Enable breadcrumbs token at /includes/pageheader.html.twig

It’s Back To Basics for Cybersecurity

Some simple, straightforward measures can improve conditions considerably—if the nation commits to them.

With all of the public and media attention around high profile cyber attacks such as the Office of Personnel Management (OPM) breach and the Sony hack, it is easy to understand why many in government, as well as others, continue to focus on the consequences associated with major cybersecurity events.

However, often lost in the discussion is recognition and acknowledgement that approximately 80 percent of exploitable vulnerabilities in cyberspace are the direct result of poor or no cyber hygiene—the basic fundamental measures that will improve any user’s cyber protection profile regardless of their level of sophistication. From home users to small businesses and even larger enterprises, protection steps that are low cost or even no cost will raise the level of cybersecurity and make the job of the bad guys more difficult and more expensive.

When President Barack Obama commissioned a cybersecurity review soon after taking office, the results delivered the “Cyberspace Policy Review–Assuring a Trusted and Resilient Information and Communications Infrastructure” in May 2009, which included near- and longer-term action items. The sixth item in the near-term action plan was to: “Initiate a national public awareness and education campaign to promote cybersecurity.”

While the U.S. Department of Homeland Security’s “Stop…Think… Connect” campaign and the National Cyber Security Alliance’s “Stay Safe Online” efforts each have contributed important elements to the foundation of a national campaign, much more work should and needs to be done to scale these initiatives to have an ongoing national effect. Other models also exist today, such as the U.K. “Get Safe Online” that can help buttress this important effort.

Leadership from the White House, Congress, industry, media, nonprofits and other stakeholders, as well as state, local, tribal and territorial governments, can generate a comprehensive, sustained and broadly embraced effort to produce meaningful results in raising the bar of cybersecurity, thereby improving our nation’s security and resilience.

A collaborative consortium of citizen-facing government department and agencies; trade associations across a wide range of industry sectors; print, broadcast, online and social media enterprises; K-12 and higher education; nonprofit organizations of all types; and many others could leverage their existing communications networks to help educate their constituents and members about how to protect themselves better in cyberspace. Sadly, we have plenty of history and examples now to dissuade the notion that “it can’t happen to me.” The seeds of creativity drive the imagination to consider how we all can contribute to making a difference in cybersecurity.

This in no way intends to suggest diverting attention from the important work to improve detection, prevention, mitigation and response to the more sophisticated and dangerous cyber attacks that could imperil our nation’s critical infrastructure and our everyday way of life. However, our efforts to disrupt activities by cyber criminals, nation states and even terrorists should not cause us to ignore the 80-percent cyber hygiene factor. If we are successful in raising the bar of cyber protection, it will make the nefarious efforts of adversaries more difficult and more expensive. As a nation, we are only as strong as our weakest link, and collectively we must remain committed to teaching folks about those basic cyber protection measures that will improve their overall cyber protection profile.

This effort will not happen overnight. But it is way past time to accelerate the implementation of near-term action item six from more than seven years ago in 2009 and build on the good work that has formed the foundation for a comprehensive and sustained national campaign.

Imagine for a moment that the White House issued an executive order directing every federal department and agency that has a citizen-facing website to include a link to Stay Safe Online, pointing folks to information about cyber protection. That is leadership and certainly not a heavy lift.

Imagine if every member of Congress added a link to Stay Safe Online on their constituent website’s home page. Directing visitors to a site where they can obtain information about cyber protection. That is leadership by example and certainly not a heavy lift.

Imagine if businesses, trade associations, chambers of commerce, nonprofit groups and so many other stakeholders simply included a link on their website or reference in their newsletters or other print/online/social media communications conduits to Stay Safe Online, leveraging the current and emerging content that addresses a wide range of users and basic protection measures. Many folks just do not know what to do and pointing them to a site where they can get information will help clarify much confusion.

Imagine the momentum of public service announcements pointing users to where they can get information about how to protect themselves in cyberspace—television, radio, movies, online social media all directing viewers and listeners to where they can get information about basic cyber protection measures.

The AFCEA International Cyber Committee has published a white paper, “Driving Cybersecurity Awareness Home!,” that examines an approach to this opportunity in greater detail.

October is designated as Cybersecurity Awareness Month. Let us all work together to join in an effort to drive enhanced education and awareness nationally and across cyber user and stakeholder communities for a collaborative effort to make our nation safer and more secure. We can make a difference starting today. Let’s get to it!

Robert B. Dix Jr., is the vice president, Global Government Affairs and Public Policy, for Juniper Networks.