Today, the word “cyberspace” is used in many contexts, but it is not always clear what exactly that term describes and what it means. In this post we will compare the definitions of cyberspace from several sources with the purpose of establishing a range of notions as to what cyberspace is and to derive its ontology. Sources are relevant entities like national or regional government, standardization bodies, and dictionary.
The reason why the term “cyberspace” is chosen is that all other terms (e.g., cyber security, cybercrime, cyberwar, cyberterrorism, etc.) are based on, or derived from, cyberspace itself. Therefore, cyber security is security of cyberspace. Cybercrime is crime committed within cyberspace or where elements from/of cyberspace are used as a vehicle to commit a crime, and so on for other derived terms.
What is the problem of having multiple definitions? If disparate definitions are used in a discussion then it is a priori impossible to reach a conclusion that is meaningful, correct and complete for the involved parties. For example, if one definition focuses only on hardware (e.g., computers, mobile phones, networking devices, etc.) but ignores data and another definition does the opposite, then whatever a conclusion from one side would make little sense for the other side. And things can get even worse as many documents simply use the expression cyberspace without actually defining it. One example of such a document is “Information Security Strategy for Protecting the Nation” by Information Security Policy Council, Japan, which unfortunately is not the only of its kind. This lax use of terms leaves too much open space for interpretation and misunderstanding.
Is it possible to operate in a world with many, possibly disparate, definitions of cyberspace? It is possible but it is harder than it should be. It is a bit easier if the involved parties are aware that the definitions used by both sides are not identical and if they take into account these differences. This document will provide a basis for understanding these differences and should act as a catalyst towards a single definition.
In order for a definition to be considered for inclusion into this post a definition must satisfy two conditions: it must have an official definition and it must be made by a respectable entity. For this purpose we define “official” as being presented in a high level document that is used as the basis for developing policies and is prevalent for a given organization/region. Entities like governments and standardization setting bodies are considered to be respectable in a sense that they influence the thinking and behaviour of a multitude of organizations.
Given the amount of material related to cyberspace one would think that it should be relatively easy to find definitions of what cyberspace is, but that is not necessarily the case. The biggest limitation is my knowledge of foreign languages so I have relied on help from other people when searching for the information in native tongues. What must be stressed is that if an official definition of a cyberspace was not located for a given country that does not necessarily means that the definition does not exist. It is likely that I and people who are helping me were simply unable to locate it.
Another problem is how the term cyberspace is written. The Oxford dictionary says that it is a single word -- cyberspace -- but not everyone follows that. Some are using two words “cyber space” or putting a hyphen in between the words “cyber-space”. Capitalization of the term also varies. Sometimes cyberspace is written in all lowercase and sometimes it will be written with a capital ‘C’.
A note of interest is that not all countries appear to have an official definition of cyberspace. China and Japan are such examples. Apparently they do not have a prevalent definition of what is cyberspace but each part of the government uses its own definition. Overall, it seems that very few governments do have an official definition of cyberspace. It also has to be noted that in a few cases the definition of cyberspace was derived from the term “cyber security.” In these instances it was taken that “cyber security” means “security of cyberspace.”
The list of governments and organizations whose definitions of cyberspace have been identified are as follows:
- The Netherlands
- New Zealand
- United Kingdom
- United States
- European Union
- International Telecommunication Union -- Standardization (ITU-T)
To that list we added a definition from the Oxford English Dictionary as the reference dictionary for the English language. The definitions are listed at the bottom of this post.
The next step is further analysis of the key elements from all definitions. It is possible to condense some of the key elements under a single keyword (e.g., for both ‘virtual space’ and ‘electronic world’ we can simply use the keyword ‘virtual’). This condensing then leaves us with the following keywords:
In turn, this resulting set of keywords could be divided into three broad categories: tangibles, intangibles and network-related items. The table below depicts all keywords and categories for all definitions. Again, it is important to emphasize that neither the keywords nor the categories were set in advance but they are derived from the given definitions. Therefore, it is possible that a new definition may contribute a new keyword or even a new category.
Based on the keywords and categories extracted from the definitions we can construct the following table that shows how and where definitions differ from each other.
Without questioning the validity of the definitions of cyberspace, we can make the following observations based on the information presented in the table above:
- Virtually all definitions agree that cyberspace includes tangible elements. This would imply that cyberspace can not exist without tangible elements.
- Virtually all definitions agree that cyberspace must include information. Information can either be stored data, signaling between processes and/or devices or as a content that is being transmitted.
- Cyberspace includes tangibles but, at the same time, it is also virtual.
- Only a few definitions consider activities and interactions (within cyberspace) part of cyberspace.
- Probably contrary to popular beliefs, networks and Internet are not necessarily part nor are required for cyberspace but they are still ‘desired.’ Interconnectedness seems to have an equal weight as the Internet itself.
In conclusion we can say that different organizations have adopted different definitions of what cyberspace means. Some of them -- like the EU -- do not have an official definition at all, but that does not prevent it from discussing the term. The definition used for this article is taken from the archived glossary.
It is important to use a single (preferred) or homologous definitions when discussing cyberspace in order to avoid confusion and help to provide an understanding between parties. Failing that, the involved parties should each state their definition of cyberspace so that they can better understand each other’s position.
This post is an attempt to produce an ontology of cyberspace using definitions of cyberspace created by multiple national government and relevant international bodies.
Dictionary, Oxford English Dictionary, 2009 Edition
The space of virtual reality; the notional environment within which electronic communication (esp. via the Internet) occurs.
Australia, Cyber Security Strategy -- An Overview, 2009
Cyber security refers to the safety of computer systems – also known as information and communications technologies (or ICT).
Canada, Canada’s Cyber Security Strategy, 2010
Cyberspace is the electronic world created by interconnected networks of information technology and the information on those networks. It is a global commons where more than 1.7 billion people are linked together to exchange ideas, services and friendship.
The Netherlands, The National Cyber Security Strategy, 2011
Cyber security is to be free from danger or damage caused by disruption or fall-out of ICT or abuse of ICT. The danger or the damage due to abuse, disruption or fall-out can be comprised of a limitation of the availability and reliability of the ICT, breach of the confidentiality of information stored in ICT or damage to the integrity of that information.
Germany, Cyber Security Strategy for Germany, 2011
Cyberspace is the virtual space of all IT systems linked at data level on a global scale. The basis for cyberspace is the Internet as a universal and publicly accessible connection and transport network which can be complemented and further expanded by any number of additional data networks. IT systems in an isolated virtual space are not part of cyberspace.
New Zealand, New Zealand Cyber Security Strategy, 2011
The global network of interdependent information technology infrastructures, telecommunications networks and computer processing systems in which online communication takes place.
United Kingdom, The UK Cyber Security Strategy, 2011
Cyberspace is an interactive domain made up of digital networks that is used to store, modify and communicate information. It includes the internet, but also the other information systems that support our businesses, infrastructure and services.
United States, National Security Presidential Directive 54/Homeland Security Presidential Directive 23, 2008
Cyberspace is defined as the interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. Common usage of the term also refers to the virtual environment of information and interactions between people.
European Union, Glossary | Europa -- Information Society (Archived), unknown year
Word invented by the writer William Gibson in his play “le Neuromacien”. It describes the virtual space in which the electronic data of worldwide PCs circulate.
ITU, ITU-T Recommendation Rec. ITU-T X.1205 (X.cso), 2008
Technologies, such as wireless networks and voice-over-IP (VoIP), extend the reach and scale of the Internet. In this regard, the cyber environment includes users, the Internet, the computing devices that are connected to it and all applications, services and systems that can be connected directly or indirectly to the Internet, and to the next generation network (NGN) environment, the latter with public and private incarnations. Thus, with VoIP technology, a desk telephone is part of the cyber environment. However, even isolated devices can also be part of cyber environment if they can share information with connected computing devices through removable media.
The cyber environment include the software that runs on computing devices, the stored (also transmitted) information on these devices or information that are generated by these devices. Installations and buildings that house the devices are also part of the cyber environment.
ISO/IEC, ISO/IEC 27032 Guidelines for cybersecurity (DRAFT), 2011
The complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form
 Canada, “Canada’s Cyber Security Strategy.”2010. [Online]. Available: http://www.publicsafety.gc.ca/prg/ns/cbr/_fl/ccss-scc-eng.pdf [Accessed: 2012-Feb-12].
 Australia, “Cyber Security -- An Overview.” 2009. [Online]. Available: http://www.ag.gov.au/Documents/Cyber%20Security%20-%20An%20Overview%20(Brochure-Booklet).pdf [Accessed: 2012-Feb-12].
 The Netherlands, “The National Cyber Security Strategy (NCSS).” [Online]. Available: http://english.nctb.nl/Images/cyber-security-strategy-uk_tcm92-379999.pdf [Accessed: 2012-Feb-12].
 Germany, “Cyber Security Strategy for Germany.” Feb-2011. [Online]. Available: http://www.cio.bund.de/SharedDocs/Publikationen/DE/Strategische-Themen/css_engl_download.pdf?__blob=publicationFile [Accessed: 2012-Feb-12].
 United Kingdom, “The UK Cyber Security Strategy.” Nov-2011. [Online]. Available: http://www.cabinetoffice.gov.uk/sites/default/files/resources/uk-cyber-security-strategy-final.pdf [Accessed: 2012-Feb-12].
 United States, “Cyberspace Policy Review.” Jan-2008. [Online]. Available: http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf [Accessed: 2012-Feb-12].
 Ottis R., Lorents P., “Cyberspace: Definition and Implications.”, Proceedings of the 5th International Conference on Information Warfare and Security, 2010. [Online]. Available: http://www.ccdcoe.org/articles/2010/Ottis_Lorents_CyberspaceDefinition.pdf [Accessed: 2012-Feb-12].
 European Union, “Position of the European Union for the purpose of the conference ‘Forum for 21st Century’.” Nov-2011. [Online]. Available: http://www.negociacie.euba.sk/doc/security-pos2-eu.pdf [Accessed: 2012-Feb-12].
 European Union, “Help: Glossary | Europa -- Information Society ‘C’ (archived).”[Online]. Available: http://ec.europa.eu/information_society/tl/help/glossary/index_en.htm#c [Accessed: 12-Feb-2012].
 ISO/IEC, “ISO/IEC FCD 27032 -- Information technology — Security techniques — Guidelines for cybersecurity,” Oct-2011. [Online]. Available: http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=44375. [Accessed: 12-Feb-2012].
 ITU-T, “ITU-T Recommendations X.1205 (X.cso),” Apr-2008. [Online]. Available: https://www.itu.int/itu-t/recommendations/rec.aspx?id=9136. [Accessed: 12-Feb-2012].
 New Zealand, “Cyber security | Ministry of Economic Development.” Jun-2011. [Online]. Available: http://www.med.govt.nz/sectors-industries/technology-communication/cyber-security. [Accessed: 12-Feb-2012].
 Japan, “Information Security Strategy for Protecting the Nation”, Information Security Policy Council, May-2010. [Online]. Available: http://www.nisc.go.jp/eng/pdf/New_Strategy_English.pdf