Cybersecurity as Metaphor: Policy and Defense Implications of Computer Security Metaphors
16 Pages Posted: 1 Apr 2014 Last revised: 13 Aug 2015
Date Written: March 31, 2014
Discussions of cybersecurity often involve metaphors — some explicit, others implicit — each with its own strengths and weaknesses, its own correct and misleading elements, and, most importantly, its own implications for how to secure computers, computer networks, and the information on them. In legal circles, the influential role of computer and Internet metaphors in dictating actions and laws is more clearly understood than it is in many other policy and security debates that center on questions of the threats posed by these technologies and the best means of mitigating or protecting against those threats. When these debates happen outside the courtroom, the metaphors used to illustrate cybersecurity risks and mitigation measures often enter the discussion unnoticed and are largely accepted without question. This research examines three classes of metaphors in this space — the burglar metaphor, the war metaphor, and the health metaphor — to understand the ways in which they serve as “generative metaphors” that prescribe certain types of policy solutions. As generative metaphors, each of these metaphors frames computer security challenges as analogous to another social problem and, in doing so, implies that the most appropriate and logical defensive measures would be those that mirror the steps society has taken to protect against either robbers, wars, or diseases. Each of these metaphors has strong implications for the causes, motivations, and most appropriate protections for cybersecurity threats. These implications range from who is responsible for defending computer systems, who is threatening those systems, and the nature of what is at stake if those threats are successful.
Keywords: cybersecurity, metaphor, cyber defense, cybersecurity policy
Suggested Citation: Suggested Citation