Abstract
Policy-makers involved in cybersecurity governance should pay close attention to the “generative metaphors” they use to describe and understand new technologies. Generative metaphors structure our understanding of policy problems by imposing mental models of both the problem and possible solutions. As a result, they can also constrain ethical reasoning about new technologies, by uncritically carrying over assumptions about moral roles and obligations from an existing domain. The discussion of global governance of cybersecurity problems has to date been dominated by the metaphor of “cyber war”. In this chapter, we argue that this metaphor diminishes possibilities for international collaboration in this area by limiting states to reactive policies of naming and shaming rather than proactive actions to address systemic features of cyberspace. We suggest that alternative metaphors—such as health, ecosystem, and architecture—can help expose the dominance of the war metaphor and provide a more collaborative and conceptually accurate frame for negotiations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
It is useful to note that the concept of war emerged later than we might think; ancient Romans spoke of ‘conquest’ rather than war (van der Dennen 1995).
- 2.
This approach is inspired by Luke’s (2010) guide to “metaphor-hacking”.
- 3.
In amplification attacks, attackers try to exhaust a victim’s bandwidth by abusing the fact that protocols such as DNS or NTP allow spoofing of sender IP addresses (see US-CERT 2016).
- 4.
Of course, states might choose to only give up vulnerabilities in cases where they have a second vulnerability which guarantees their ability to exploit the same systems. However, even such seemingly useless disclosures will make most users safer, as third parties will be less able to exploit these vulnerabilities when they are disclosed.
- 5.
This is an indicative list of proposed obligations for states within each conceptual framework – obligations for private actors are italicised. The norm initiatives do not necessarily advocate all of the norms in their category.
References
Ablon, L., M.C. Libicki, and A.A. Golay. 2014. Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar. Rand. https://doi.org/10.7249/j.ctt6wq7z6.
Ambastha, M. 2019. Taking a Hard Look at the Vulnerabilities Equities Process and Its National Security Implications. Berkeley Tech Law Journal. http://btlj.org/2019/04/taking-a-hard-look-at-the-vulnerable-equities-process-in-national-security/.
Berr, J. 2017. ‘WannaCry’ Ransomware Attack Losses Could Reach $4 Billion. CBS News, May 2017.
Betz, D.J., and T. Stevens. 2013. Analogical Reasoning and Cyber Security. Security Dialogue 44 (2): 147–164. https://doi.org/10.1177/0967010613478323.
Black, Max. 1993. More about metaphor. In Metaphor and thought, vol. 31, 19–41. https://doi.org/10.1111/j.1746-8361.1977.tb01296.x.
Brown, Gary D., and Andrew O. Metcalf. 1998. Easier said than done: Legal reviews of cyber weapons. Journal of National Security Law and Policy.
Buchanan, B. 2017. The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations. Oxford Scholarship Online 2017. https://doi.org/10.1093/acprof.
Chehadé, F. 2018. Joseph Nye and Fadi Chehadé – Norms to Promote Stability and Avoid Conflict in Cyberspace|Blavatnik School of Government. Blavatnik School of Government. https://www.bsg.ox.ac.uk/multimedia/video/joseph-nye-and-fadi-chehade-norms-promote-stability-and-avoid-conflict-cyberspace.
Collier, J. 2018. Cyber Security Assemblages: A Framework for Understanding the Dynamic and Contested Nature of Security Provision. Politics and Governance 6 (2): 13–21. https://www.cogitatiopress.com/politicsandgovernance/article/view/1324/1324.
Cooley, A., and J. Snyder. 2015. Ranking the World: Grading States as a Tool of Global Governance. https://doi.org/10.1017/CBO9781316161555.
CyberGreen. 2014. The Cyber Green Initiative: Concept Paper Improving Health Through Measurement and Mitigation.
———. 2016a. Cyber Security Agency of Singapore Becomes Cornerstone Sponsor for CyberGreen. https://www.cybergreen.net/2016/10/11/Cyber-Security-Agency-of-Singapore-Becomes-Cornerstone-Sponsor-for-CyberGreen/.
———. 2016b. Improving Global Cyber Health. https://www.cybergreen.net/img/medialibrary/CG-infographic-2016-web.pdf.
Dev, P. 2015. ‘Use of Force’ and ‘Armed Attack’ Thresholds in Cyber Conflict: The Looming Definitional Gaps and the Growing Need for Formal U.N. Response. Texas International Law Journal 50: 381–402.
DHS. 2018. U.S. Department of Homeland Security Cybersecurity Strategy. https://www.dhs.gov/sites/default/files/publications/DHS-Cybersecurity-Strategy_1.pdf.
Eco, U., and C. Paci. 1983. The Scandal of Metaphor: Metaphorology and Semiotics. Poetics Today 4: 21. https://www.jstor.org/stable/1772287?seq=1#metadata_info_tab_contents.
Fairclough, G. 2018. Offensive Cyber, Ecology and the Competition for Security in Cyberspace: The UK’s Approach. http://podcasts.ox.ac.uk/offensive-cyber-ecology-and-competition-security-cyberspace-uks-approach.
Falkner, R. 2016. The Paris Agreement and the New Logic of International Climate Politics. International Affairs. https://doi.org/10.1111/1468-2346.12708.
Froomkin, A. M, and others. 1995. Anonymity and its enmities. J. Online L. Art.
Floridi, L. 2014. The 4th Revolution: How the Infosphere Is Reshaping Human Reality. 1st ed. Oxford: Oxford University Press. https://global.oup.com/academic/product/the-fourth-revolution-9780199606726?cc=gb&lang=en&.
GCSC. 2017. Call to Protect the Public Core of the Internet. New Delhi: . https://cyberstability.org/news/global-commission-proposes-definition-of-the-public-core-of-the-internet/.
Giles, K., and W. Hagestad II. 2013. Divided by a Common Language: Cyber Definitions in Chinese, Russian and English. 5th International Conference on Cyber Conflict, 1–17.
Gill, L. 2017. Law, Metaphor and the Encrypted Machine. Osgoode Hall Law Journal 13: 16. https://ssrn.com/abstract=3138684.
Gough, C., and S. Shackley. 2001. The Respectable Politics of Climate Change: The Epistemic Communities and NGOs. International Affairs. https://doi.org/10.1111/1468-2346.00195.
Grigsby, A. 2017. The End of Cyber Norms. Survival 59 (6): 109–122. https://doi.org/10.1080/00396338.2017.1399730.
Johnson, M. 1993. Moral Imagination: Implications of Cognitive Science for Ethics. Chicago: University of Chicago Press.
Jones, M.L. 2017. The Spy Who Pwned Me. Limn, 8. https://limn.it/issues/hacks-leaks-and-breaches/.
Kello, Lucas. 2017. The virtual weapon and international order. Yale University Press.
Korzak, E. 2017. UN GGE on Cybersecurity: The End of an Era? The Diplomat. https://thediplomat.com/2017/07/un-gge-on-cybersecurity-have-china-and-russia-just-made-cyberspace-less-safe/.
Lakoff, G. 1987. Categorization. In Women, Fire and Dangerous Things.
Lakoff, George, and Mark Johnson. 1980. Metaphors we live by. 1st ed. Chicago: University of Chicago Press.
Lapointe, A. 2011. When Good Metaphors Go Bad: The Metaphoric ‘Branding’ of Cyperspace. Center for Strategic & International Studies. http://csis.org/publication/when-good-metaphors-go-bad-metaphoric-branding-cyberspace.
Lotrionte, C. 2017. Geopolitics Eclipses International Law at the UN. The Cipher Brief, 6 Aug 2017. https://www.thecipherbrief.com/geopolitics-eclipses-international-law-un-1092.
Lukes, D. 2010. Hacking a Metaphor in Five Steps. Metaphor Hacker. http://metaphorhacker.net/2010/07/hacking-a-metaphor-in-five-steps/.
Maurer, T. 2011. Cyber Norm Emergence at the United Nations. International Relations, no. September, 1–69. http://belfercenter.hks.harvard.edu/files/maurer-cyber-norm-dp-2011-11-final.pdf.
McKune, S. 2015. An Analysis of the International Code of Conduct for Information Security. https://citizenlab.ca/2015/09/international-code-of-conduct/.
Nye, J. 2017. A Normative Approach to Preventing Cyberwarfare. Project Syndicate, 13 Mar 2017. https://www.project-syndicate.org/commentary/global-norms-to-prevent-cyberwarfare-by-joseph-s%2D%2Dnye-2017-03?barrier=accesspaylog.
Peters, G.P., R.M. Andrew, J.G. Canadell, S. Fuss, R.B. Jackson, J.I. Korsbakken, C. Le Quéré, and N. Nakicenovic. 2017. Key Indicators to Track Current Progress and Future Ambition of the Paris Agreement. Nature Climate Change. https://doi.org/10.1038/nclimate3202.
Rid, T. 2012. Cyber War Will Not Take Place. Journal of Strategic Studies 35 (1): 5–32.
Rodríguez, M. 2017. Declaration by Miguel Rodríguez, Representative of Cuba, at the Final Session of Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.
Romanosky, S. 2019. Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process. Lawfare. https://www.lawfareblog.com/developing-objective-repeatable-scoring-system-vulnerability-equities-process.
Sauter, Molly. 2015. Show me on the map where they hacked you: Cyberwar and the geospatial internet doctrine. Case Western Reserve Journal of International Law 47: 63.
Schmitt, M.N., and L. Vihul. 2014. The Nature of International Law Cyber Norms. The Tallinn Papers 5: 1–31. https://doi.org/10.2307/1952804.
Schön, D.A. 1979. Generative Metaphor: A Perspective on Problem-Setting in Social Policy. Metaphor and Thought. https://doi.org/10.1017/CBO9781139173865.
SCO. 2009. Annex 1 to the Agreement Between the Governments of the Member States of the SCO in the Field of International Information Security.
Shimko, K.L. 1994. Metaphors and Foreign Policy Decision Making. Political Psychology 15 (4): 655. https://doi.org/10.2307/3791625.
Smith, B. 2017a. The Need for a Digital Geneva Convention – Microsoft on the Issues. Microsoft on the Issues. https://blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention/.
———. 2017b. The Need for Urgent Collective Action to Keep People Safe Online: Lessons from Last Week’s Cyberattack – Microsoft on the Issues. Microsoft one the Issues. https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.000bi5yyf12twdrz104kfp70qrzfk.
Taddeo, M. 2016. On the Risks of Relying on Analogies to Understand Cyber Conflicts. Minds and Machines. https://doi.org/10.1007/s11023-016-9408-z.
———. 2017. The Limits of Deterrence Theory in Cyberspace. Philosophy & Technology: 1–17. https://doi.org/10.1007/s13347-017-0290-2.
Taddeo, Mariarosaria, and Luciano Floridi. 2018. Regulate artificial intelligence to avert cyber arms race comment. Nature. https://doi.org/10.1038/d41586-018-04602-6.
Thibodeau, P.H., and L. Boroditsky. 2011. Metaphors We Think with: The Role of Metaphor in Reasoning. PLoS One. https://doi.org/10.1371/journal.pone.0016782.
UC-CERT. 2016. DNS Amplification Attacks|US-CERT. US-CERT. https://www.us-cert.gov/ncas/alerts/TA13-088A.
UNGA. 2015. Report of the Secretary General: Developments in the Field of Information and Telecommunications in the Context of International Security.
———. 2016. Report of the Secretary-General Developments in the Field of Information and Telecommunications in the Context of International Security.
———. 2017. Report of the Secretary-General Developments in the Field of Information and Telecommunications in the Context of International Security.
van der Dennen, J.M.G. 1995. The Origin of War. Groningen: University of Groningen.
Vee, A. 2012. Text, Speech, Machine: Metaphors for Computer Code in the Law. Computational Culture: A Journal of Software Studies 2:12
Wolff, J. 2014. Cybersecurity as Metaphor: Policy and Defense Implications of Computer Security metaphors. 2014 TPRC Conference Paper, 1–16. http://scholar.google.com/scholar?hl=en&btng=search&q=intitle:cybersecurity+as+metaphor:+policy+and+defense+implications+of+computer+security+metaphors+josephine#0.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Slupska, J., Taddeo, M. (2020). Generative Metaphors in Cybersecurity Governance. In: Burr, C., Milano, S. (eds) The 2019 Yearbook of the Digital Ethics Lab. Digital Ethics Lab Yearbook. Springer, Cham. https://doi.org/10.1007/978-3-030-29145-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-29145-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29144-0
Online ISBN: 978-3-030-29145-7
eBook Packages: Religion and PhilosophyPhilosophy and Religion (R0)