On September 18, 2002, the President’s Critical Infrastructure Protection Board (PCIPB) released a draft of a national strategy to secure cyberspace. The Bivings Group specializes in online public affairs campaigns and media intelligence and has an evolved expertise in network security and integrity. This piece is intended to bring these two competencies together to form a point of departure for the U.S. government to consider using the strategies and methods that we have applied around the world for organizations of all sizes, objectives and resources to the very pressing task of preparing our IT-dependent nation to the threats posed by cyber-terrorism.

Target Your Audience

The draft report from the PCIPB is segmented according to the anticipated vulnerabilities and the class of people who would be impacted by a successful attack. It is divided into the following sections:

  • Home User and Small Business
  • Large Enterprises
  • Federal Government
  • State and Local Government
  • Higher Education

While this segmentation provides an adequate starting point, the most important part of a cyber security communications plan is to directly engage the class of people who would play a role in securing IT infrastructure. Therefore, the audience for an online communications campaign should include:

  • Software vendors (Microsoft, Dell, Adobe)
  • Hardware vendors (AMD, 3Com, Cisco)
  • Internet service providers (Earthlink, AOL, Verizon)
  • IT professors and students (MIT, WPI, community colleges)
  • IT consultants (EDS, Siemens Business Services, IBM)

Engage Your Audience

Most people that fall into the categories above require a tremendous amount of information to successfully accomplish their jobs. They subscribe to myriad trade publications, read a multitude of listservs, post questions and answers to online message boards and are generally adept at finding and implementing solutions to their problems based on a diverse (and sometimes contradictory) universe of resources.

All communications campaigns should provide an incentive for the desired action, whether directly (through a sweepstakes) or indirectly (through useful information). Given the nature of IT personnel, an effective approach to engage this audience would be for the government to sponsor, create, and maintain an organized and exhaustive online security resource with built-in collaboration and information dissemination capabilities. This resource, which would be invaluable to the audience described above, would become a powerful channel for the government to distribute information and set priorities, allowing them to share relevant information, discuss and critique issues, discover new vulnerabilities, propose solutions to existing and hypothetical weaknesses and create a powerful feedback loop for the future necessities of cyber security. Furthermore, this same audience would likely play a crucial role in a crisis situation, enabling rapid deployment of human resources to the tasks of reconstituting the communications networks in need of repair or finding alternative methods for reestablishing communications.

Educate Your Audience

Such an online resource would have the added benefit of serving as an educational tool – the first stop for anyone interested in learning about security. While some may rightly point out that this type of information would be extremely dangerous in the wrong hands, there are many methods available for ensuring that particular audiences have more or less access to information than others. However, the benefits of creating this community probably outweigh the risks, especially if the right security and authentication measures are in place. After all, who better to design and implement these measures than the IT community itself?

Just One Drop In The Security Bucket

Obviously, this is but one small part of the overall efforts we will need to successfully face the threats posed by today‚Äôs technologically savvy terrorists. A cyber terrorist’s advantage in being able to hide, plot and strike, with little or no warning, can only be matched by being prepared to counteract (where possible), quickly repair damage, and learn from previous errors. A resource such as that described herein could provide the basic foundation to meet these urgent needs.