Communication Breakdown: Security's Language Problem
Information security pros are picky about the words they use. CSO's Bill Brenner says the annoying terms aren't going away without some creativity.
Tue, July 06, 2010
CSO — It's an old problem in the security industry -- vendors, public-relations firms and the media coin all these catch phrases and buzz words to describe the latest threat or technological solution. Then the smarter industry voices get all uptight about it.
Does anyone remember the individual who coined the word "phishing" to describe one of the oldest social engineering tricks in the book? Me neither. (Speaking of social engineering tricks, check out Joan Goodchild's latest article, DefCon contest to spotlight social engineering.)
I also don't remember who came up with all the "PH" words that followed, like pharming and phlooding. But I AM among those who learned to roll his eyes at every "PH" word other than phishing (because that was an original).
I remember the day in 2005 when a PR person called me about a "new" threat the vendor she represented was tracking. The vendor wanted the world to know about a new technique in which the bad guys could, from different locations, saturate wireless access points with log-in requests using multiple password combinations, clogging a company's central authentication server. The vendor described this as "phlooding." The PR rep described phlooding the way others might describe the collapse of the Internet. Since then, nobody I know of has claimed to have suffered a catastrophic case of phlooding. I wrote about the threat, but did so from the perspective of IT security pros who were getting annoyed with all the "ph" words flying (phlying) their way.
If a "PH" word is based on a variation of a phishing attack, that's one thing. But five years later, I'm still trying to figure out just what the heck phlooding has to do with phishing.
A good friend of mine, James Arlen, has a word to describe the stupid things people do online to put themselves and everyone else in peril. I can't print the entire word because this is a G-rated publication. But I can tell you it starts with "cyber." He has a t-shirt with the word on it.
James sometimes takes issue with some of the words we in the media like to use. One word is "cybersecurity." He loathes the word. And he's not alone. I know many an IT security practitioner who will try to use any word but that one to describe the art of protecting the Internets. Sorry. I meant InterNET.
I'm still trying to figure out what the big deal is. Sure, the word cyber has been slathered across the English language a bit too liberally. If you punch in the word on Wikipedia, you'll see everything from "a range of mainframe computers" to "a brand of computer hardware." Cyber is also a supervillain in both the Marvel and DC comics universe, though in the DC world it's "Doctor Cyber."