15 October 2015

Stop Calling Everything "Cyber"

http://nationalinterest.org/feature/stop-calling-everything-cyber-14070

"Beyond the image Washington projects with its outdated language, the conflation of all things networked into a single term limits the specificity of discourse on the subject." 
October 14, 2015

For Washingtonians, being the butt of jokes from around the country is just another part of working inside the Beltway. But lately, the policy community has been playing right into the punch line with its continued use of the word “cyber” to refer to anything and everything network-based. While taking a certain amount of grief is part of the job description, Washingtonians should absolutely care about updating their jargon.

Use of an outdated word undermines credibility, perpetuating the stereotype of the out-of-touch, uninformed politician or his more malevolent cousin, the fear-mongering and manipulative federal agency spokesman. Analysts, legislators, and government officials alike have emphasized the growing need for collaboration with the private sector to further technological development in national security. But the private sector understandably might lack confidence in their prospective partners when the representatives of these agencies are using terminology that went out of common usage around the same time as the dial-up modem.
Beyond the image Washington projects with its outdated language, the conflation of all things networked into a single term limits the specificity of discourse on the subject. That is to say, when we refer to Stuxnet, credit card fraud, state-sponsored economic espionage, sabotage of public-facinggovernment websites, and garden-variety doxing all with the same word, it is hard to have a meaningful discussion about any one issue. 

The difference is more than just semantic. Consider the recent U.S.-China cyber agreement. Both parties agree to refrain from supporting “cyber-enabled theft of intellectual property,” but that leaves an awful lot of cyber-territory open to interpretation. Just days before the agreement was announced, Xi gave a speech in Seattle proclaiming, “China is a staunch defender of cybersecurity. It is also a victim of hacking.” It is not hard to guess to whom they attribute that hacking. From the Chinese perspective, the U.S. government is also engaged in some rather offensive practices that Americans would not consider a cyberattack.

For example, U.S. tolerance or even support for hacktivists that circumvent governmental content filters in authoritarian areas is just another expression of democracy in action to American audiences. But the regimes in question view such actions as a foreign government undermining cybersecurity. The “cyber” terms—cybersecurity, cyberattack, cyberespionage, cybercrime—are blurred within our own discourse community, but they can mean drastically different things to other governments, which makes any agreement on the subject more than a little suspect. How is anyone to know which behaviors exactly are prohibited when the same word is used to mean so many different things?

The challenges that fall under the umbrella of “cyber” are numerous and diverse, and no single solution can encompass them all. Addressing state-sponsored industrial espionage requires its own conversations, as does the defense of critical U.S. infrastructure and ensuring the integrity of military command and control systems. And those conversations will be very different than conferences on hacktivism, political dissent via Twitter, and online credit card fraud. But until we can start consciously separating all of these subjects in our discourse, we cannot generate effective, unique solutions.

Laura K. Bate is an assistant director and program associate at The Center for the National Interest.

No comments: