❮   HOME

When it Comes to Cybersecurity, We Need a Citizens Corps

When it Comes to Cybersecurity, We Need a Citizens Corps

A plane crashing into a Pennsylvania field on 09/11. The Times Square bombing. The Nigerian underwear bomber. All attempted terrorist attacks thwarted in part due to the bravery and quick-thinking of ordinary Americans. We owe much of our homeland security to those who are aware of their surroundings, and ready to act to prevent violence and destruction.

As the transnational threats to American security multiply, our reliance on an informed, engaged population – a citizens corps – will only grow. And there are few areas where civic engagement and vigilance is more urgently needed than in the realm of cyber-security.

A new report sites cyberwarfare as the biggest single emerging threat to national security and predicts that global spending in 2011 will reach $12.5 billion. The Pentagon’s second-in-command, Deputy Secretary William J. Lynn III recently wrote in Foreign Affairs that more than 100 foreign intelligence organizations are trying to hack into the military’s digital networks.

There is do doubt that government plays a leading role in keeping America safe. The Transportation Security Administration has full body scanners at airports, the Center for Disease Control and Prevention stockpiles vaccines, and the Department of Defense arms the war in Afghanistan.

But cyber-security poses special challenges for the government. Since 98 percent of all government communications travel over civilian networks and systems, the reach of the public sector has its limits.

In 2009, President Obama delivered a White House speech proclaiming that the protection of computer networks was a national priority. That same year, the administration unveiled a national cyberspace policy review which assessed U.S. policies and structures for cyber-security. The goal – and the challenge – was laid bare in the White House review: “[t]he national dialogue on cybersecurity must begin today. The government, working with industry, should explain this challenge and discuss what the Nation can do to solve problems in a way that the American people can appreciate the need for action. People cannot value security without first understanding how much is at risk.”

Congress too has made cyber-security a priority. This week, for example, Senate Democrats introduced legislation intended to clarify and modernize the security of the country’s critical information technology infrastructure. But while President Obama and congressional leaders have shown commendable leadership in raising the issue of cyber-security to its rightful place as a core national security priority, there is one key aspect of the White House’s national cyberspace policy review that needs far greater attention: public awareness and the full engagement of an informed and action-oriented citizens corps.

To be sure, the Obama administration is on the case. A coalition overseen by the Department of Homeland Security – including Microsoft, Facebook, Google, Intel, AT&T, Visa, PayPal, Wal-Mart, Costco, the Department of Justice and the IRS among its 28 founding members – launched a cyber-security public awareness campaign in October with the goal of elevating online security as a major public safety issue. The coalition selected “stop-think-connect” as a motto for the campaign after a year of research and focus groups. But more most be done.

Does anyone remember that October was National Cybersecurity Awareness Month? Probably not. The problem with increasing the level of citizen engagement is that the threat of a large scale and damaging cyberattack – such as one targeting the banking or energy sectors – is a foreign concept and seems remote and unfamiliar to most people. Americans naturally are more concerned with perceived threats that feel closer to home and which they understand. For instance, according to a twice-yearly security survey by Unisys released in October, Americans are more worried about terrorism, the outbreak of illness and personal identity theft, than Internet security.

The awareness level of small businesses – which employ just over half of all private sector employees – is lacking as well. Last year, the National Cyber Security Alliance conducted a study with Visa Inc. to analyze small business cyber security practices and attitudes. Fifty-three percent of all small business owners believed that the high cost in time and money to fully secure their business was not justified by the threat. And 75 percent said their employees received less than three hours of network and mobile device security in the past year, with 47 percent saying their employees did not receive any security training.

A Zogby poll on cyber security and education reveals that, while 90-percent of school administrators believe it’s important to teach kids basic Web safety, a vast majority offer no such lessons. As computer usage is classrooms is becoming a welcome component of the modern American education system, mandatory instruction on safe social networking, strategies for avoiding fraud and creating a secure password should be ascendant as well.

So what else can be done? The administration should begin by crafting clear and effective policies and guidance for its own workforce. The government will grow to 2.15 million employees this year. This presents a golden opportunity to educate professionals on the imperative of cyber-security and convey practical strategies for keeping cyber-space safe. The federal bureaucracy also has tools at its disposal to exert influence over the massive government contracting industry.

There is clearly no single technique that can raise public awareness concerning this core national security issue. It will require marshalling the resources of the government and private industry and imbuing a sense of shared responsibility for all Americans. Only then will there be the awareness of surroundings, the knowledge of circumstances, and the poise to act to protect the homeland.

Robert Friedman is the Managing Editor of Foreign Policy Digest, a non-resident Fellow at the Georgetown Center on National Security and the Law and a Principal in the Truman National Security Project.

blogger
facebook
google_buzz
linkedin
orkut
technorati
twitter
yahoo_buzz
rss
print
bookmark
email

About the Author

Robert Friedman

Robert Andrew Friedman is an Associate in the Washington D.C. office of Venable LLP. Robert is a non-resident Fellow at the Georgetown Center on National Security and the Law and a Truman National Security Fellow. Most recently, he was a Law Clerk on the Senate Judiciary Committee staff of Chairman Patrick Leahy (D-RI) where he worked on national security issues and executive and judicial nominations. He was previously an aide to Congressman Chris Van Hollen (D-MD) where he handled speechwriting, policy analysis and constituent outreach in the areas of immigration, education, and housing. Robert has also worked for the vice chair of the U.S. Equal Employment Opportunity Commission. Robert graduated cum laude from the Georgetown University Law Center where he was the Senior Notes Editor for the Georgetown Journal of Gender and the Law. He received a B.A. in political science from Emory University and studied public international law and conflict resolution at John Cabot University in Rome, Italy. He is currently pursuing an M.A. in Government from Johns Hopkins University.

February 1, 2011
Cyber- Warfare February 2011
Americas