Cybersecurity needs duck-and-cover campaign to boost national awareness

Internet security threats demand that general Internet public learns to surf safely, researchers say

Shoring up U.S. cyberdefense should include educational programs that motivate private citizens to fight cyber threats through safer Web practices, much as school children were taught in the 1950s to hide under their desks and cover their heads in case of nuclear attacks, researchers say.

While the goals of a cyber program are much different, the public education requirements are the same, according to political science professors at the University of Cincinnati writing in the Journal of Homeland Security and Emergency Management.

"The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government responds," say Richard Harknett and James Stever of the school's political science department.

U.S. cyber war policy needs new focus, experts say

The problem stems from the fact that anyone can get Internet access without training in best practices, the researchers say in their article "The Cybersecurity Triad: Government, Private Sector Partners and the Engaged Cybersecurity Citizen". Without knowing the rudiments of PC security, their machines can fall under the control of botnets that then carry out the plans of criminals or rival nations, they say.

They cite the coordinated attack that overwhelmed U.S. and South Korean government sites last July as being the type of attack that individuals can unwittingly participate in by allowing their computers to be taken over by botnets, the authors say.

The awareness they call for has to go beyond simply "if you do not protect yourselves bad things will happen to you" and create a sense that cyber security is a civic duty.

"Most users remain unaware that not only is their computer data vulnerable, but that their insecure access to cyberspace can be exploited by others turning them into unwitting agents of coordinated cyber threats [both criminal and disruptive attacks],"they say. "Cybersecurity must become a national civic responsibility."

Many people who use the Internet and have even read stories about cyber exploits often don't recognize these attacks as part of a larger, more menacing threat. "For example, hacking by teenage pranksters is treated as a nuisance, not as breaking and entering or as a serious security threat with appropriate punishment," they say.

Similar attacks directed against the U.S. electrical grid could have more concrete and dire consequences, they say.

Learn more about this topic

U.S.-South Korea Cyberattack: Lessons Learned

Google cyberattack investigation includes employees

Is the U.S. ready for government-sponsored cyberattacks?

View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies