And Cybersecurity Is?
By Jeffrey Voas, FIEEE

Cybersecurity is an overused term.  It is aged. It is worn out.  It lacks technical meaning. It became popularized during decades of continuous, successful hacking events such as ransomware attacks, data breaches, network intrusions, spyware, etc. It became a well-known word to the general public through the media that reported on the seemingly endless thefts of personal data due to corporations that failed to secure the data of their customers.  But in the end, it still always lacked technical meaning and definition.

I have not recently looked, but I assume that by now, it has fallen off the “hype curve” for technical terms.   It has become one of those terms whose definition and meaning is “in the eye of the beholder.” When a term gets to that point, it loses impact, and becomes passé.

Related: During Cybersecurity Month 2019, we offer you the free Oct. 23 webinar “Lessons Learned from Snowden’s former NSA boss: Strategies to protect your data.” Sign up now and get bonus content of three exclusive articles!

It would be great to see one or more replacement terms begin to become socialized and then popularized.  For example, if data breaches are a great (or the greatest) concern, why don’t we have a term like “cyber privacy”?  And what about those many similar terms that get tossed around interchangeably, some with definitions, and others that are once again “in the eye of the beholder”: attack, threat, vulnerability, weakness, bug, fault, defect, failure, etc.? Might those terms be employed and lessen my concern about this one word? To be honest, I do not know. But we need more accurate terms and definitions if we are ever to do better science.  And this challenge is a computer science and math problem.

Also note that I can just as easily argue against myself. Are terms like cyber-trust, cyber-threats, cyber-weaknesses, cyber-bugs, or cyber-vulnerabilities any better? I certainly am not suggesting that sticking the term “cyber” onto the front of any noun helps this dilemma.  But I feel that there must be some term or terms that are better to fight this relentless problem.

The bottom line here is that “umbrella” terms like “cybersecurity” do not lead researchers, practitioners, and the general public into any real understanding of the fundamental issues related to malicious behavior and malicious intent. Refreshing terms from time to time is usually futile and frustrating, but I think for this one it might be timely and beneficial.