The U.S. Senate Homeland Security Committee was just presented with a report pointing out that the user public (of all ages) has a role in the nation’s cyber security effort. The Committee had requested the study, National Cyber Security: Research and Development Challenges Related To Economics, Physical Infrastructure And Human Behavior from the Institute for Information Infrastructure Protection (I3P).
The report identified strategic objectives the federal government should pursue for improved cyber security. It examined the challenges facing the economic, physical, and human infrastructures and asserted that cyber security needs to be a national priority.
“Moving toward a more secure information infrastructure will require a concerted and committed effort on multiple fronts with the government playing a major role in creating and managing an effective national research and development effort,” the report concludes. “The new Administration has a major opportunity to direct and coordinate cyber security research and development efforts in ways that could provide protection from threats in the near term.”
Of particular interest to this blog is that the study authors point out one of those “multiple fronts” on the cyber security effort is the user public. The report identified priorities for the next 5-10 years, one of which is to better educate and engage citizens of all ages. Noting that the “human dimension of security must be address,” the report recommends:
“…awareness raising and educational campaigns directed at the public and private sectors as well as the general public must be developed. At the same time, IT ethics and security training must be built into K-16 curricula to ensure that the next generation becomes a positive force in the quest for better security.”
Cyber security is a growing concern of homeland security experts and policymakers I have spoken to, including recently former Homeland Security Secretary Michael Chertoff. A Obama cyber security transition adviser also last week said that the nation is not prepared for a ‘cyber Katrina’. Though much of the necessary high-tech cyber security work is being (and will be) done by government and the private sector, average computer users should realize that they have a role as well.