have a problem. I’ve known this for some time. This fact was driven home to me earlier in the year when a non-security guy stated emphatically, “John, you know it’s not just about cyber, right? It’s about cyber, big data, and cloud?” My initial response was to suggest he add mobile and DevOps, then he would have every buzzword in IT covered. But after my first, and possibly snarkier, response trailed off, I thought serious discourse about the use of the word “cyber” was needed.

By background, I’ve been a security guy for nearly 20 years. That’s how I self-identify, and that’s how people know me. Like Johnny Appleseed, I dispense solicited advice at cocktail parties, family reunions, and at my daughter’s soccer game. I answer questions that range from smartphone security, to when to update one’s Window’s box, to how best to select hard-to-crack passwords. So I’m on the frontline, like all of us who read Dark Reading. It’s in our best interest to have a better term before someone finds a worse term to describe our industry and what we do. To that end, I would humbly submit the following observations and suggestions for further discussion.

Let .gov and .mil guys keep “cyber” 
They are comfortable with the term, they use it in conversation without wincing, and would likely be a willing adoptive parent. There is the practical matter that there are so many instances where the term is baked into government code, into signage, into doctrine that a simple name change would cost taxpayers billions. In the military, the term “cyber” has been adopted to mean all things that don’t blow up bad guys. Fighter pilots, infantry officers, and naval officers may not understand what it is, but they do know it might prevent them from getting shot at. One request though.  Stop using the term cyber warfighter ... As an ex-Air Force Information Warfare Center alumni I’ve never been quite comfortable with the term. Those same folks who have actually been shot at might not be able to stomach the term and you might get your nose punched by a Navy SEAL in a bar talking about how you DDos’ed someone.

Don’t reuse stale terms!
If cyber does a poor job describing what we do, certainly older, well-trodden names are no better. Information security, or InfoSec for short, is seemingly hopelessly stuck in the 90’s. It might have worked then, when the scope was purely about the security of information, but not now. Related terms, like information protection and network security are similarly dated and also too narrow in scope.

The least worst current option - cybersecurity
An acceptable compromise, and one that seems to strike a happy medium, is the term many use to-date, “cybersecurity.” Don’t worry about if it’s one word, two, or hyphenated, it has the word “cyber” in it for the Feds, and “security” in it for most of the commercial types. You can say cybersecurity in a mixed audience and not get groans or a rolling of the eyes by the more grizzled security veterans. As a stopgap measure, cybersecurity works.

In a perfect world – just security
Here’s where I’ve arrived. I call it “security;” no need to further describe or elaborate. I self-identify as a “security guy.” I help clients with security services and product. Given the constant stream of front-page stories, I find security (read cybersecurity) being so mainstream that I don’t have to clarify, or distinguish myself from our physical security brethren. No guns, gates, or guards for me, and no, I’m not a mall cop. So I’m a security professional, providing security services that keep clients out of the news.

No matter what we end up calling it, we need to make sure that those who live and breathe security are the ones who dictate the term that is used. The art of what we do as IT security professionals has evolved into a sophisticated and critical part of everyday culture, not just business. We need to own what we do and come up with a term we can be proud to associate with our work; not one that makes us cringe every time we hear it.

John Dickson is an internationally recognized security leader, entrepreneur, and Principal at Denim Group Ltd. He has nearly 20 years of hands-on experience in intrusion detection, network security, and application security in the commercial, public, and military sectors. As ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
beldern
50%
50%
beldern,
User Rank: Apprentice
12/6/2015 | 1:35:21 PM
Re: New word for Cyber
Logical Security would be another term to seperate us from the physical realm.  
JVS3
100%
0%
JVS3,
User Rank: Apprentice
11/30/2015 | 11:04:00 PM
New Word for Cyber
Personally, cyber doesn't bother me that much.  It is what it is.  That said, "Void" seems a rather appropriate term if not a bit dated in the sci-fi world anyway.  Thank you Dan Simmons for the highly original and classic reference.  The internet and cyber space has become so analagous to everything not physical and immediatly tactile that void seems a legitimate term to me.  It would certainly represent the future of all thing cyber and the lack of any ability to control where it goes and how it is used.  I already reference it this way myself.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/28/2015 | 11:54:43 PM
Re: The perennial struggle
Well, we did go from calling it "cybersex" and "cybering" to "sexting."  I guess something similar is possible for cybersecurity, too!
jdickson782
50%
50%
jdickson782,
User Rank: Author
11/28/2015 | 12:03:06 PM
Re: The perennial struggle
Haven't accepted it yet! ;-)  I did hear from some of my DoD friends that there are now many who groan when they hear the term "cyber" even in DoD conversations, so perhaps the term will fall out of favor with most. Stay tuned.

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/27/2015 | 11:42:25 PM
The perennial struggle
I remember my best friend and I having a discussion like this 20 years ago.

People talked about this in the '90s, and they haven't stopped.  Maybe we should just accept it already.
PaulV238
100%
0%
PaulV238,
User Rank: Apprentice
11/25/2015 | 8:38:29 AM
New word for Cyber
What about technical security? Seperates us from the physical guys, but is still broad enough to encompass IOT, mobile, network, PC . . .
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12280
PUBLISHED: 2019-06-25
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
CVE-2019-3961
PUBLISHED: 2019-06-25
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browse...
CVE-2019-9836
PUBLISHED: 2019-06-25
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.
CVE-2019-6328
PUBLISHED: 2019-06-25
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
CVE-2019-6329
PUBLISHED: 2019-06-25
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.