A few months ago, an NCSC customer contacted me to ask if we would consider making a small but significant change to some of the wording we use on the NCSC website. When she asked the question, I immediately smacked myself in the head for not thinking of it a long time ago. And I was really glad to say: yes, we will make this change straight away, and I'm sorry you had to come and ask us to do it.
It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. For instance, when talking about which applications you will allow or deny on your corporate network; or deciding which bad passwords you want your users not to be able to use.
However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. So in the name of helping to stamp out racism in cyber security, we will avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world - but to borrow a slogan from elsewhere: every little helps.
You may not see why this matters. If you're not adversely affected by racial stereotyping yourself, then please count yourself lucky. For some of your colleagues (and potential future colleagues), this really is a change worth making. From now on, the NCSC will use 'allow list' and 'deny list' in place of 'whitelist' and 'blacklist' on our website. Which, in fact, is clearer and less ambiguous. So as well as being more inclusive of all, this is a net benefit to our web content. We are editing our guidance across the website to update the terms, but if you do spot any in the meantime then please do contact us.
I hope that if you're seeking to make this, or similar changes in your own organisation, this blog post helps you to convince people around you that it's worth doing. And finally, a word from the NCSC's Technical Director Ian Levy (supported by the full NCSC Management Board): "If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother."