Some commenters took me to task a bit for my recent assertion here at KoW that the US is not in the midst of a cyberwar. My argument – one I’ve consistently made over the last year or so, including again in an op-ed for The Guardian earlier this week – is that words matter when it comes to describing risks and threats, and they frame the debates thus engendered. Crucially, of course, they help shape the responses of politicians and practitioners tackling the situations in which they find themselves.
This is not a particularly controversial stance and I find myself a bit baffled why some people might find it odd that I think declaring a de facto cyberwar against Russia and China, amongst others, might not be a particularly useful line to take. Perhaps my detractors are right but the deputy director of the UK Office of Cyber Security (OCS), Air Commodore Graham Wright, seems to agree with me.
Computer Weekly reports that the government is developing a “‘national lexicon’ of cyber English”, which tortured phrase describes the OCS attempt to stem some of the more lurid reports filtering from security agencies into the international media. Specifically, Air Cdre Wright is quoted as follows:
“We talk about the numbers of attacks we suffer … Attack is where you degrade, deny, disrupt or destroy something. But there are times when we need to be very explicit. Was this really an attack or was it theft?
“Most of what people refer to as ‘attacks’ are the exfiltration of data, which is theft or espionage,” he said. “I haven’t seen any reports of attack. Everyone always reports an attack. In most cases it is not an attack, its theft and crime, its stealing data.”
The OCS hopes a national cyber lexicon would end inexact reports of cyber attacks while clarifying language the UK could use when talking to Nato partners about the actual but as yet unrealised possibility of cyber attacks by foreign powers.
Obviously, Wright is talking more about the tactical /operational level here but it doesn’t surprise me at all to hear that the OCS is trying to pick its way carefully through some tricky terminological territory before fleshing out its response regimes. Just as it matters at this level to be precise about the actions in question, so too does it matter at the strategic level. Whilst I understand the perspectives of some who feel that the White House, in dampening claims of global cyberwar, is playing a political game, are we also going to suggest that Air Cdre Wright is doing the same?
Update: Apologies – the first published draft of this went out with some dodgy HTML. Should be fixed now.