Social engineering in cybersecurity: The evolution of a concept

This paper offers a history of the concept of social engineering in cybersecurity and argues that while the term began its life in the study of politics, and only later gained usage within the domain of cybersecurity, these are applications of the same fundamental ideas: epistemic asymmetry, technocratic dominance, and teleological replacement. The paper further argues that the term's usages in both areas remain conceptually and semantically interrelated. Moreover, ignorance of this interrelation continues to handicap our ability to identify and rebuff social engineering attacks in cyberspace. The paper's conceptual history begins in the nineteenth-century in the writings of the economists John Gray and Thorstein Veblen. An analysis of scholarly articles shows the concept's proliferation throughout the early to mid-twentieth century within the social sciences and beyond. The paper then traces the concept's migration into cybersecurity through the 1960s-1980s utilizing both scholarly publications and memoir accounts - including interviews with then-active participants in the hacker community. Finally, it reveals a conceptual array of contemporary connotations through an analysis of 134 definitions of the term found in academic articles written about cybersecurity from 1990 to 2017.