LAS VEGAS, January 7, 2023 – In addition to building a more robust cybersecurity workforce, policymakers should consider consumer education, said Camille Stewart Gloster, deputy national cyber director for technology and ecosystem for the White House, speaking Saturday at the Consumer Electronics Show.

CES 2023 has featured numerous discussions of cybersecurity in sectors ranging from transportation to Internet of Things home devices. On Thursday, an official from the Department of Homeland Security argued that manufactures should design and pre-configure devices to be secure, thus reducing the security burden on consumers.

For their own protection, consumers must better understand how to weigh risks and protect themselves in the digital world, Stewart Gloster said Saturday. “The sooner that people understand that their physical security and digital security are inextricably linked the better,” she argued. According to the panel’s moderator, Consumer Technology Association senior manager for government affairs John Mitchell, 82 percent of data breaches in 2021 involved “the human element, stolen credentials, phishing, misuse.”

Stewart Gloster’s team is working on a national cyber-workforce and education strategy, she said, which will address the federal cyber workforce, the national cyber workforce, cyber education, and “digital safety awareness.”

Stewart Gloster said workforce initiatives should promote the participation of “people of a diverse set of backgrounds who are highly skilled and multidisciplinary who can take a look at the problem space, who can apply their lived experiences, apply the things they’ve observed, apply their academic backgrounds to a challenging and ever evolving landscape.”

LAS VEGAS, January 6, 2023 – Cybersecurity protocols for Internet of Things devices should be industry-driven, Katerina Megas, program manager of the Cybersecurity for Internet of Things Program at the National Institute of Standards and Technology, said Friday at the Consumer Electronics Show 2023.

The popularization of IoT devices gives cyber-criminals increasing opportunities to breach networks, many say. Network-connected household devices – e.g., lightbulbs and home security devices – can be entry-points if security protocols are lacking. On CES panel on Thursday, a cybersecurity official at the Department of Homeland Security argued that manufacturers should design and preset devices to be safe, shifting much of the burden from the consumer.

“For a long-term, sustainable solution, the best approach really is for demand to be market driven,” she said, adding that NIST is “happy” to support the market when called on. To preserve flexibility, NIST’s cybersecurity guidelines for IoT manufacturers in general prescribed desired outcomes, rather than specific and “brittle” standards, Megas said.

“How you achieve those [outcomes] will vary depending on the maturity of your organization, the architecture of your product, perhaps preferences that you might have for you own internal processes,” she explained.

Megas said manufacturers, who well know their devices’ technical capabilities, often lack an understanding of how consumers actually use their devices. Megas said she has examined how to “help a manufacturer who has no insights into the final contextual use of this product, how can we help them…understand, ‘Here are the risks associated with my device.’”

At an American Enterprise Institute panel held in November, Megas endorsed an “ecosystem approach” to cybersecurity, arguing that network security is also indispensable.