The Back Page
Cyber Terminology: Toward a Common Lexicon
The terms used to describe cyberspace and the conduct of adversarial activities in that arena are often new and colorful word inventions. Sometimes these words derive from preexisting terms and phrases in the field of computer science that have taken on new meaning in cyberspace. The following terms may have multiple definitions depending on the community in which they are used. The definitions presented here have been adapted from a wide range of sources.
Two terms in particular have multiple meanings: cybersecurity and information assurance. Some communities view these as synonyms, others see them in a subset/superset relationship, and yet others establish them as overlapping yet distinct terms.
air gap: The separation of a computer system or network from other systems or networks by the absence of wired or wireless network connections. The apparent security provided by air gaps can be broken. For example, as soon as mobile media devices such as CDs, DVDs, or “thumb drives” are shared sequentially among air-gapped computers, the gap has been negated by the introduction of intermittent connectivity. Another type of intrusion requiring more specialized techniques and physical proximity to a computer system would be to eavesdrop on the computer system’s electromagnetic emanations.
botnet: A botnet is a number of Internet computers that have been set up to forward transmissions (including spam, viruses, and distributed denial-of-service attacks) to other computers on the Internet without the users being aware of it. Any such computer is referred to as a zombie—in effect a computer “robot” or “bot”—that serves the wishes of a master controller.
checksum: An efficient but incomplete scheme to detect whether data has changed (e.g., in a message during transmission, or in memory or a file over time) in which the data is accompanied by a numerical value (the checksum) that is calculated from the data itself before the period of potential change. At the end of the period, the numerical value is recalculated. If the value is different from the original, the data has changed. If the value is unchanged, it is still possible that the data has changed. Invented as a fast-error detection mechanism for message transmission, a checksum may be combined with a separate authentication capability such as a digital signature to quickly check for loss of data integrity after a possible cyberattack.
cyber: A word that can be used as a prefix pertaining to cyberspace. For example, a cyberattack is an attack conducted in cyberspace. Cyber defense refers to defending information maintained in cyberspace (or defense of the cyberspace systems that store, access, process, or transmit that information) from attack or espionage. Cyber resilience is the ability to sustain functions necessary for mission success in spite of hostile actions or adverse conditions in cyberspace.
cyber operations: The employment of cyber capabilities for the purpose of achieving objectives in or through cyberspace. Cyber operations may include offensive as well as defensive activities.
cybersecurity: The body of technologies, processes, and practices designed to protect electromagnetically represented information, as well as the computer and network systems that store, access, process, and transmit that information from damage, unauthorized access, or denial of authorized access. Cybersecurity includes human and technological precautions taken throughout the development and operation of the systems to guard against crime, attack, sabotage, or espionage, as well as accidents and failures. In these ways, cybersecurity includes many of the aspects of information assurance. Cybersecurity emphasizes the achievement of system and mission survivability and resilience, which is the ability to operate or fight through adverse conditions in cyberspace. It also emphasizes the development and controlled use of countermeasures and other cyber operations capabilities. In these ways, cybersecurity goes beyond the conventional practice of information assurance.
cyberspace: The global aggregate of information technology infrastructures, telecommunications networks, and computer processing systems, including those that are interconnected and interdependent and those that are air-gapped and independent. Examples include the Internet and all the computer systems connected to it; the information technology elements of systems such as military and intelligence sensor, data fusion, command and control systems; government and civilian communications systems; and the supervisory control and data acquisition elements of power generation and distribution systems and transportation systems.
Easter eggs: Benign messages or jokes generated by software intentionally hidden in a computer program or a Web page.
firmware: In electronic systems, fixed, usually small programs or data structures that are used by specially designed hardware to control the devices of which they are a part. Such hardware in today’s modern space systems includes field programmable gate arrays (FPGAs) whose firmware is programmed using hardware definition languages. Firmware is generally programmed in low-level or specialized programming languages. Like software for general purpose computing environments, firmware may be compromised by malware.
honeypot: A computer system connected to the Internet that is set up to attract and trap attempts to penetrate a target system. The purpose of a honeypot is to observe the attacks or intrusions intended for it. Honeypots are generally expensive and labor-intensive to build, maintain, and operate.
hypervisor: Software (sometimes called a virtual machine manager) that allows multiple operating systems and their applications to share a single hardware host safely in such a way that each operating system appears to have the host’s processor, memory, and other resources all to itself. Hypervisors are both a means to thwart cyberattacks and a source of potential vulnerability to other cyberattacks.
information assurance: The body of technologies, processes, and practices designed to protect information, as well as the computer and network systems that store, access, process, and transmit that information, from damage, unauthorized access, or denial of authorized access. Information assurance emphasizes human and technological precautions taken throughout the development and operation of the systems to guard against crime, attack, sabotage, and espionage, as well as accidents and failures.
kernel: The central component of an operating system that directly controls the computer hardware. Kernels are specific to the hardware on which they are running and provide basic services to the operating system, applications, and system security services. The kernel’s critical role in computing can make it an attractive target for the implantation of malware.
malware: Malicious software (possibly firmware) intended to achieve a harmful effect. Malware is intended to disrupt or deny the use of a computer resource or to gather information that leads to the loss of privacy or confidentiality, or to usurp the computer system itself to achieve harm. Malware is almost always hidden to avoid detection.
resilience: The ability to sustain the functions necessary for success in spite of hostile actions or adverse conditions. Mission resilience restricts this definition to mission success; system resilience restricts it to successful operation of systems. A mission/system is more resilient if it can provide these functions with higher probability, shorter periods of reduced capability, and across a wider range of scenarios, conditions, and threats.
rootkit: Software (possibly firmware) that enables continued privileged access by an intruder to a computer system while hiding its presence from users and administrators. A rootkit is usually a form of malware; it generally either manipulates data the operating system relies on, or alters the execution flow of the operating system. Removal of a rootkit can be complicated or nearly impossible. When the rootkit resides in the kernel, reinstallation of the operating system may be the only available solution. When it resides in firmware, removal of hardware may be required.
social engineering: Manipulating people into performing actions or divulging confidential information; trickery or deception for the purpose of information gathering, fraud, or computer system access.
space cyber: The part of cyberspace that is directly engaged in the operation and use of space-based technologies. This term is sometimes used more narrowly to refer to the aspects of cyberspace that are unique to the purpose, design, and operation of space systems. However, to the extent that space systems employ information technologies and methods common to other kinds of systems with cyber components, space cyber overlaps with those other subsets of cyberspace. As a prefix, space cyber pertains to the part of cyberspace that is engaged directly in the operation and use of space-based technologies. For example, space cyberattack or space cyber defense.
spear phishing: Phishing is a deceptive social engineering technique in which apparently legitimate communications, generally e-mails or instant messages, dupe a victim into an action (often visiting a Web site or opening an attachment) that introduces malware onto the victim’s computer. Spear phishing is targeted to specific individuals, and is customized or tailored to those individuals, their normal activities, and their associates.
virus: Software that can replicate itself and spread from one computer to another, often relying on unwitting human user actions such as sharing files over the Internet or in removable media such as CDs, DVDs, or thumb drives. Rarely, viruses can be benign and even helpful, but the term is usually reserved for a form of malware.
worm: A worm is malware in the form of a virus that uses a computer network and exploits security vulnerabilities to send copies of itself automatically to other computers on the network, generally without any user intervention.
zero-day: A zero-day vulnerability in a system is one that the developers and administrators are unaware of and that is not mitigated by defensive system components such as firewalls and intrusion detection systems. A zero-day intrusion or attack exploits one or more existing system vulnerabilities. The term arises from the fact that when awareness of a specific vulnerability comes only after an intrusion or attack exposes it, there are “zero” days (hours, minutes, etc.) left from the moment of discovery to construct a defense against its exploitation.