By Janet Napolitano and Philip Reitinger
October 2009 was the first National Cybersecurity Awareness Month – or NCSAM – of the Obama Administration. October 2016 is the eighth and last such month. It has been an eventful eight years and worth a look back.
The 2009 NCSAM launch was held at the Ronald Reagan Building in Washington. Secretary Napolitano opened the event and announced new authorities for DHS that would give it greater agility in hiring up to 1,000 new cybersecurity personnel. Deputy Secretary of Defense Bill Lynn discussed how no one could secure our networks alone and made the point that government needs industry and industry needs government. Chris Painter, leading the White House efforts at the time, spoke about the importance of working together globally. And the theme chosen for that month – “Our Shared Responsibility” – continues as the theme to this day.
The month proceeded with a series of events organized by Michael Kaiser and the National Cyber Security Alliance (NCSA), DHS and the Multi-State Information Sharing Analysis Center (MS-ISAC). On October 30, 2009, we cut the ribbon on the National Cybersecurity and Communications Coordination Center, a 24/7 entity intended to establish situational awareness and coordination across the US Government. The NCCIC has grown in importance over the last seven years and serves as the central point of response for the mission to protect infrastructure and services from cyber attacks.
A lot of good work has taken place over the last seven years. Government agencies, including DHS, have continued to grow in capability and hire cybersecurity leaders and experts. The White House appointed Howard Schmidt and then Michael Daniel as White House Cyber Security Coordinators. The Anti-Phishing Working Group (APWG) and NCSA, in partnership with the White House and DHS, launched the national cybersecurity awareness campaign — STOP. THINK. CONNECT. — in October of the following year (2010). Policy and operations have evolved to further support the exchange of critical information on attacks between industry and government and among industry, enabling better prevention and response. The government has continued to clarify roles and responsibilities so that its own actions in protection, investigation, response, and information gathering are aligned and reinforcing.
Awareness is orders of magnitude improved, thanks to the actions of governments, the private sector, individuals and especially the National Cyber Security Alliance. STOP. THINK. CONNECT. has grown into a global campaign. Yet a continuing parade of high-profile cyber incidents demonstrate we are not yet where we need to be, as a country or a global Internet community. The escalating nature of these compromises has now reached the point where the biggest compromise is alleged to have hit half a billion records. Our situation is not sustainable. We must increase our cyber awareness and resiliency – for citizens, industry and government – now.
Greater awareness will not by any means solve every problem. Even the most educated will at some point click a link too quickly. Regardless, greater awareness is a key component of our societal “defense in depth” to attacks, reducing their effect and spurring response and mitigation by informed users. And businesses will spend money to undertake better defenses only if they are aware of the threat.
We therefore call on governments around the world to redouble their efforts to improve cybersecurity awareness through direct action and support for organizations around the globe that raise awareness. This cannot be an activity that involves only cabinet heads – along with significant resources, heads-of-state must continue to use their bully pulpits to generate publicity and create focus. Let’s treat a global security problem like a global security problem.
STOP. THINK. CONNECT.
Janet Napolitano is President of the University of California. She served as Secretary of Homeland Security from 2009 – 2013, as Governor of Arizona from 2003 – 2009, as Attorney General of Arizona from 1998-2003, and as U.S. Attorney for the District of Arizona from 1993 – 1997.
Philip Reitinger is the President and CEO of the Global Cyber Alliance (GCA), a 501(c)3 dedicated to reducing systemic cyber risk. He served as the Deputy Under Secretary for the National Protection and Programs Directorate at the U.S. Department of Homeland Security from 2009 – 2011, as well as other senior positions at Sony, Microsoft, the Defense Department and the Department of Justice.