Lay Down Your Cyberweapons

What if how we talk about security became less aggressive?

Joey Tyson
Mar 8, 2017 · 2 min read
Image for post
Image for post
Photo by Erik Mclean on Unsplash

At many hacker conferences, you’re more likely to hear boasting about flashy new methods for “breaking” a niche technology than strategies for defending your data. You’ll also hear about the uninformed laziness of software developers, or the unpatchable stupidity of technology consumers. Amid pessimism bordering on nihilism, alcohol flows in abundance and sexual harassment becomes all too common.

We hackers have problems.

Thankfully, many people are working hard to address these and other issues in the information security community. While such challenges stem from a range of root causes, I’ve also wondered lately if the language we use when thinking about security has influenced some of these worrisome trends.

Have you ever considered how militaristic our jargon can be? Attackers threaten targets by breaking systems with weaponized exploits. We may joke about the idea of “cyberwar,” but we talk as if we’re in one. And with that mental model, it makes sense to focus on efforts such as preventing anyone from ever getting past your perimeter defenses.

But in practice, we know compromises will happen; strategies such as defense-in-depth or robust monitoring help mitigate risks even if someone finds a way into our systems. What if instead of trying to simply build “secure” apps, we aimed for resilient apps? What if we replaced our conception of security as a field for toughness and aggression with a model that can thrive even in the presence of vulnerability?

Personally, I favor Paris Tabriz’s health care analogy. (No “cyber pathogen” jokes, please!) We all certainly want to avoid getting sick, but in medicine, catching a virus hardly constitutes a failure. Software systems often resemble biological organisms more than buildings or landscapes anyway.

Language matters. I’m not pretending a change of metaphor will solve all of the problems with infosec culture, but it can help reframe and retrain some of the thinking that drives those problems. Our descriptions also convey images to people outside our field; inclusive language helps support efforts to increase the diversity of our community, which in turn helps us build better fortifications… or should I say immunities?

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store