301.519.9237 exdirector@nesaus.org

In his latest ‘Real Words or Buzzwords’ column, SecurityInfoWatch.com contributor Ray Bernard examines the differences between “Cyber” and “Cyberspace” and how a lack of clarity around the terms has left a dangerous hole in industry thinking about the local and global systems we are increasingly connecting and interacting with.
(IMAGE COURTESY BIGSTOCKPHOTO.COM)

6.4.19 – SIW –

The lack of clarity around the terms Cyber and Cyberspace have left us with a dangerous hole in our thinking about the local and global systems with which we are increasingly connecting and interacting, usually daily but also in real time. What’s more, many of these connections and interactions are increasingly automatic both on our behalf or someone else’s.

I was recently told that I shouldn’t use the word Cyberspace, because it’s an outdated term. I couldn’t disagree more. However, I do agree that a lot of our thinking about some “cyber” terms is a bit outdated because it relates to an earlier less-developed state of Cyberspace – not what we have today or will have tomorrow.

For example, Cybernaut is a portmanteau of cyberspace and astronaut. It originally referred to a computer user who uses the internet; someone who explores cyberspace. A more up-to-date definition has been added by the English Oxford Living Dictionaries, who now provide us with two definitions:

1. An expert or habitual user of the Internet.

2. A person who uses computer technology and sensory devices to experience virtual reality.

There isn’t a word yet for a person who uses portable/wearable/embedded technology to experience augmented reality. Not to be confused with virtual reality, augmented reality is used to enhance natural environments or situations and offer perceptually enriched experiences. With the help of advanced AR technologies (e.g. adding computer vision and object recognition) the information about the surrounding real world of the user becomes interactive and digitally manipulable. AR technology provides points of intersection between physical space and cyberspace. We’ll talk more about cyber/physical intersection points later in this discussion.

Cyber and Cyberspace

Like how the definition of Cybernaut has evolved, we must now clarify our definitions of Cyber and Cyberspace.

In our current age of exponential technological advancement, the primary factor that will limit the advance of technology in any industry – including the physical security industry – will be our own legacy thinking and our failure to move past it quickly enough.

The purpose of this article is to clearly define the two terms Cyber and Cyberspace, and then use them to discuss the operational impacts and risks and the technology infrastructure concerns that that are relevant to our spheres of cyber and physical security responsibility.

As defined in this article, the terms Cyber and Cyberspace will remain critically important for most industries for the foreseeable future, and especially for the information technology (IT) and operational technology (OT) domains. Wikipedia defines Operational Technology as the hardware and software dedicated to detecting or causing changes in physical processes through direct monitoring and/or control of physical devices such as valves, pumps, etc. Gartner extends that definition to be: hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise. That extended definition is also especially relevant to smart cities. Operational Technology and Smart Cities will be the subjects of future “Real Words or Buzzwords?” articles.

Cyber

The term Cyber has evolved significantly over time, with many people widening and narrowing their definitions as fits their usage in specific fields of application. Cyber is a shortened form of Cybernetics, a word with a long and wide history documented on Wikipedia. It started out with Plato’s use of Cybernetics as a term to describe self-governance of people, and over time the word was applied to any system of self-control, thus encompassing systems in mechanical, electrical and biological engineering. The definition further evolved to mean the study of human control functions and of mechanical and electronic systems designed to replace them.

Initially that meant industrial control systems replacing human labor and human supervision. Later it evolved to also mean technology intended to replace or enhance human body functions, such as prosthetic limbs. That’s quite an evolution in meaning, and the evolution continued on from there.

In 1948, Norbert Wiener defined cybernetics as “the scientific study of control and communication in the animal and the machine.” This was the first public usage of the term to refer to self-regulating mechanisms.

The shortened form “cyber” began to appear in science fiction, particularly as “Cyborg” (short for cybernetic + organism), referring to a fictional person whose physical abilities are extended beyond normal human limitations by electro-mechanical elements built into the body. In 1996, “cybermen” appeared on the television show Dr. Who. Martin Caidin published his novel Cyborg in 1972, which served as the inspiration for the television shows The Six Million Dollar Man and The Bionic Woman, followed by the shortening of Cyborg to simply Borg for the Star Trek television series. In 2005, George P. Landow wrote, “Cyborgs actually do exist; about 10% of the current U.S. population are estimated to be cyborgs in the technical sense, including people with electronic pacemakers, artificial joints, drug implant systems, implanted corneal lenses, and artificial skin.” In 2010, the nonprofit Cyborg Foundation was created for advocacy in science and in art of the union of cybernetics and organisms.

Early on the term Cybernetics was associated with self-managing groups of people, and then with self-managing technology for communication and control. Thus, thanks to its evolving various usage, the term Cyber now has two basic definitions.

Cyber – adjective

1. Cultural: relating to, or characteristic of, the culture of computers, information technology, virtual reality, the Internet and its users. (e.g. cyber geek, cyber crime, cyber café, cyber Monday, cyber friend)

2. Technical: relating to computers, electronic data storage, and computer networks; especially the Internet and its cloud-based applications, platforms and infrastructure; as well as the information being stored, shared or transmitted by any of the connected technology. (e.g. cyber skills, cyber security, cyber resilience)

Cyber is also used as an adjectival prefix, meaning that it is combined with another word it describes to make a single word, such as: cybersecurity, cyberattack, and cybercafé.

Today, the predominant use of the term Cyber is for its technical definition, with the cultural definition falling out of use. So, if you think of Cyber as meaning computer, network or Internet-related, you’ll be on the right track. Further nuances from that initial consideration should be apparent from how the term is used.

Cyberspace

As I mentioned earlier, someone recently told me that the term Cyberspace was outdated and really shouldn’t be used anymore because it is too fuzzy and means too many things to too many people. So, I reviewed the edit history of the Wikipedia Cyberspace article and found that throughout its more than 500 revisions over the past 18 years, the definition has swung back and forth between two meanings. First, cyberspace was considered to be an entirely notional concept, meaning existing only as an idea in people’s minds, like the expression “meeting in cyberspace.” At that time a cyberspace meeting was the internet equivalent of a telephone conference call only via typing in a “chat room” instead of using voice communication. This was a decade before Facebook and Twitter. “Getting on the Internet” was a specific action accomplished via telephone dial-up, with connection rates charged by the minute or hour. There were no 24/7/365 Internet connections.

An Internet connection was a momentary thing, a very tiny part of real life. At the time the Internet was considered a physical thing, and cyberspace was considered a non-physical thing separate from “real life.” Cyberspace was considered to exist primarily in the minds of its users, who shared thoughts in real time via chat, supplemented by sharing web pages, document files and photos.

The World Wide Web was new with many aspects of it still emerging. The term cyberspace was used to describe the online “space” where the communication and data sharing took place instead of a physical world location. Initially “chat rooms” and “news groups” were for special interest groups who communicated by typed data mostly, as photos took a relatively long time to upload via a dial-up modem connection.

What initially helped perpetuate the notion of cyberspace was the idea that electronic mediums performed the same function as physical mediums and replaced them. Email replaced paper letters. Notes on electronic bulletin boards replaced paper notes. E-books replaced physical books. Thus, cyberspace was a place where virtual equivalents of the physical world existed. All physical objects have or could have a cyber object counterpart in cyberspace.

For over a decade, the content of cyberspace was a representational subset of things that existed in physical space. Cyberspace was something that people sampled, experienced, or interacted with via passive or slightly interactive web pages. It couldn’t directly impact the physical world, and so was considered a separate thing from physical space. I call this Cyberspace 1.0.

The level of World Wide Web technology used by Cyberspace 1.0 was Web 1.0, and I have chosen to maintain a correspondence in this article between the numbered levels of Web technology and the related levels of Cyberspace technology.

Approaching and after the year 2000, Web 2.0 introduced web applications, which were software programs running on web servers. People began interacting with graphically rich interactive applications at the same time as internet and local network bandwidth increased after the year 2000. Social media and internet retail commerce evolved and grew. This was called Web 2.0 and its users interacted via Cyberspace 2.0 when they “went online.” (Cyberspace 2.0 is described in the next Cyberspace article.)

In the meantime, programmable machine automation began arriving to manufacturing and building controls industries starting in the 1960s. It spread in the 1970s to building automation controls. Information technology convergence propelled both manufacturing and building automation forward with more powerful computer chips, advances in circuit board manufacturing, PCs and networking. Factory and building automation evolved and grew around the same time as the Web was growing.

Universities needed new terminology for research into computer systems that interacted with physical things. The term “cyber-physical systems” emerged around 2006, when it was coined by Helen Gill at the National Science Foundation in the United States.

The “cyber” in “cyber-physical” doesn’t refer to cyberspace, but instead stems cybernetics as referring to self-regulating mechanisms. That’s the category of technology into which current day manufacturing systems, building control systems, heart pacemakers, robotic vacuum cleaners, robotic surgery systems, autonomous vehicles and the like fall.

Nowadays, however, many modern cyber-physical systems also have connections into cyberspace, so in the case of many cyber-physical systems we now must take cyberspace connections into account, although that’s not what university cyber-physical systems research is about.

Cyber-Physical Systems

I’ve been in touch with Dr. Edward Lee regarding his Ptolemy Project at the University of California at Berkeley. They have produced a Cyber-Physical Systems Concept Map which, of course, includes physical security as well as application areas where security video cameras are put to other uses, such as transportation and automated traffic control systems.

The Ptolemy Project website states: “A cyber-physical system (CPS) is an integration of computation with physical processes. Embedded computers and networks monitor and control the physical processes, usually with feedback loops where physical processes affect computations and vice versa. As an intellectual challenge, CPS is about the intersection, not the union, of the physical and the cyber.”

When I first read the sentence italicized above, my thoughts jumped back to the cyberspace topic and I recognized that statement as making a critically important distinction, as you will see as this article continues. Many writers have stated that cyberspace and physical space are merging. While that concept suffices for many discussions, it is not accurate enough to foster the kind of thinking required to understand the dynamics involved in the billions of cyber-physical intersection points that exist today, which are estimated to soon grow to 29 billion points by 2022.

Our physical security systems currently provide hundreds of millions of those cyber-physical intersection points, and that number will grow into the billions within the next decade. What’s even more important is that the nature of those future intersection points – and the ways and extents to which they will interact with people, buildings and machinery – would be mind-boggling if we could see it all now.

That’s where Part 2 of our Cyberspace discussion goes in detail, including emerging physical security technologies and the role of artificial intelligence. You will happily take these ideas with you to the GSX conference in Chicago in September.

Cyber-Physical Systems Special Note: I have put together an outstanding panel of experts whom I’m moderating for a special session at the September GSX event in Chicago. Here is a short description of that session.

The Flat and the Furious

Session # 6210 on Wednesday, September 11 from 2:15 p.m. to 3:15 p.m.

Global cyber-physical gamers can seriously kick your assets and disappear into thin air! Thomas Friedman’s best-selling book – The World is Flat – doesn’t mention cyber-risk or the Internet of Things. Yet today our super-flattened physical world is cyber-activated with over 23 billion cyber-physical touchpoints. Being furious in the cyber world has levels of energy, violence and intensity of scale and speed that you don’t want coming at your physical world assets. Don’t have your security cameras hijacked and weaponized for cyber-attacks, or your factory machinery or cars going wild. Cyber-physical experts (security, insurance and technology) explain where cyber-physical threats and counter-measures are going and how you can and must cover your assets now.

About the Author:

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.