Cybersecurity and information security are synonymous, especially in federal government circles. I use them interchangeably. In Washington, cybersecurity seems to be the preferred term, though the law that governs federal cybersecurity, FISMA, stands for the Federal Information Security Management Act.
GovInfoSecurity.com's owner, Information Security Media Group, also publishes BankInfoSecurity.com and HealthCareInfoSecurity.com, and the editor of our healthcare site tells me he never hears of the term cybersecurity used in healthcare circles. And, one of our bank site editors says she hears the term cybersecurity mostly from regulators or people who once worked for government, but far less often from IT security practitioners at the banks. The more popular term in financial circles: information security.
The evolution of the word cybersecurity as Washington lingo is well told in a 2008 blog written by Ed Felton on the blog site Freedom to Tinker, hosted by Princeton University's Center for Information Technology Policy.
I got thinking about cybersecurity vs. information security after reading a just-released paper from the EastWest Institute entitled Russia, the United States and Cyber Diplomacy: Opening the Doors. The paper addresses how Russia and the United States can reach a cyber dÃ©tente. In the paper, authors Franz-Stefan Gady and Greg Austin write that Americans and Russians have different philosophies regarding the safeguarding of technology, and the lingo they use reflect those beliefs:
"The U.S. terms cybersecurity and cyberspace are primarily technological, whereas the Russian terms for 'information security' and 'information space' are seen as having broader philosophical and political meanings."
Technology is one component of the Russians understanding of IT security and is not deemed as the most important one. Russia, the authors write, says information security is aimed as protecting its knowledge and culture, and guaranteeing the free flow of information.
"Of course, the latter claim is hotly disputed by the Kremlin's critics at home and abroad, who believe its information concept is really designed to silence certain antigovernment critics.
Still, that's in contrast to the U.S. government's approach to cybersecurity, one focusing on safeguarding domestic technologies from disruptions, unauthorized access or other kinds of interference.
Though the U.S. and Russia favor different terms, Gady and Austin write both approaches complement one another. And they cite the Commission on Cybersecurity for the 44th Presidency report citation on the nature of the global digital environment to make their point:
"The Internet is part town square (where people engage in politics and speech), part Main Street (where people shop), part dark alleys (where crime occurs), part secret corridors (where spies engage in economic and military espionage) and part battlefield."
Misunderstandings between actors are inevitable, they write, and these can only be addressed through dialogue and compromise.
The U.S. and Russia may eventually ratify an IT security treaty, but don't expect them to concur on what to call computer/network security, especially when various sectors in the United States can't agree on the terminology.