Defining Cybersecurity

ABSTRACT

The term 'Cyber Security' has over the years emerged as one of the most increasingly
adopted and used by various parties including legal practitioners, ICT professionals, and
politicians alike. What the term truly entails is however barely understood. The
misconception might seem not a problem especially when the term is used in an informal
context but it is likely to cause mayhem when the state of affairs is concerned with
strategies, policies, or agreements. In this study, we looked at some of the definitions
provided by dependable sources, conducted reviews, and came up with another
representative definition.

Keywords:

INTRODUCTION

The 21st century’s evolution of the world economy from industrial to digital has made
significant changes in almost every aspect of life. From governments to enterprises down to
individuals, advances in the information sciences, including communication networks and
high-performance computer technology provides man the opportunity to effectively develop
and manage this technology to acquire their business, humanitarian, as well as personal
needs.

The evolution has also brought about security challenges to all the beneficiaries of the
change. Several terminologies have been used to address security regarding the digital
devices and their ecosystem, terms as "computer security", "network security", "Information
systems security " have all been used, a more general term, "Cyber Security" turns out to be
more generalizing and has been defined in different ways by concerned parties. In this work,
we reviewed existing literature of the definition of the term by authoritative sources and
formulated a yet more representative definition for the term "Cyber security".

LITERATURE REVIEW
We have reviewed literature from a wide range of disciplines in the quest to define cyber
security including Computer science, Engineering, Law, Security management and defense.

Fredrick Chang (2012), former Director of Research at the National Security Agency in the
United States said on the interdisciplinary nature of Cyber security, “A science of
cybersecurity offers many opportunities for advances based on a multidisciplinary approach,
because, after all, cybersecurity is fundamentally about an adversarial engagement. Humans
must defend machines that are attacked by other humans using machines. So, in addition to
the critical traditional fields of computer science, electrical engineering, and mathematics,
perspectives from other fields are needed.”

This explains why defining cybersecurity should involve the opinion of stake holders across
several disciplines.

Walls et al. (2013) approach the topic from the perspective of a professional services provider
and is thus focusing on tangible guidance for strategic decision makers. A key challenge
highlighted is the ambiguity introduced by the thoughtless use of the term ‘cyber security,’
where nuanced definitions ‘Information Security’ or ‘IT Security’ are more appropriate and
descriptive. They suggest that the term cyber security is only used in context of security
practices related to the combination of offensive and defensive actions involving or relying
upon information technology and/or operational technology environments and systems. The
authors state that it marks a superset of security practices such as information security, IT
security and other related practices.

Luiijf, Besseling, and de Graaf (2013) conducted an exhaustive study of national cyber
security strategies (NCSS) for 19 countries which also discusses differences in terminology in
some detail. They find that only eight nations define the term ‘cyber security’ in their NCSS,
whereas six nations do not provide any such definition. The authors note that for the ten
NCSS which have the term cyber security defined either through implication, description or
definition, the understanding of what it means varies greatly. This view is shared by Craigen,
Diakun-Thibault, and Purse (2014) who looked at a wider range of sources attempting to
define the term. They find that the term is used broadly and its definitions are highly variable,
context-bound, often subjective, and, at times, uninformative. Based on a shortlist of nine
definitions, the authors work towards a unified definition identifying five dominant themes of
cyber security. Through consensus in a multidisciplinary group, the authors arrive at an
additional definition for cyber security.

In a European Union member states analysis on cyber security, Falessi et al. (2012) provide
terminology guidance in the annex explaining that there is no universally accepted nor
straightforward definition of ‘cyber security.’ They write that some people regard cyber
security as overlapping with information security but no definitive conclusion is provided.
This view is shared by Wamala (2011) claiming that cyber security is a branch of information
security. The paper highlights the risk of uncertain terminology and aims to provide
clarification on the relative positions of cyber security and information security. It draws a
link between cyber security and the global characteristic of the internet, as such
distinguishing it from information security which, according to the author, rarely traverses
jurisdictions. Wamala goes further in this definition claiming that cyber security focuses
more on integrity and availability whereas information security is mainly concerned with
confidentiality. He concludes that cyber security is information security with jurisdictional
uncertainty and attribution issues.

APPROACHING A MORE REPRESENTATIVE DEFINITION

Cybersecurity is about protecting information, infrastructure and users from attacks as well as
containing the effects of the damage by recovery or retaliation.

Cyber Security however may be best understood when traced from the following roots
• Vulnerability
• Increasing dependence on ICT
• Presence of Malevolent Actors.
Vulnerability: These are the loopholes or openings that may lead to technical failures either
by natural means or even orchestrated by Malevolent actors. Vulnerability creates easy access
to the security of a system which may compromise data integrity and much more. Hence a
need for cyber security.
Increasing Dependence on ICT: the more increase in ICT usage and technology finds even
greater usefulness and integration in our lives through its connectivity’s, and characteristics,
failures and compromise points greatly amass impact values and this, the criminals have
made it a target. Hence a need for Cyber Security.
Presence of Malevolent Actors: These are the criminals who have their eyes on the data and
information of the systems with bad intentions trying to compromise the integrity of the data
and get valid information from the systems for their gains. Hence the need for cyber security.
Cyber security is an increasingly important domain integrating with every aspect of
cyberspace. Due to the expansion of cybersecurity, a new emerging aspect of it is highly
resurfacing every now and then.

Our cross-discipline research and review of existing literature enabled us come up with a
rather more representative and precise definition of cyber security as:
“The design and implementation of offensive, defensive, safety, recovery and sustainability
measures in protecting the cyberspace and its users.”
This definition has covered the forms of protection measures that can be applied to protect
any entity.
Offensive measures are actively aggressive measures taken to achieve a goal.
Defensive measures are measures taken to protect an entity against potential threats, in that
the execution of the attacks become unsuccessful.
Safety measures are activities or actions taken to reduce the risk of attacks on an entity.

Recovery measures are the actions taken in case of a successful attack or system failure with
minimal damages.

Sustainability measures cover the actions that will enable an entity sustain damages or
tolerate irregularities in its operation.

A combination of these measures is certainly will give the best prevention to any
environment they are applied.

The definition is also void of redundant and complex grammar as the term ‘cyberspace’
covers both infrastructure, systems, networks and services requiring inn need of the security.

CONCLUSION
The research has covered disperse fields relating to cybersecurity and a good number of
authoritative literatures were reviewed. Even with the number of reviewed literatures, it is
hard to say a particular definition is the perfect one unless if a standards organization decides
on one. We believe a deeper research will likely yield a better definition than what we have
even though it is concise, easy to comprehend and covers the subject from a general view.
REFERENCES
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining Cybersecurity.
Technology Innovation Management Review, 4(10).

Falessi, N., Gavrila, R., Klejnstrup Ritter, M., & Moulinos, K. (2012). Practical
Guide on Development and Execution. Retrieved from Heraklion:
http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-
strategies-ncsss/national-cyber-security-strategies-an-implementation-guide

Congressional Research Service. (2014). Cybersecurity Issues and Challenges: In

Brief. (R43831). Retrieved from https://www.fas.org/sgp/crs/misc/R43831.pdf.

Baylon, C. (2014). Challenges at the Intersection of Cyber Security and Space

Security: Country and International Institution Perspectives. Retrieved from
London: http://www.chathamhouse.org/publication/challenges-intersection-cyber-
security-and-space-security-country-and-international

Barzilay, M. (2013, 2013-08-05). A simple definition of cybersecurity. Retrieved

from http://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=296

Androutsopoulos, I., & Malakasiotis, P. (2010). A survey of paraphrasing and

textual entailment methods. J. Artif. Int. Res., 38(1), 135-187.

Creasey, J. (2013). Cyber Security Incident Response Guide, 56. Retrieved from
http://www.crest-approved.org/guidance-and-standards/cyber-security-incident-
response-guide/index.htm

E ig, L. M. (2011). Statutory Interpretation: General Principles and Recent Trends

(97-589). Retrieved from https://fas.org/sgp/crs/misc/97-589.pdf

De Marneffe, M.-C., MacCartney, B., & Manning, C. D. (2006). Generating typed

dependency parses from phrase structure parses. Paper presented at the
Proceedings of LREC.
Giles, K., & Hagestad, W. (2013, 4-7 June 2013). Divided by a common language:
Cyber definitions in Chinese, Russian and English. Paper presented at the Cyber
Conflict (CyCon), 2013 5th International Conference on.