President Trump and his Cabinet officials have save relatively little about cybersecurity during the transition and first days in office. What they have said focused largely on the military’s role in cyber defense and offense. And their draft executive order on cybersecurity sounds either naive, or else disingenuous, since, as New America expert Peter Singer points out, the Trump Administration is considering lifting sanctions against Russia, one of our biggest cyber adversaries.
But cybersecurity is every bit as much a civilian issue as a military one. It’s also a public and behavioral issue as much as a technological one. As I’ve argued, the human side of the cybersecurity equation too often gets lost in the public discussion. For example, this month’s Senate Armed Services Committee hearing on Russian hacking largely sidestepped the role of human factors in securing our nation. It’s unfortunate then that a major exception to this pattern, the President Obama’s Commission on Enhancing National Cybersecurity, released its findings to relative quiet in late 2016 amidst the outrages of Russian hacking during and after the election.
There’s much to commend in the Commission’s report, though I’m troubled by how it treats the American public only as consumers in need of sensible protections. The American people are much more than that, obviously, and cybersecurity is much broader than shopping safely. The public need tools to become active participants in their – and our – collective security. In truth, every one of us, whether we like it or even know it, lives within a growing constellation of internet-connected sensors, devices, and networks that are constant targets of online probing, theft, ransom, espionage, and even destruction.
Therefore, creating real “public cybersecurity” requires rethinking how we prepare children to become adolescents, citizens, employees, employers, parents, and consumers. That means building a culture of security, safety, and resilience around technology, data, and privacy, from childhood through old age. It should become as common a subject as health and fitness.
And here, the Commission’s recommendations are a noteworthy step in the right direction:
“The federal government should establish, strengthen, and broaden investments in research programs to improve the cybersecurity and usability of consumer products and digital technologies through greater understanding of human behaviors and their interactions with the Internet of Things (IoT) and other connected technologies.” (p 33)
Admittedly, however, this is a big “if.” Much will depend on the people that new DHS Secretary Gen. John Kelly puts in place to manage cybersecurity and public outreach. And it requires cooperation across the federal government which seems wishful given the open war on science we’ve seen in the Trump Administration’s first days.
Gregory Michaelidis recently formed Security Awareness Lab LLC, a unique, evidence-based security communications consultancy. He is a Cybersecurity Initiative Fellow at New America, and until this month, was senior advisor for public affairs at the Department of Homeland Security.