BACKGROUND:
A bipartisan group of U.S. House of Representatives members introduced H.R. 4055 in a move to establish a cybersecurity literacy and public awareness campaign targeted to educating the American public. Representatives Adam Kinzinger (R-IL-16) said: “As technological advancements increase and become more complex, it is critical that everyone is aware of the risks posed from cyberattacks and how to mitigate those risks for personal security.” Kinzinger leads the initiative with Representatives Gus Bilirakis (R-FL), Anna Eshoo (D-CA), Marc Veasey (D-TX), and Chrissy Houlihan (D-PA) to introduce the American Cybersecurity Literacy Act.
<p>This cyber literacy campaign is absolutely needed. We’ve seen again and again that people are ultimately the greatest liability when it comes to cybersecurity – whether it\’s human error or misunderstanding the importance of secure best practices. In the case of businesses, studies have shown that any form of employee security training reduces the impact of cyberattacks by over 70%. If businesses are making this a priority for their employees, then governments should also make it a priority for their citizens and see the same reduction in attacks.</p>
<p>Education is half the battle, and it’s great to see the NTIA launching a cyber literacy campaign. One of the key topics of awareness needs to be acknowledging that a chain is as strong as the weakest link and sparking a debate about balancing security with convenience and choice at the user level. </p> <p> </p> <p>Educated users will be more willing and better prepared to move away from complex, unwieldy and easily abuse passwords and choose new and better passwordless authentication methods instead. Such authenticators like phone as a token or FIDO2 security keys are more resistant to phishing attacks and help establish a trusted digital relationship between the end user and the IT service. </p> <p> </p> <p>This bill has several potential advantages in terms of advancing the public good. Beyond the urgent necessity of improving security for individuals and organizations, heightened user awareness and demand can incentivize B2C and B2B companies to offer increased choices of such authenticators, which in turn reduce customer friction and improve productivity.</p>
<p>Educating and training the public and a cyber workforce should be national priorities. With an increasingly alarming and disruptive attack pattern making headlines and impacting citizens directly, the urgency on both fronts is real. The nation is underprepared to meet current and future demands for cybersecurity talent. As a nation we need to educate the public, and also be innovative and find cyber talent regardless of background or education. This is an excellent time to showcase the incredible opportunity for young people as well as career changers, who are interested in entering the cyber security industry. We have the tools to find aptitude for cyber talent wherever it lies. Bolstering this approach with public and private investment will be critical in ensuring the safety and public welfare of the nation.</p>