Recent Posts

China Not Out to Destroy the Electric Grid or Other Networks, Former NSA, CIA Director Hayden Says

U.S. networks, including the electric grid, are less threatened by cyber attacks from nation-states than from damage inflicted by rogue entities such as web activists, former CIA and NSA Director Michael Hayden said today.  And although China is a major cyber threat from an economic perspective, it does not seem a likely source of destruction to U.S. networks.

"Without question the country that is out there stealing most of our stuff is China," Hayden said at a Bipartisan Policy Center conference on protecting the electric grid from cyber threats.  "There is evidence that they are out there on SCADA networks as well as just penetrating networks just to steal our stuff."

But, Hayden said, "frankly I find it hard to imagine circumstances where China would want to do something incredibly destructive to any American network, the grid, absent a far more problematic international environment in which the cyber attack itself is part of a larger package of really, really bad things."

The real threat to the grid and other networks may not be nation-states such as China or criminals out to make a buck but unpredictable rogue players, including terrorist groups and web transparency activists. "Sooner or later governments can be held to account.  Fundamentally criminals want to make money and they enter into a symbiotic relation with the host," Hayden said.

Those loosely defined players, though, are "beginning to acquire capacities that a year or two or three ago we equated with the more competent groups" and their "demands may be unsatisfiable," according to Hayden. "This is going to get worse before it gets better."

The philosophy embedded in the U.S. Constitution makes it hard to create adequate cyber defenses because "we have not yet created a consensus as to what we want our government to do..or what we will let our government do," Hayden said.  "I’m willing to accept the proposition that forever the United States will have one of the least well-defended networks on this planet because of James Madison and Alexander Hamilton and all of those good folks who wrote the Federalist papers."

Addressing the revelations flowing from the leaks of former NSA contractor Edward Snowden, Hayden said that the ensuing fears of an overly aggressive government will "freeze" the government's ability to protect private industry and that private industry must learn to protect itself.  "The next sound you hear will not be a bugle and the sound of pounding hoofs as the federal cavalry comes over the ridge line to your rescue," he said. "To the degree that you never expected it down here in the physical domain, you are responsible for your safety in the digital domain personally and corporately."

The federal government, though, needs to step up its cybersecurity efforts, particularly in the arena of information sharing, electric industry representatives speaking at the same event said.  Speaking of state regulator capabilities for addressing cybersecurity issues, Doug Myers, CIO of Pepco Holdings, said "if the conversation at the state level could be informed by a clear and compelling federal vision…I think would be very helpful."

"The issue has to be addressed at the federal level," Ed Goetz, VP of Corporate and Information Security at Exelon said. "I think the president’s executive order opened the door to this possibility."

However, information sharing works best as a two-way street, Scott Saunders, Information Security Officer at Sacramento Municipal Utility District said.  "if we pull together in a more cohesive manner we can provide information back to the government about what is happening to us."

Is it “Cybersecurity,” “Cyber Security” or (Please No) “Cyber-Security?" I Asked the Experts.

While conducting a search of a government database, I encountered a problem all too common for those interested in the topic of security in the digital realm.  Namely, the frequency with which the topic is spelled and written in three different ways –  “cybersecurity,” or “cyber security” or, far less frequently, “cyber-security.”

In conducting my search, I realized that my analysis would be inaccurate and incomplete if I didn’t search at least three different ways using the three different spellings.  Frustrated, I tweeted that we should all settle on one common spelling and I picked cybersecurity for ease of use.

That was not the right answer it seems. One immediate response I received, from Jeffrey Carr, CEO of Security Firm Taia Global and author of Inside Cyber Warfare:  Mapping the Cyber Underworld, is to stop making up words.
The problem is that the world is making up words, not me, and there is almost no consistency among writers, scientists, official government usage, corporations or anybody else about the proper spelling for a word or phrase that everyone is using a lot these days.   While it might seem merely annoying and trivial, the answers you receive when searching for information on this topic can vary depending on how you spell the term.  In my case, the data I was compiling told me something completely different if I only used one or the other phrase – I would have reached the wrong conclusion if I didn’t take the extra steps to conduct three different searches.

It really doesn’t matter which resource you turn to, Google or scientific or engineering or government databases, the variation in spelling poses problems.  Searches on Google produce different, and differently ranked, results depending on how you spell it.  Here’s what you might think the top news items were this morning if you conducted a Google search for “cybersecurity:”

Here’s what you might think the top news items were this morning if you conducted a Google search for “cyber security:”
And forget searching on “cyber-security.”  Here's a search I conducted yesterday which features in the top three news items all three variants of spelling and usage.
But what if you’re searching for technical information on the topic, where the difference in results might matter more?  The same annoying outcome occurs – what you see depends on how you spell it.  Here are the top three search results from the IEEE database using “cybersecurity.”

Here are the top three search results from the same database using “cyber security.”  No overlap at all and differently prioritized answers.
Hoping to contribute to clarity on this problem and advocate a single solution, I polled some of the top experts on neologisms, the creation of new words, to see if there is a correct usage that we can huddle around over time.  Here are the answers I received:

Suzanne Kemmer, Associate Professor of Linguistics at Rice University:
From the standpoint of the usual lexical conventions, cybersecurity is better, because 'cyber' is not a free-standing word but instead what linguists call a bound morpheme - a combining form used to form new words. It is of Classical Greek origin like many of our scientific and technical vocabulary elements-- and the usual pattern for such borrowings is to combine them with other elements into one word. Bio, neo, photo are all parallel examples - when made into new compounds they are written together with the element following: not bio informatics but bioinformatics, etc.

Sometimes a group of specialists will make their own convention, but the language at large typically doesn't follow it because there are so many instances of the more general pattern. It looks like that has happened in the technical community in this case . They probably don't know the general lexical patterns of English and just have made their own specialists' convention. I predict that for this word the general (one-word) pattern will win out in the language at large.

David K. Barnhart, Editor, The Barnhart DICTIONARY COMPANION:
The search of Nexis [which Barnhart prefers when searching for usage frequency] suggests that the usage of these terms in the United States is dominated by cybersecurity while British and World English usage appears to prefer cyber security.  Cyber-security is the least prominent of the possibilities.  So, I guess, this has been a long-winded way of getting around to saying: It may depend on where you live.

Wayne Glowka, Professor of English and Dean of the School of Arts and Humanities, Reinhardt University:
You have come across a common occurrence with compound words. Typically, they start as two-word phrases. In time, you will see them as hyphenated words and then as compound words written as one word. Different dictionaries will offer different ways of spelling them, often noting that all three forms are acceptable.

Normally, a good linguistic sign that we have a compound word in American English is stress on the first syllable. So the phrase "black bird" (as in "I see some kind of black bird over there") has its strongest stress on "bird." The compound word "blackbird" has its strongest stress on "black."

The big exception to the congruence of spelling and pronunciation is the compound word "White House" (the house with the POTUS lives). It is stressed like a compound word (WHITE house), but it is spelled like a phrase.

Figuring out the most strongly stressed syllable of "cybersecurity" vs. "cyber security" would be a challenge akin to pronouncing the difference between "a light housekeeper" and "a lighthouse keeper." And where is the stress in "an elevator operator"?

Ben Zimmer, Executive Producer of and the Visual Thesaurus, language columnist for The Wall Street Journal, and former language columnist for The Boston Globe and The New York Times Magazine:
As it happens, I recently wrote about "cyber-" and "cyber" in my Wall Street Journal column.

Historically, "cybersecurity" has been the standard form, since "cyber-" has been understood as a combining form, not a standalone word. But as I describe in the column, "cyber" is increasingly being viewed as a word on its own, either as an adjective or a noun. So the fact that we now have phrases like "Cyber Monday" encourages people to think of "cyber" as an adjective (or possibly an attributive noun) modifying the noun it precedes.

So while I would personally prefer "cybersecurity," I can see how "cyber security" could eventually displace it.


So, with all that, here’s what we know about which term is more correct:  not much.  While the preference leans toward “cybersecurity,” it might depend on where you live, what you’re trying to emphasize or whether you’re part of a technical community that for its own reasons prefers to use one or the other term. But seriously it would be great if we all just agreed on one form over the other.

I vote for cybersecurity.

Twitter Delicious Facebook Digg Stumbleupon Favorites More