“Cyberspace” is a relatively novel concept. An offspring of cybernetics, which today refers to the study of interactions between living beings and machines, cyberspace has become common parlance in military, political, industrial, and social circles. The term cyberspace was popularized by William Gibson’s depiction of cyberspace in his 1984 novel Neuromancer. For Gibson, cyberspace was:
“A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts... A graphic representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding.”
In 2000, when commenting on his initial use of the term, Gibson admitted that “it seemed evocative and essentially meaningless.”1 Today, while the meaning of the term is highly contested, it certainly is not bereft of meaning.
As new technologies emerge and new concepts created, who is responsible for assigning words to specific concepts? Most, if not all words related to computers and the cybersecurity field have been created recently. This poses two linguistic challenges: translating terms and agreeing on common definitions of those terms. Here we will focus on some of the political challenges posed by ill-defined terms and translational issues in cybersecurity.
The term “cybersecurity,” is most commonly used in political and military or defence circles. Head to Silicon Valley and you’d likely be met with a scoff when you evoke cybersecurity; there, the terms data security, information security, and data privacy are preferred. Nonetheless, each of those terms refer largely to the same thing: protecting networks, servers, computers, and all their underlying software, protocols, and processes from external encroachments that could compromise the confidentiality, integrity, or availability of the data on and flowing through them. However, just as the term cybersecurity is rejected in parts of industry, terminology around computer security is not standardized among nations. One of the best examples of this phenomenon in the international context is the contestation between the terms “information space” and “cyberspace.” While the cyber- and information- prefixes can be, and often are used interchangeably in industry circles, they carry dramatically different connotations in political ones.
Let’s start with the word “space” itself. Countries like China and Russia refer to information space and rarely to cyberspace in their national strategies and diplomatic discussions. Russia specifically defines their information sphere as:
“The combination of information, informatization objects, information systems and websites within the information and telecommunications network of the internet, communications networks, information technologies, entities involved in generating and processing information, developing and using the above technologies, and ensuring information security, as well as a set of mechanisms regulating public relations in the sphere.”2
How Russia defines their information sphere is largely synonymous with how the UK government has defined cyberspace:
“Cyberspace is an interactive domain made up of digital networks that is used to store, modify and communicate information. It includes the internet, but also the other information systems that support our businesses, infrastructure and services.”3
However, approaches to security—what to secure and how—in this space differs. Again, a divide emerges in national strategies and international forums. States that generally obsess over information space or the information sphere favour using the term information security; states concerned primarily with cyberspace in their national doctrine favour the use of the term cybersecurity. Russia has an information security strategy; the US, UK, Israel, and Japan have cybersecurity strategies. It is at this point that we can observe a stark departure in meaning.
Let’s again start with a Russian definition of information security:
“… the information security of the Russian Federation (hereinafter referred to as the "information security") is the state of protection of the individual, society and the State against internal and external information threats, allowing to ensure the constitutional human and civil rights and freedoms, the decent quality and standard of living for citizens, the sovereignty, the territorial integrity and sustainable socio-economic development of the Russian Federation, as well as defence and security of the State.”4
Compare that with the way that the UK refers to cybersecurity in its most recent strategy. For the UK, cybersecurity is:
“… the protection of internetconnected systems (to include hardware, software and associated infrastructure), the data on them, and the services they provide, from unauthorised access, harm or misuse. This includes harm caused intentionally by the operator of the system, or accidentally, as a result of failing to follow security procedures or being manipulated into doing so.”5
The UK strategy is concerned with protecting the trust, availability, and integrity of the systems that underpin the internet; the Russian strategy expands to give the state purview over what information is available on those systems. While we have focused on Russia and the UK here, the trend is wider than just those two countries. Despite these clear differences, proponents of information security approaches have worked to intertwine the two issues, particularly in international forums like the United Nations and in diplomatic talks elsewhere.
This job has been made easier by the notion that the complexity of understanding “cyber” escalates when there is a need for translation. The vast majority of terms in the cyber-terminology tree have been coined in the English language, and many of these terms do not have ready-made or literal translations in other languages. For example, the Spanish language has yet to arrive at an agreed-upon translation of words like cyber warfare and cybersecurity (is cybersecurity seguridad digital, ciberseguridad, or seguridad cibernetica?). This challenge has come to the fore in our work translating some of our material from English to Spanish. The final Spanish translations will often require extra pages to explain some of the details of “cyber” concepts to help maintain the message of the original text.
These translation complications can have tangible consequences in international cyber diplomacy. The most evident repercussion is that nations are not willing to reach a consensus, and therefore cannot create treaties that promise to address key challenges to cybersecurity. Since 2011, a group of countries from the Shanghai Cooperation Organization, led by China and Russia, have submitted requests to the United Nations General Assembly to begin working toward an international treaty on cyber and information security. But because different countries ascribe different meanings (or use different words) to describe cyberspace and security, allowing a treaty to move forward without consensus on what the words mean would possibly legitimize internet surveillance and censorship. Nations cannot begin to produce solutions to a problem without first agreeing on what the problem actually is!
Robert Morgus is a researcher with New America's Cybersecurity Initiative and International Security Program. Jessica Viteri is an intern with New America's Cybersecurity Initiative, where she translates policy papers from English to Spanish.