How Can the Federal Government Get Citizens to Take Cybersecurity More Seriously?

WASHINGTON, June 8, 2018 – Concerns that consumers will fail to adopt even basic security measures to protect themselves – and thereby endanger the entire internet ecosystem – is becoming an increasingly dire issue. That was the message delivered at a Thursday cybersecurity policy forum hosted by th

How Can the Federal Government Get Citizens to Take Cybersecurity More Seriously?
Screenshot of Connectivity Standards Alliance CEO Tobin Richardson at the January 11 hearing

WASHINGTON, June 8, 2018 – Concerns that consumers will fail to adopt even basic security measures to protect themselves – and thereby endanger the entire internet ecosystem – is becoming an increasingly dire issue.

That was the message delivered at a Thursday cybersecurity policy forum hosted by the trade group US Telecom. Panelists included public and private sector individuals that had worked on a cybersecurity Executive Order released a year ago.

The May 2017 Cybersecurity Executive Order called for the Departments of Commerce and Homeland Security to form a united front in improving cybersecurity, with a focus on transparency. It also required a first draft released in January and a final report recently released on May 30.

With botnet and malware attacks, how to motivate consumers to care about cybersecurity?

The most recent report reflects a need for partnerships across the private and public sector to develop cybersecurity controls across botnet attacks and malware threats.

Evelyn Remaley, Deputy Associate Administrator at the National Telecommunications Infrastructure Administration of the Commerce Department, said that the final, follow-on report permitted researchers the time to properly developed a new framework.

Although the report took a year to be released, industries and agencies have taken the initiative to develop cybersecurity measures on their own, such as the so-called “moonshot” being undertaken by the National Security Telecommunications Advisory Committee, a Homeland Security body.

Yet the advisory committee  report continues to raise concerns about how to motivate consumers and manufacturers to care about cybersecurity.

“One whole goal is about education and awareness,” said Tim Polk, a computer scientist at National Institute of Standards and Technology specializing in cybersecurity against botnet and other threats, stressing the importance of consumer awareness.

Getting computer security warnings to take a more user-friendly approach

The newly released report, he said, talks about voluntary labeling schemes, assessment schemes, and other various tools that serve to give manufacturers the ability to package information in a more user-friendly way.

Indeed, Polk said that the majority of customers said they would be willing to pay 10 to 15 percent more for a secure connection, yet they did not know how they could ask for that.

If businesses can educate customers on how to ask for secure connections, enough consumers will pursue those connections that manufacturers will be pushed to improve security in their devices.

Chris Boyer, a representative of AT&T on the National Security Telecommunications Advisory Committee, suggested that a labeling system for devices may help consumers make better decisions about security.

At the same time, he said, “We can’t push the responsibility for security down to the customer. If we are going to rely on consumers and users to be their own system administrators and secure the environment, that’s bound to fail in the long run.”

Remaley expressed that there is a significant amount of work to be done in this area, but the innovation will improve the situation.

(Photograph of US Telecom event by Heather Heimbach.)