A newly introduced bill would require the National Telecommunications and Information Administration (NTIA) to fashion a literacy campaign that raises the American public’s knowledge and awareness of cybersecurity risks.
The American Cybersecurity Literacy Act, which has bipartisan support, would also include best practices for presenting cyber attacks. The measure is sponsored by Rep. Adam Kinzinger (R-IL) and co-sponsored by Reps. Anna Eshoo (D-CA), Gus Bilirakis (R-FL), Marc Veasey (D-TX) and Chrissy Houlahan (D-PA).
The campaign will allocate federal resources to educate the public on a range of topics, from properly identifying secure websites to understanding the potential cybersecurity risks of using publicly-available Wi-Fi networks. Information on recognizing fraudulent emails, password protection and multi factor authentication will also be included.
It’s not only the public that gains from cyber literacy initiatives. Such campaigns also help promote security awareness training services that MSPs and MSSPs offer to familiarize their customers with phishing-type email and other scams hackers regularly run.
The bill’s sponsors pointed to the vital role public awareness and education plays to thwart cyber attacks. “As technological advancements increase and become more complex, it is critical that everyone is aware of the risks posed from cyber attacks and how to mitigate those risks for personal security,” said Kinzinger. “In order to prevent these attacks going forward, we must combine public awareness with targeted cyber education," he said.
In a similar vein, Bilirakis, citing a recent unsuccessful attack on the water supply of a town in his Florida district, said a national education campaign to raise awareness of attacks along with “practical steps” to bottle up potential hackers is a “matter of national security.”
Cybersecurity providers also weighed in on the proposed legislation. “Educating and training the public and a cyber workforce should be national priorities,” said Doug Britton, Haystack Solutions chief executive. “As a nation we need to educate the public and also be innovative and find cyber talent regardless of background or education.” And Rajiv Pimplaskar, Veridium chief revenue officer, also praised the bill. “It’s great to see the NTIA launching a cyber literacy campaign,” he said. “One of the key topics of awareness needs to be acknowledging that a chain is as strong as the weakest link and sparking a debate about balancing security with convenience and choice at the user level.”
The proposed legislation comes in a period of heightened cyber attacks by foreign adversaries, including the Russian-orchestrated SolarWinds hack, the Colonial Pipeline infiltration, the Microsoft Exchange email hack, the JBS cyber hijack and others. A flurry of bills have recently been introduced aimed at shoring up the nation’s defenses against ransomware and other malware attacks.
Earlier this year, a public awareness program rolled out by the Department of Homeland Security’s cyber wing aims to help organizations fight the ransomware scourge hitting governments, schools and private industry. The Cybersecurity and Infrastructure Security Agency’s (CISA) public awareness campaign features information on available resources to defend against ransomware attacks, training classes, webinars and alerts.
The literacy bill comes on the heels of President Biden’s executive order issued in May 2021 that referred to the role of IT service providers in cybersecurity 15 times.