Task force: Classes, security tool kit needed

A government working group pushes recommendations, including that elementary schools teach online ethics and that companies offer free security tool kits.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
3 min read
A government industry working group released its initial report on Thursday, recommending that elementary schools teach online ethics, that companies observe a Cyber Security Month and that a security tool kit for home users be created.

The Awareness and Outreach Task Force is one of five groups formed by the National Cyber Security Partnership, an industry and government alliance aimed at finding ways to improve cybersecurity without resorting to legislation. The task force's report is one of two expected to be published on Thursday.

Initially charged with finding ways of increasing awareness of online threats and good security practices among home users and small businesses, the working group broadened its focus to include educating larger organizations and state and local governments. The group expanded its mission to better support the National Strategy to Secure Cyberspace, which recommends that each Internet participant learn to secure their portion of the online domain, said Howard Schmidt, co-chairman of the task force and a former top White House cybersecurity official.

Much of the working group's focus is on strengthening the weakest link in Internet security--the users--through education and by providing simpler security tools.

"Computers are designed to run code, and as long as there are bad guys out there, end users will have to learn to protect themselves," Schmidt said.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

In his current role as the chief security officer for online auctioneer eBay, Schmidt frequently has to deal with the security costs of having a large number of users that are not aware of online security issues.

The task force recommendations come almost four months after industry and government officials met to discuss how a partnership could improve the nation's overall cybersecurity and more than a year after the Bush administration released the final draft of the National Strategy to Secure Cyberspace.

The recommendations are split between education and more proactive initiatives.

For small businesses, the report proposes that a security guidebook be developed to teach the best practices in security but also suggests that industry should encourage the creation of incentives, such as insurance, that could reward businesses that improve their security.

A national public service campaign could help educate consumers on cybersecurity, while a security tool kit would help those less tech-savvy protect themselves from an Internet attack, Schmidt said.

"We want to have everything a person needs to protect their system, such as a personal firewall," he said. "Something my 87-year-old dad can deal with and not be confused about."

Large companies haven't escaped the attention of the working group, either. The group suggests that September 2004 be designated Cyber Security Month, that a direct-mail campaign target the top executives at the largest 10,000 companies in the United States with security messages and that regional homeland security forums be held in partnership with the Department of Homeland Security.

The task force also recommends that the government start educating American citizens about cybersecurity at a young age, advocating teaching kids about appropriate online behavior. The group's report also proposes that the Homeland Security Department clone its forums for university presidents.

Another working group, called the Cyber Security Early Warning Task Force, focuses on a workable warning system. It also plans to release its initial recommendations on Thursday. A third report, on technical standards, is set for release on March 31; and two final reports, on improving software development practices and on ways of making boardrooms more responsible for information security, are scheduled to arrive April 6.