Tuesday, March 29, 2011

"Cyber" and "hacker": I’m taking them back

I use the word "cybersecurity" on the Twitter partly because it annoys people for being tragically un-hip.

But mostly I used it because it’s the word that most people will understand. If I go on CNN and talk about [IT-, information-, computer-, network-, system-]security, the audience won’t understand me as well as "cyber".

The advantage of "cyber" is precisely its impreciseness and lack of definition. My audience doesn't really want to know what the word means -- they simply want that I mean the same thing as everyone else who says "cyber" on CNN. It’s the transitive property of language. If "a=1", and "a=b", then "b=1" -- you don’t need to understand "a" or "b" to understand the equation.

Experts often use the "correct" words incorrectly anyway. They use "information security" when they mean "computer security". Or they "network security" when they mean "system security". Either these words mean something nuanced and specific, or they are no better than "cybersecurity".

Technical people have the hubris to believe they own language, and that words means what technical people want them to mean. That’s fine for words like "pi", but it doesn’t work for higher concepts. A good example is ESR's definition of "hacker" in his hacker dictionary. He insists that it means some sort of computer enthusiast, technical expert, or problem solver -- and that it should not have any "cybercriminal" connotation.

But he’s wrong. A dictionary doesn’t tell people how they SHOULD use words. Instead, a dictionary reflects how people DO use words.

Consider the American Heritage entry on "nuclear". It notes that among the many pronunciations of this word is "nukular", like how George Bush (and many other Presidents) have pronounced it. It goes on to say this pronunciation "occurs with some frequency among highly educated speakers, including scientists, professors, and government officials, it is disapproved of by many". The dictionary isn’t telling you the "correct" pronunciation -- just what pronunciations are common.

It’s funny watching journalists cover "hackers" for the first time. After they release their first story, they get deluged with comments telling them they used the word wrong (and offensively), that they should use "crackers" instead, and refer them to ESR's "dictionary". The journalists dutifully comply, and use "crackers" for a couple stories before they realize it’s stupid, and go back to using "hackers".

So, I’m using these words not necessarily how the digerati want them to be used, but how everybody else uses them. I'm taking them back. I think I have the gravitas to pull it off. I’m a cybersecurity expert -- I invented network Intrusion Prevention Systems (BlackICE Guard IPS aka. IBM Proventia IPS). I’m also a cyber-insecurity expert: I reverse engineer binary code, write exploits, and pen-test systems.

So when you see me on the inter-tubes using these un-cool terms, this is the reason why.


Shan said...

Well done! When I'm talking to fellow IT security professionals I loath the use/misuse of such words intensely, but when I'm talking to anyone outside the IT Sec community, or to "The Board" the only way to get the message across is to use these horrifically hijacked terms in the manner "Joe Public" expects to hear them.

securityartist said...

I was in a similar boat... I wanted to make sure I used the term hacker as it was originally used to describe one who gains access to learn and tried to use the term "attacker" to describe anyone who attacked whether for good or bad reasons, but this led to confusion so I have resorted back to the term "hacker" and I use the word ethical where it makes sense to do so.

Anonymous said...

How the mighty have fallen! "Cyber" is even a more muddled word now, 2 years later.