People need to help defend against cyber attacks

Tuesday, April 13, 2010 @ 05:04 PM gHale

The nation’s cyber security is under threat because a key factor in establishing it is not emphasized enough: Citizen awareness and participation.

People need to be a part of the protection process and that currently does not happen, said University of Cincinnati Political Science faculty members Richard Harknett and James Stever. They made the comparison of the Civil Defense efforts developed at the advent of the era of atomic weapons.[private]

Harknett and Stever said a three-pronged approach to cyber security is necessary: The ideas of coordination within government agencies and also between government and business interests surface in almost every discussion on the topic, but the third leg –the public’s role they can play in cyber security – rarely gets mentioned.

“The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government must respond,” wrote Harknett and Stever in a paper on the subject. As an example, they cite the hijacking last July of up to 50,000 computers for use in a botnet denial-of-service attack on Web sites operated by the U.S. and South Korean governments.

These kinds of threats are the weakest link in our national cyber security, they said. The potential is there through cyber attack to, as an example, target the nation’s electric grid or financial transaction records.

“Any awareness campaign that remains seated in only self-interest (i.e. if you do not protect yourselves bad things will happen to you) will not establish this critical third leg of the cyber security triad,” Harknett and Stever write. Computer users need to be made to understand that, in the networked age of the Internet, the implications of their not adhering to safe computer practices regarding passwords, security software and downloading protocols can open a door for those with much more malicious goals than just infecting individual computers with viruses or spyware.

What Harknett and Stever are recommending is a widespread effort to remold how people view cyberspace. The current view of cyberspace as a private concern needs to be replaced with an attitude that cyberspace is a public good. As they put it, “the key reorientation of any cyber awareness plan must hinge on the notion of active participation in enhancing national security as a civic duty.”

The goal would be changes in behavior by all American computer users. The effort should go so far as making secure computing practices a part of what young computer users learn in school.

As an example of what needs to be done, Harknett and Stever cite the onset of Civil Defense planning in the 1950s. The key difference, though, is what motivated Americans in the 1950s was they understood the perils posed by nuclear weapons. People today don’t yet understand the downside risks that could come from a cyber attack.

“The ubiquity of computer technology throughout the civilian population will require full societal engagement if the national objective is a secure cyberspace. As the digital environment grows in scale and scope, so too will the need for a cyber civic culture to emerge to manage it,” Harknett and Steve wrote. “Ironically, because the citizenry is less conscious of the cyber than the nuclear threat (as national security threat), a much greater degree of civic mobilization and understanding will be required to face this 21st Century challenge.”

To view their paper, go to: “The Cybersecurity Triad: Government, Private Sector Partners and the Engaged Cybersecurity Citizen” .[/private]

Leave a Reply

You must be logged in to post a comment.