In the United States, October is National Cybersecurity Awareness Month. Started in 2004, the event spotlights educating the population on cybersecurity threats and the importance of staying safe online. It’s a collaboration between the Department of Homeland Security, the National Cyber Security Alliance, and the Multi-State Information Sharing and Analysis Center.
A decade ago, we were just becoming aware of the benefits and risks of operating in a connected world. The massive credit card and identity theft heists of TJ Maxx and Heartland Payment Systems had not happened yet. While we’d seen computer viruses and other attacks since the late 1980s, we neither anticipated nor understood the massive risks that an online, connected world produces.
In 2004, Windows XP was a new and mistrusted product. Microsoft, smarting from the embarrassment of Windows 2000’s security lapses, had gone back to the drawing board to redesign a product with security in mind. Even then, it took two service packs and a completely rewritten Internet Explorer to make a stable product. In early 2014, Microsoft will stop support for Windows XP.
A decade later, tablets run the risk of being bought more than traditional PCs. Samsung sold 70,000,000 (yes, that’s million) smartphones in the second quarter of 2013, eclipsing Apple’s 25,000,000. In the first quarter of 2013, consumers and business bought an astounding 49.2 million tablets.
“So, Bob, what does this have to do with cybersecurity awareness?”
“Everything.”
We live in a society tied to our smartphones and tablets, and our connectivity to our social networks, streaming media, and e-mail is part of daily life. Words such as phishing, botnets, and cybercrime are now part of our vocabulary.
So, a little bit of history…
When President Obama was elected, he worked with the administration of President Bush to start a Comprehensive National Cybersecurity Initiative (CNCI). The United States government had just suffered several major cybersecurity breaches, including the conficker attack against Central Command in Afghanistan, leading to the total banning of USB sticks within the US Department of Defense. Hackers had just shut down the power grid in the province of Espiritu Santu in Brazil, and a credit card heist had just taken place in 25 countries simultaneously.
The CNCI resulted in 12 programs. One of them (Initiative 8) included cybersecurity education, and another (Initiative 12) supported outreach to the business community.
Initiative 8 addresses the facts that there aren’t enough cybersecurity experts throughout government and industry and that there isn’t an established federal cybersecurity career field. According to the CNCI website, “In order to effectively ensure our continued technical advantage and future cybersecurity, we must develop a technologically skilled and cyber-savvy workforce and an effective pipeline of future employees.”
Initiative 12 defines the federal government’s role in cybersecurity and critical infrastructure. Our nation’s power, water, communications systems, and other infrastructure are dependent on the information systems that run them. Through this initiative, the Department of Homeland Security works with the private and public sectors to “address security and information assurance efforts across the cyber infrastructure to increase resiliency and operational capabilities throughout the Critical Infrastructure and Key Resources (CIKR) sectors.”
An outgrowth of this is the National Initiative for Cybersecurity Education (NICE), “a national campaign designed to improve the cyber behavior, skills, and knowledge of every segment of the population, enabling a safer cyberspace.”
NICE emphasizes:
- Awareness
- Education
- Workforce structure
- Training and professional development
The awareness and education missions serve to “elevate cybersecurity awareness and help affect a change in the American public to adopt a culture of cyberspace security and to build a competent cybersecurity workforce.”
The workforce framework defines categories and specialty areas, grouping similar work in cybersecurity, along with the knowledge, skills, and abilities (KSA) to carry out typical cybersecurity operation.
In honor of National Cybersecurity Awareness Month, I encourage you to take some time to focus on your responsibility and role in protecting the Internet. Investigate the NICE website and learn what you can do to “adopt a culture of cyberspace security.”