This is the 42nd article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
By Ray Bernard, PSP, CHS-III
Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
All-in-one RWOB
MAXIMIZE YOUR SECURITY OPERATIONS CAPABILITIES
Upgrade your security operations effectiveness through Security Technology Strategic Planning. Provably get more for your company's security technology investment.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 Legacy: How you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1: Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2: A look at the different H.264 video frame types and how they relate to intended uses of video.
#51 H.264 - Part 3: Once seen as just a marketing term, ‘smart codecs’ have revolutionized video compression.
#52 Presence Technologies: The proliferation of IoT sensors and devices, plus the current impacts of the COVID-19 pandemic, have elevated the capabilities and the importance of presence technologies.
#53 Anonymization, Encryption and Governance: The exponential advance of information technologies requires an exponential advance in the application of data protection.
#54 Computer Vision: Why a good understanding of the computer vision concept is important for evaluating today’s security video analytics products.
#55 Exponential Technology Advancement: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#56 IoT and IoT Native: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#57 Cloud Native IoT: A continuing look at what it means to have a 'True Cloud' solution and its impact on today’s physical security technologies.
#58 Bluetooth vs. Bluetooth LE: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#59 LPWAN - Low-Power Wide Area Networks: Emerging IoT smart sensor devices and systems are finding high-ROI uses for building security and safety.
#60 Edge Computing and the Evolving Internet: Almost 15 billion personal mobile devices and over 22 billion IoT devices operating daily worldwide have shifted the Internet’s “center of gravity” from its core to its edge – with many implications for enterprise physical security deployments
#61 Attack Surface: (Published as a Convergence Q&A Column article)An attack surface is defined as the total number of all possible entry points for unauthorized access into any system.
#62 Autonomous Compute Infrastructure: We’re on the brink of a radical new approach to technology, driven by autonomous operations.
#63 Physical Security Watershed Moment: We have reached a juncture in physical security technology that is making most of our past thinking irrelevant.
#64 Access Chaos: For 50 years we have had to live with physical access control systems that were not manageable at any large scale.
#65 AI and Automatiom: Will engineering talent, business savvy and capital investment from outside the physical security industry bring technology startups that transform reactive security to proactive and preventive security operations?
#66 Interoperability: Over the next five years, the single greatest determinant of the extent to which existing security industry companies will thrive or die is interoperability.
#67 AI Model : One key factor affects the accuracy, speed and computational requirements of AI
#68 Interoperability – Part 2: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#69 Interoperability – Part 3: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#70 Operationalizing AI: AI is not a product, but a broad category of software that enables products and systems to do more than ever before possible. How do we put it to good use?
#71 Shallow IT Adoption – Part 1: It’s not just about being IT compliant, it’s also about leveraging IT capabilities to properly serve the needs and wants of today’s technologically savvy customers.
#72 E-waste – an important security system design issue: Now e-waste is an important design issue not just because of growing e-waste regulations, but because educated designers can save enterprise security system customers a lot of money.
#73 LRPoE - Long Reach Power over Ethernet: A dozen factors have improved the business attractiveness of network cameras, making it more desirable to place cameras further from existing IT closets than the 328 foot limitation of standard Ethernet cable.
#74 NIST Declares Physical Access Control Systems are OT: Does it really mean anything that OT has joined the parade of labels (IT, IoT, and then IIoT) variously getting applied to security systems?
#75 Future Ready: Google sees the term "future-ready" trending up across many subject domains. But does that term apply to the physical security industry and its customers?
#76 Data KLiteracy: AI needs data. Thus, the ability of any department or division in an organization (including security) to use AI effectively depends on its ability to effectively obtain and utilize data – including security.
#77 Security Intelligence (upcoming): AI brings two kinds of intelligence to physical security systems – people bring the third.
More to come about every other week.
I was recently told that I shouldn’t use the word Cyberspace, because it’s an outdated term. I couldn’t disagree more. However, I do agree that a lot of our thinking about some “cyber” terms is a bit outdated because it relates to an earlier less-developed state of Cyberspace – not what we have today or will have tomorrow.
For example, Cybernaut, is a portmanteau of cyberspace and astronaut. It originally referred to a computer user who uses the internet; someone who explores cyberspace. A more up-to-date definition has been added by the English Oxford Living Dictionaries, who now provide us with two definitions:
- An expert or habitual user of the Internet.
- A person who uses computer technology and sensory devices to experience virtual reality.
There isn’t a word yet for a person who uses portable/wearable/embedded technology to experience augmented reality. Not to be confused with virtual reality, augmented reality is used to enhance natural environments or situations and offer perceptually enriched experiences. With the help of advanced AR technologies (e.g. adding computer vision and object recognition) the information about the surrounding real world of the user becomes interactive and digitally manipulable. AR technology provides points of intersection between physical space and cyberspace. We’ll talk more about cyber/physical intersection points later in this discussion.
Cyber and Cyberspace
Like how the definition of Cybernaut has evolved, we must now clarify our definitions of Cyber and Cyberspace, which is the objective of this article.
In our current age of exponential technological advancement, the primary factor that will limit the advance of technology in any industry – including the physical security industry – will be our own legacy thinking and our failure to move past it quickly enough.
The purpose of this article is to clearly define the two terms Cyber and Cyberspace, and then use them to discuss the operational impacts and risks and the technology infrastructure concerns that that are relevant to our spheres of cyber and physical security responsibility.
As defined in this article, the terms Cyber and Cyberspace will remain critically important for most industries for the foreseeable future, and especially for the information technology (IT) and operational technology (OT) domains. Wikipedia defines Operational Technology as the hardware and software dedicated to detecting or causing changes in physical processes through direct monitoring and/or control of physical devices such as valves, pumps, etc. Gartner extends that definition to be: is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise. That extended definition is also especially relevant to smart cities. Operational Technology and Smart Cities will be the subjects of future Real Words or Buzzwords? articles.
Cyber
The term Cyber has evolved significantly over time, with many people widening and narrowing their definitions as fits their usage in specific fields of application. Cyber is a shortened form of Cybernetics, a word with a long and wide history documented on Wikipedia. It started out with Plato’s use of Cybernetics as a term to describe self-governance of people, and over time the word was applied to any system of self-control, thus encompassing systems in mechanical, electrical and biological engineering. The definition further evolved to mean the study of human control functions and of mechanical and electronic systems designed to replace them.
Initially that meant industrial control systems replacing human labor and human supervision. Later it evolved to also mean technology intended to replace or enhance human body functions, such as prosthetic limbs. That’s quite an evolution in meaning, and the evolution continued on from there.
In 1948 Norbert Wiener defined cybernetics as “the scientific study of control and communication in the animal and the machine.” This was the first public usage of the term to refer to self-regulating mechanisms.
The shortened form “cyber” began to appear in science fiction, particularly as “Cyborg” (short for cybernetic + organism), referring to a fictional person whose physical abilities are extended beyond normal human limitations by electro-mechanical elements built into the body. 1996 saw cybermen in the television show Dr. Who. Martin Caidin published his novel Cyborg in 1972, which served as the inspiration for the television shows The Six Million Dollar Man and The Bionic Woman, followed by the shortening of Cyborg to simply Borg for the Star Trek television series. In 2005 George P. Landow wrote, “Cyborgs actually do exist; about 10% of the current U.S. population are estimated to be cyborgs in the technical sense, including people with electronic pacemakers, artificial joints, drug implant systems, implanted corneal lenses, and artificial skin.” In 2010 the nonprofit Cyborg Foundation was created for advocacy in science and in art of the union of cybernetics and organisms.
Early on the term Cybernetics was associated with self-managing groups of people, and then with self-managing technology for communication and control. Thus, thanks to its evolving various usage, the term Cyber now has two basic definitions.
Cyber – adjective
- Cultural: relating to, or characteristic of, the culture of computers, information technology, virtual reality, the Internet and its users. (e.g. cyber geek, cyber crime, cyber café, cyber Monday, cyber friend)
- Technical: relating to computers, electronic data storage, and computer networks; especially the Internet and its cloud-based applications, platforms and infrastructure; as well as the information being stored, shared or transmitted by any of the connected technology. (e.g. cyber skills, cyber security, cyber resilience)
Cyber is also used as an adjectival prefix, meaning that it is combined with another word it describes to make a single word, such as: cybersecurity, cyberattack, and cybercafé.
Today, the predominant use of the term Cyber is for its technical definition, with the cultural definition falling out of use. So, if you think of Cyber as meaning computer, network or Internet-related, you’ll be on the right track. Further nuances from that initial consideration should be apparent from how the term is used.
Cyberspace
As I mentioned earlier, someone recently told me that the term Cyberspace was outdated and really shouldn’t be used anymore because it is too fuzzy and means too many things to too many people. So, I reviewed the edit history of the Wikipedia Cyberspace article and found that throughout its more than 500 revisions over the past 18 years, the definition has swung back and forth between two meanings. First, cyberspace was considered to be an entirely notional concept, meaning existing only as an idea in people’s minds, like the expression “meeting in cyberspace”. At that time a cyberspace meeting was the Internet equivalent of a telephone conference call only via typing in a “chat room” instead of using voice communication. This was a decade before Facebook and Twitter. “Getting on the Internet” was a specific action accomplished via telephone dial-up, with connection rates charged by the minute or hour. There were no 24/7/365 Internet connections.
An Internet connection was a momentary thing, a very tiny part of real life. At the time the Internet was considered a physical thing, and cyberspace was considered a non-physical thing separate from “real life.” Cyberspace was considered to exist primarily in the minds of its users, who shared thoughts in real time via chat, supplemented by sharing web pages, document files and photos.
The World Wide Web was new with many aspects of it still emerging. The term cyberspace was used to describe the online “space” where the communication and data sharing took place instead of a physical world location. Initially “chat rooms” and “news groups” were for special interest groups who communicated by typed data mostly, as photos took a relatively long time to upload via a dial-up modem connection.
What initially helped perpetuate the notion of cyberspace was the idea that electronic mediums performed the same function as physical mediums and replaced them. Email replaced paper letters. Notes on electronic bulletin boards replaced paper notes. E-books replaced physical books. Thus, cyberspace was a place where virtual equivalents of the physical world existed. All physical objects have or could have a cyber object counterpart in cyberspace.
For over a decade, the content of cyberspace was a representational subset of things that existed in physical space. Cyberspace was something that people sampled, experienced, or interacted with via passive or slightly interactive web pages. It couldn’t directly impact the physical world, and so was considered a separate thing from physical space. I call this Cyberspace 1.0.
The level of World Wide Web technology used by Cyberspace 1.0 was Web 1.0, and I have chosen to maintain a correspondence in this article between the numbered levels of Web technology and the related levels of Cyberspace technology.
Approaching and after the year 2000, Web 2.0 introduced web applications, which were software programs running on web servers. People began interacting with graphically rich interactive applications at the same time as Internet and local network bandwidth increased after the year 2000. Social media and Internet retail commerce evolved and grew. This was called Web 2.0 and its users interacted via Cyberspace 2.0 when they “went online.” (Cyberspace 2.0 is described in the next Cyberspace article.)
In the meantime, programmable machine automation began arriving to manufacturing and building controls starting in the 1960s. It spread in the 1970s to building automation controls. Information technology convergence propelled both manufacturing and building automation forward with more powerful computer chips, advances in circuit board manufacturing, PCs and networking. Factory and building automation evolved and grew around the same time as the Web was growing.
Universities needed new terminology for research into computer systems that interacted with physical things. The term “cyber-physical systems” emerged around 2006, when it was coined by Helen Gill at the National Science Foundation in the United States. The “cyber” in “cyber-physical” doesn’t refer to cyberspace, but instead stems cybernetics as referring to self-regulating mechanisms. That’s the category of technology into which current day manufacturing systems, building control systems, heart pacemakers, robotic vacuum cleaners, robotic surgery systems, autonomous vehicles and the like fall.
Nowadays, however, many modern cyber-physical systems also have connections into cyberspace, so in the case of many cyber-physical systems we now must take cyberspace connections into account, although that’s not what university cyber-physical systems research is about.
Cyber-Physical Systems
I’ve been in touch with Dr. Edward Lee regarding his Ptolemy Project at the University of California at Berkeley. They have produced a Cyber-Physical Systems Concept Map which, of course, includes physical security as well as application areas where security video cameras are put to other uses, such as transportation and automated traffic control systems.
The Ptolemy Project website states: “A cyber-physical system (CPS) is an integration of computation with physical processes. Embedded computers and networks monitor and control the physical processes, usually with feedback loops where physical processes affect computations and vice versa. As an intellectual challenge, CPS is about the intersection, not the union, of the physical and the cyber.”
When I first read the sentence that I italicized above, my thoughts jumped back to the cyberspace topic, and I recognized that statement as making a critically important distinction, as you will see as this article continues. Many writers have stated that cyberspace and physical space are merging. While that concept suffices for many discussions, it is not accurate enough to foster the kind of thinking required to understand the dynamics involved in the billions of cyber-physical intersection points that exist today, which are estimated to soon grow to 29 billion points by 2022.
Our physical security systems currently provide hundreds of millions of those cyber-physical intersection points, and that number will grow into the billions within the next decade. What’s even more important is that the nature of those future intersection points – and the ways and extents to which they will interact with people, buildings and machinery – would be mind-boggling if we could see it all now.
That’s where Part 2 of our Cyberspace discussion goes in detail, including emerging physical security technologies and the role of artificial intelligence. You will happily take these ideas with you to the ASIS GSX conference in Chicago in September.
Cyber-Physical Systems Special Note: I have put together an outstanding panel of experts whom I’m moderating for a special session at the September ASIS GSX event in Chicago. Here is a short description of that session.
The Flat and the Furious
Session # 6210 on Wednesday, September 11 from 2:15 p.m. to 3:15 p.m.
Global cyber-physical gamers can seriously kick your assets and disappear into thin air! Thomas Friedman’s best-selling book – The World is Flat – doesn’t mention cyber-risk or the Internet of Things. Yet today our super-flattened physical world is cyber-activated with over 23 billion cyber-physical touchpoints.
Being furious in the cyber world has levels of energy, violence and intensity of scale and speed that you don’t want coming at your physical world assets. Don’t have your security cameras hijacked and weaponized for cyber-attacks, or your factory machinery or cars going wild. Cyber-physical experts (security, insurance and technology) explain where cyber-physical threats and counter-measures are going and how you can and must cover your assets now.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.
© 2019 RBCS