This subject could seem to some like a much less important element of cyber security than others. They could not be more wrong. In fact, this could be the key to success, particularly in the long term. This should also be championed by the DHS National Cyber Security Center. Only a departmental level organization will be able to work a program of this magnitude, it cannot be run out of the White House Staff, although it will require the President’s active support. Clearly other departments will also play a role, but DHS should be the lead organization.
The basic level of the campaign will be a “Smokey the Bear” type advertising effort. It must reach to every level of our society and get across the message that cyber security is important to every citizen, that everyone can be, and in fact is affected by cyber threats, and that by awareness, proper procedures, and active sharing of information, we can achieve a high degree of security. This has to become part of the formal education curriculum beginning at the lowest levels (today kindergarteners use computers), and be seen on every street corner, and during primetime television hours.
The next part of this campaign is to actively train our young citizens in cyber security. They are masters of using the newest technologies, but they do not necessarily understand them. This must be corrected, formally. It is only by understanding how the technology works that one can really appreciate what needs to be done to protect it. Technical and Technology courses should be made mandatory for our school systems. Even if children did not want to go on to math, science, and engineering fields, they need to be educated on the means through which all commerce and communication is now occurring. Additionally, this would contribute to the number of young people who would steer toward careers in technical fields by allowing some to realize that it was interesting and exciting.
The third leg of the campaign needs to be incentives to attract more people into the math, science, and engineering fields. Targeted scholarships for these programs at the college level are a good start, and should be started immediately. Additionally, there needs to be programs begun in high schools to attract children at that level. These could be predicated on future college scholarships, incentive funding, potential job opportunities, and other methods to draw students. Particularly in public schools, great efforts must be taken to move away from completely general programs to targeted ones that steer toward the sciences.
Finally, there must be mandated training and education for employees. This has to go beyond presently utilized programs that seem to be little more than checking of blocks. We need a work force in all areas that not only understand technology and the threats that exist, but who see themselves as key layers in protecting the cyber realm. This program would include government workers on all levels, private sector workers, both in tech and non-tech companies, executives and blue collar types. It should address the things the workers need to know to properly do their jobs, but also what they need to know to protect themselves in cyber. This is a key part, as our present work force will not have been reared on the campaign as their children will be. They must be reached through their jobs.
If we fail in this sort of effort, all our other cyber security measures will be wasted. People are the key, and if they don’t now how to “do security” properly, or simply ignore good procedures and habits, all the technical aspects will not be enough to protect us.