October is National Cybersecurity Awareness month. President Obama identified digital infrastructure as a strategic national asset, and cybersecurity as “a necessity for both businesses and consumers.” Further, “every American has a stake in security our networks and personal information.”
Coming of age when “lock your door” referred to a physical door (on the house or the car), it was somewhat overwhelming to learn that I now share personal responsibility for cybersecurity—on the internet, in protecting personal data, as a component of smarter electrical grids, or in generally protecting NEMA data against theft or loss.
With a quick internet search, it became apparent that many principles of physical security translate to cybersecurity. Locking physical doors avoids theft of physical possessions: in the digital era the door is now logical and the secured asset is data. Also, physical- or cyber-crime is opportunity-based. An open door (physical or logical) is more enticing than a locked door with armed guards, or its digital-equivalent, passwords and encryption. The importance of security remains the same.
Nonetheless, digital content protection discussions overwhelm users, whether the topic is the merits of various hashes, the most probable hacks, or a plea that users increase the security level (length) of their passwords. To ingrain digital security-awareness, as a habit, requires training at a user-friendly level:
- Communicate small bits of easily understood security information. Talk about virtual ‘doors,’ ‘locks,’ and ‘keys’—not why one security algorithm is preferable to another.
- Tell users why security matters. Whether the security measure is a password, biometrics, or other means, users need to understand how using a security measure prevents loss, to ‘think security’ and incorporate security as part of user behavior.
- Explain risk. Users are reasonably intelligent. We can understand the need for security, in terms of risk and the value of the data asset, if the explanation is cogent.
- Remind me. The digital age entices users to partake of a rich, ever-changing course of digital content. Sometimes, this user needs a reminder to be safe and secure in my quest for ever-richer digital content.
Recognize that we are all partners in digital security, and our goal is to protect personal and corporate data, and prevent cybercrime—this month, and every month. For NEMA’s part, while NEMA is not developing specific cybersecurity standards, NEMA continues to participate in the Cybersecurity Working Group of the Smart Grid Interoperability Panel, with an eye toward its impact on NEMA’s existing standards and our members’ Smart Grid products.