“C*ber” – are we missing the point?

I have been watching the “C*ber” debate with interest over a number of years, but must now confess to being utterly bored by it.  It is an unnecessary distraction.  Let me explain:

There appear to be two principal schools of thought associated with Cyber discussions.  One School of thought see the concept of “Cyber” as a new and exciting marketing opportunity, and a second, comprising practitioners who are bemused by this new discipline and unable to see where it differs from the various information operations that have been part of our lives for the past decades.  This last group are often (possibly rightly) frustrated by the subjugation of a discipline that has been their bread and butter for several decades into a superficial marketing concept.  This second group have coined the term C*ber – branding it an informal swear word.  I can sympathise with their concern, though I am concerned about the approach.

We need to be a little careful about being either overly sensitive or arrogant about the term…. in my opinion we should treat the term cyber, much as we treat the term “hoover”….. as a convenient though possiblyinaccurate term for a concept that has (or ought to have) become a part of every day life.   (My apologies here to those people to whom the Hoover is an alien concept!)

Whilst the actual derivation comes originally (I think  – though it matters not) from Dr Who, based on a Greek root kybernetes (steersman) – the discipline has moved on.  Just as aliens are no longer made from egg boxes…the disciplines supporting the cyber environment have moved on.

For me – Cyber is a generic term  describing the digital end of the information spectrum.  Like all generic terms, there are huge dependencies and assumptions and as a result, much of the ground we must cover to bring effect to bear is not strictly digital – this matters not – what does matter is that we identify and manage risks in this space.

Personally, I care less about what the space is called, than what happens in it and how we bring effect to bear to manage risk within it.  By trying to define the area too closely, we give ourselves artificial boundaries that our adversaries may not recognize.   This is dangerous and foolish…. whether in the digital, kinetic or wider information spaces.  We should scope according to the context rather than thrashing about in an academic debate about definition.

Whilst I appreciate that it is important to define roles and jobspecs  – anyone who is dependent on a title to do this has much wider problems…. again this is not just a factor of cyber.

 

A thought: – Just as the implementation of Information Security, though supported by a number of excellent standards and “best practice” differs widely from context to context – so must “Cyber” activity and its various supporting disciplines.

Another thought: – A significant proportion of the people with the term “Cyber” in their Job Title would find it a much easier nut to crack if they applied existing “kinetic” methodology and doctrine and then looked for the gaps before  than messing about trying to reinvent a wheel out of egg boxes.

Sorry to be a damp squib – but we should move on and leave those with less confidence to drown in an academic quagmire of their own making.

Managing Director of SRM, Tom F is a regular contributor to the SRM blog.

Posted 6 years ago on · Permalink