Imagine a public-service announcement cautioning of the perils of cyberspace, as other advertisements warn of the dangers of cigarette smoking and drunk driving.
See Also: Securing the Borderless Enterprise
That's an idea forwarded by a British parliamentarian, who characterized as unacceptable people who fail to behave responsibly online.
"For drunk-driving, cultural change combined with government action turned what was once a social norm into an unacceptable behavior in the eyes of the public and in law," Jim Murphy, the Labor Party's shadow defense secretary, said at a security summit, according to a published report. "We have to ask ourselves what the right combination of education and regulation is because we must develop a cultural intolerance towards aggressive or criminal Internet use."
A cybersecurity public service campaign, not just in Britain but in the United States and elsewhere, would do more than just make individuals aware of their own online behavior. It also would raise awareness to the IT security threats our governmental and business institutions confront.
Sure, the public hears of breaches and cyberattacks but these intrusions often are seen as distant occurrences that don't affect them directly and which they don't comprehend fully. Debate over legislation in the U.S. Congress whether to regulate the private owners of the nation's critical IT infrastructure is far removed from the consciousness of the voting public despite the severe disruptions digital assaults on IT systems that control our water supply or energy flow could have on all of us.
When prompted, citizens acknowledge the dangers of cybersecurity. In a just-released survey of consumers by Unisys, nearly three-quarters of the respondents say they consider it very important presidential candidates emphasize protecting government computer systems and protecting utilities and transportation from cyberattacks in their campaigns (see chart below). That's higher than terrorism and border security. Sixty-three percent of respondents also believe the candidates should address protecting personal health information, too.
But unless some major breach occurs - say, Anonymous taking down Facebook or worse yet, a multiple-day disruption of ATM networks - don't count on the candidates to raise cybersecurity as a campaign issue. Though a highly targeted cyberattack can cause considerable damage to our economy, with significant consequence to individuals' pocketbooks, it's not one that candidates can explain easily in a 30-second sound bite.
Except in passing, President Obama and Mitt Romney haven't addressed cybersecurity on the hustings. Obama's position on cybersecurity is clear; his administration has laid out a legislative agenda to protect the nation's critical IT infrastructure that includes some form of government regulation.
It's not clear where Romney stands on regulating the private owners of the nation's critical IT infrastructure. In most other areas, such as finance and energy production, the presumptive GOP presidential nominee seeks to roll back regulations he contends stifle economic growth. A Google search of his campaign website didn't reveal his position toward regulating the security of the nation's critical IT infrastructure. The only cybersecurity references found on his campaign site, MittRomney.com, deal with cyber as a national defense issue:
"In his first 100 days, [a President Romney would] order a full interagency initiative to formulate a unified national strategy to deter and defend against the growing threats of militarized cyberattacks, cyberterrorism, cyberespionage, and private-sector intellectual property theft. U.S. defense and intelligence resources must be fully engaged in this critical aspect of national defense."
Romney's pledge on cybersecurity is reminiscent of Obama's 60-day Cyberspace Policy Review during the first months of his administration, but the former Massachusetts governor's cyber review would be more narrowly focused on cybersecurity as part of our national defense.
Cybersecurity isn't just a national defense issue, but an economic one, too. And, if that economic message becomes part of voters' awareness on their own financial well-being, then the candidates will address it. An aptly designed public-service ad campaign that highlights the economic dangers of weak cybersecurity could go a long way in making it a campaign issue.