Author: Stilgherrian / Source: ZDNet
“Language matters. We know that in the offline world, and online is no different,” says Alastair MacGibbon, Special Adviser to the Prime Minister on Cyber Security.
“Until such time as we are better able to define and explain why we use certain words, the broader public can’t be involved in a debate that is really necessary for all of society to be part of,” MacGibbon told ZDNet on Friday.
MacGibbon had just finished hosting a two-hour roundtable at the Department of Prime Minister and Cabinet (PM&C) to discuss an early draft of a document titled Words Matter: Australia’s Cyber Security Lexicon — although that title will probably change.
The intention, according to MacGibbon, is “to help define, as best we can, what these words mean, so that we can all be on a common page as we discuss cybersecurity issues”. It has the “express purpose of engaging the broader public in what is probably going to be the greatest existential threat that we face as an economy”.
One such set of words — one of the phrases the draft document labelled “contentious cybersecurity terms” and which were discussed at length in the roundtable — is “cyber attack”.
“That means certain things to government, and it means certain things in the mind of the public, but we need to make sure it means the same thing as each of us hears those words,” MacGibbon said.
As the document itself notes:
‘Cyber attack’ is commonly used to describe generic malicious activity that is intended to cause harm to a computer network or system. But there are still significant variances in thresholds for the use of the term. ‘Cyber attack’ is used to describe a spectrum of events ranging from the innocuous (in the tens of thousands) through to singular destructive incidents. The use of a single term to describe such a broad spectrum of activity and impact has devalued the term and connotations associated with ‘attack’ have also led to an inflated sense of threat.
It has also led to confusion. One example is the government messaging during the 2016 Census debacle. Within the span of a few minutes, the denial of service attack both was and wasn’t a “hack”, and was and wasn’t an “attack”, depending on who was speaking.
The roundtable was held under a modified Chatham House Rule, with…
Click here to read more