The Cybersecurity and Infrastructure Security Agency (CISA) wants cybersecurity for the average American to become second nature – as normalized as putting on your seatbelt when you get into a car.
However, cybersecurity is often misunderstood by those outside of the field, who view it as a job reserved for IT professionals in a high-tech environment.
CISA is looking to change that misconception. The agency wants to help individuals across the country understand that they “have not only the responsibility but the opportunity to engage in cybersecurity,” according to Trent Frazier, CISA’s acting assistant director for stakeholder engagement.
In an exclusive interview with MeriTalk, Frazier explained how CISA’s Secure Our World cybersecurity public awareness program aims to do just that.
“In an increasingly connected world, cybersecurity is really becoming a team sport where all of us have a part to play,” Frazier told MeriTalk. “The goal of Secure Our World is to help the public – young and old and from all walks of life – understand their part in protecting themselves and the networks that we all rely on in our day-to-day lives.”
CISA launched Secure Our World in September 2023. The campaign includes public service announcements (PSAs) that are promoted widely across the United States on television, radio, digital ads, billboards, and more. It also includes digital content, a toolkit, and other cybersecurity resources.
“One of the things we want to do is to sort of demystify cybersecurity for folks. I think oftentimes when we talk about cybersecurity, it seems like a very complex and sometimes intimidating discussion about advancing technology and all of the various threats that our technologies face today. But really, for most of us, a little dose of care can go a long way,” Frazier said.
For individuals and families, the campaign is all about emphasizing the importance of securing personal accounts and devices. That means using strong passwords and a password manager, enabling multi-factor authentication, updating the software you use across all of your devices, and reporting phishing activities.
For small businesses, the campaign is focused on their “unique challenges,” Frazier said. It helps them to utilize the cybersecurity tools and resources available to them, protecting both themselves and their customers.
“We also want Secure Our World to be part of a two-part conversation happening between customers and industry. And so, we want this to be an extension of the continued discussion we’re having about secure by demand,” he added.
Secure by demand is a new approach to cybersecurity that CISA is focused on in 2024, which aims to ensure customers can push their vendors to do better.
The approach stems from the agency’s Secure by Design initiative – which recently celebrated its one-year anniversary.
The Secure by Design principles aim to keep Americans safe in today’s technology ecosystem by putting more cybersecurity responsibilities on technology manufacturers instead of on technology users.
“We see Secure Our World and secure by demand as complementary parts of a larger discourse that’s happening across the public and industry today,” Frazier emphasized. “Where secure by demand is about driving change within products and software providers to really encourage them to integrate security as a core component of the products they’re providing, Secure Our World is all about educating consumers.”
“It’s about helping individuals recognize the importance of cybersecurity to their everyday lives and begin to ask educated questions about the products and software that they’re relying upon and ultimately consuming,” he added.
As this program continues to evolve, Frazier said CISA will be looking at how it can implement “more targeted educational programs” to help consumers make well-informed technology decisions.
“What we want to see in the marketplace is a real dialogue happening between consumers and providers to make security front and center in the products and services that we all rely on,” Frazier said.
“Our goal, of course, is to continue to reduce cyber threats and really make our digital environment safer for all,” he added. “Cybersecurity is a team sport for all of us now, it has to become part of our daily lives.”