Translating cyber war into Russian

Working group's taxonomy seen as a step toward international agreements

Terms such as cyberspace, cyber security and cyber war are common, but what they mean may not be precisely defined. Speakers and writers use them somewhat loosely, which can make discussions among people who speak different languages more challenging that usual.

A U.S.-Russian effort is proposing common definitions. The EastWest Institute and the Information Security Institute of Moscow State University have released a report with definitions for 20 key cybersecurity concepts, the beginning of what the groups hope will be a comprehensive international cyber taxonomy.

According to the taxonomy, released April 27, cyberspace is “an electronic medium through which information is created, transmitted, received, stored, processed and deleted.” Cybersecurity is “a property of cyberspace that is an ability to resist intentional and unintentional threats and respond and recover.”

At the other end of the spectrum, cyber war is “an escalated state of cyber conflict between or among states in which cyberattacks are carried out by state actors against cyber infrastructure as part of a military campaign,” either declared or undeclared.


Related story:

Cyber Command still struggling to define cyber war


“It may seem like a small step, but Russians and Americans have never before sat down and really agreed on the terms that are the prerequisite for rules of the road for cyber conflict,” EWI Chief Technology Officer Karl Rauscher said in a prepared statement. Rauscher led the process with Valery Yaschenko, director of the Information Security Institute at Moscow State University. “Defining terms together is the first step for creating international cybersecurity agreements.”

Rauscher told GCN that international policy on cyberspace is long overdue.

“In order to have agreements on standards, policy and regulation, you need to have a common understanding and terminology,” he said. “The fact that two cyber superpowers agree on these is significant. These are terms that are intended to be used for policy discussion.”

The initial issue of the report, "Critical Terminology Foundations," was presented at an international forum in Germany on government and private-sector cooperation in information security and combating terrorism.

Rauscher said a number of countries represented at the forum expressed interest in contributing to a second issue of the report, which will be presented and further refined at the EWI’s second Worldwide Cybersecurity Summit to be held in London in June. Third and fourth versions would be issued later in the year representing consensus definitions.

The ultimate goal is international adoption and expansion of the taxonomy.

Improved international cooperation was one of the near-term goals identified in the president’s Cyberspace Policy Review, released in 2009. The EWI-ISI effort is intended to help enable this by removing some communication roadblocks.

A number of national programs to standardize cybersecurity terminology already exist, such as the Common Vulnerability and Exposure and the Common Configuration Enumeration databases, which are maintained by Mitre Corp. The critical terminology report is a higher-level exercise intended to build confidence and understanding among international parties.

One of the greatest hurdles to overcome in the discussions was a fundamental disagreement on the starting point for the discussion.

“The Russian view of information security emphasizes the holistic span of information, where cyber is one component along with others,” the report states. “The Russians see a logical assumption that a discussion should encompass all information, and not just a subset (i.e. cyber).”

The American view, on the other hand, focused more on addressing data in the emerging cyber realm of electronic infrastructures. “Americans do not see information protection as something that should include censorship, or any attempt to control the population’s awareness,” the report states.

The definitions are concise and are put into three categories:

The Theatre:

  • Cyberspace.
  • Cyber infrastructure.
  • Cyber services.
  • Critical cyberspace.
  • Critical cyber infrastructure.
  • Critical cyber services.

The Modes of Aggravation:

  • Cyber crime.
  • Cyber terrorism.
  • Cyber conflict.
  • Cyber war.
  • Cybersecurity.

The Art:

  • Cyber warfare.
  • Cyberattack.
  • Cyber counter-attack.
  • Cyber defensive countermeasure.
  • Cyber defense.
  • Cyber defensive capability.
  • Cyber offensive capability.
  • Cyber exploitation.
  • Cyber deterrent.

 

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.