author photo
By Bruce Sussman
Thu | May 7, 2020 | 5:30 AM PDT

Is this a case of political correctness run amok, or an idea that is long overdue? 

Keep reading to form your own opinion on this one.

Security agency will stop using 'racist' cybersecurity terms

The United Kingdom's National Cyber Security Centre (NCSC) announced a few days ago that it is changing the way it talks about the good and the bad in cybersecurity. And it is doing so because it believes certain terms reinforce racism.

The NCSC says it will stop using the terms "white list" for good or permitted things in cybersecurity.

And likewise, it will no longer say "black list" when talking about bad or banned things in cybersecurity.

The agency's Head of Advice and Guidance explains how this came about:

"A few months ago, an NCSC customer contacted me to ask if we would consider making a small but significant change to some of the wording we use on the NCSC website. When she asked the question, I immediately smacked myself in the head for not thinking of it a long time ago. And I was really glad to say: yes, we will make this change straight away, and I'm sorry you had to come and ask us to do it.

It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. 

However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. So in the name of helping to stamp out racism in cyber security, we will avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world - but to borrow a slogan from elsewhere: every little helps."

What are the new cybersecurity terms?

Since "white list" and "black list" are out at the NCSC, what will the agency go with from here on out? 

It will now use the terms "allow list" and "deny list" instead. And agency employees are even going so far as to edit the agency website to insert these new terms where the older descriptions were originally used.

These are certainly simple terms that require no translation for business leaders or end-users. Perhaps some of the 70 cybersecurity acronyms on this list could also use some simplification.

But does this particular change in terms matter? 

The NCSC's Head of Advice and Guidance argues that the decision makes sense, and if you disagree, don't bother contacting the agency:

"I hope that if you're seeking to make this, or similar changes in your own organisation, this blog post helps you to convince people around you that it's worth doing.

And finally, a word from the NCSC's Technical Director Ian Levy (supported by the full NCSC Management Board): 'If you're thinking about getting in touch saying this is political correctness gone mad, don't bother.'"

Back to our original question now: is this a case of political correctness run amok, or an idea that is long overdue? Let us know what you think in the comments below.

Tags: Cybersecurity,