Cybersecurity as Metaphor: Policy and Defense Implications of Computer Security Metaphors

16 Pages Posted: 1 Apr 2014 Last revised: 13 Aug 2015

See all articles by Josephine Wolff

Josephine Wolff

Rochester institute of Technology

Date Written: March 31, 2014


Discussions of cybersecurity often involve metaphors — some explicit, others implicit — each with its own strengths and weaknesses, its own correct and misleading elements, and, most importantly, its own implications for how to secure computers, computer networks, and the information on them. In legal circles, the influential role of computer and Internet metaphors in dictating actions and laws is more clearly understood than it is in many other policy and security debates that center on questions of the threats posed by these technologies and the best means of mitigating or protecting against those threats. When these debates happen outside the courtroom, the metaphors used to illustrate cybersecurity risks and mitigation measures often enter the discussion unnoticed and are largely accepted without question. This research examines three classes of metaphors in this space — the burglar metaphor, the war metaphor, and the health metaphor — to understand the ways in which they serve as “generative metaphors” that prescribe certain types of policy solutions. As generative metaphors, each of these metaphors frames computer security challenges as analogous to another social problem and, in doing so, implies that the most appropriate and logical defensive measures would be those that mirror the steps society has taken to protect against either robbers, wars, or diseases. Each of these metaphors has strong implications for the causes, motivations, and most appropriate protections for cybersecurity threats. These implications range from who is responsible for defending computer systems, who is threatening those systems, and the nature of what is at stake if those threats are successful.

Keywords: cybersecurity, metaphor, cyber defense, cybersecurity policy

Suggested Citation

Wolff, Josephine, Cybersecurity as Metaphor: Policy and Defense Implications of Computer Security Metaphors (March 31, 2014). 2014 TPRC Conference Paper. Available at SSRN: or

Josephine Wolff (Contact Author)

Rochester institute of Technology ( email )

92 Lomb Memorial Drive
Eastman Hall, Suite 1301
Rochester, NY 14623
United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics