Security Awareness Programs & Computer-Based Training
Improving Cyber Awareness - Strategies from Dena Haritos Tsamitis of Carnegie Mellon
The Director of Education, Training and Outreach at Carnegie Mellon University's CyLab, Dena discusses:
Dena oversees education, training and outreach for Carnegie Mellon CyLab, the university's cybersecurity research center. She leads the MySecureCyberspace initiative to raise "cyber awareness" in Internet users of all ages through a portal, game and curriculum. She guides the education initiatives of the NSF Situational Awareness for Everyone center, which explores ways to improve computer defenses by incorporating models of human, computer and attack interactions into the defenses themselves. Also through CyLab, she serves as Principle Investigator on two NSF-funded programs: the Scholarship for Service (SFS) program and the Information Assurance Capacity Building Program (IACBP). The SFS program provides full scholarships to highly qualified students pursuing studies in information assurance. The IACBP is an intensive summer program to help build information assurance education and research capacity at minority-serving colleges and universities.
TOM FIELD: What are the current trends in cyber awareness? Hi this is Tom Field, Editorial Director, with Information Media Security Media Group, and we're going to discuss this topic today with Dena Haritos Tsamitis with Carnegie Mellon University. Dena, thanks so much for joining me today.
DENA HARITOS TSAMITIS: Thank you for having me.
FIELD: Just to start out, why don't you tell us a bit about yourself and your role at Carnegie Melon, please. to give us some context?
TSAMITIS: Sure, I'm director of Carnegie Mellon's Information Networking Institute, which is a department in the college of engineering, and we offer professional graduate degree programs and information networking, information security, mobility, and software management in six locations around the world in addition to our Pittsburgh-based main campus. In addition, I'm also director of education training and outreach for Carnegie Mellon CyLab, which is our research partner, and it's an initiative involving multiple departments and colleges across the campus coming together to resolve cybersecurity issues, develop technologies, conduct research, and education and awareness initiatives.
FIELD: What do you find to be your biggest 2010 initiatives, Dena?
TSAMITIS: Well, my focus with CyLab education is on cyber awareness. My goal is to make 10 million citizens worldwide cyber aware, and what that means is I'm going to help raise awareness of cybersecurity threats and their solutions. Really to be able to accomplish this, we're talking about different audiences. From young children, professionals, and all the way up through senior citizens, and all these different demographic groups are very important. We have a game, for example, for young children. We are working on mobile applications for teenagers. We have a home portal that is available to home users called "My Secure Cyberspace," and for senior citizens we hold a class to help keep them safe online.
FIELD: I was going to tell you, Dena, I've spoken to a lot of people this year about their initiatives, and nobody has a more ambitious New Year's resolution than you!
TSAMITIS: Well, I think it is a very important resolution if that is what you want to call it, because there are, for example, senior citizens -- they are the largest growing demographic on the internet, and they happen to be also targeted most often for fraud. You know, in some cases seniors are going online for the first time and actually aren't just going online to surf or to email family members and friends. But some information they have to register for -- Medicare benefits online for example or other things. So they really need to be equipped with the knowledge and skill sets to protect themselves while they are online.
FIELD: Well, let's talk about cyber awareness Dena. What do you see as the major trends today in this area?
TSAMITIS: Lately we've been dealing with young people, and I think it is very important to start with young children. And when I say young children, elementary age to middle school because even though kids who are younger go on a computer, they generally they are on the computer with their parents when they are very young, or at least you would hope. But when kids are in elementary school, probably around third or fourth grade, they start going online and might be a little less supervised, and they are also at the age where they are a little more social or socializing without their parents or family members present. So this can really put them in a situation where they might engage in unsafe behavior without realizing it. So we have an opportunity to mold their behavior. Pretty similar to when you and I were younger, there were initiatives for seatbelt safety, so we were pretty much conditioned to put our seatbelts on as soon as we got into the car. This is pretty much the same thing we want to do with young children. We want to create awareness of unsafe behavior so they engage in safe behaviors from the get go, because modifying behavior is a much tougher challenge.
FIELD: Well, I hate to say it Dena, but I can remember when seatbelts were something that everybody hid behind the seats because they didn't want to be bothered with!
TSAMITIS: Yeah, well, it's not that way anymore, which is great, so we've made progress in that respect. FIELD: Now I want to ask you about what works well and what some of the challenges are. Let's start with the first, in terms of cyber awareness -- what do you find is really effective with these demographics that you've discussed?
TSAMITIS: Well, it's really talking to different age groups, different audiences, in a language they understand. It is making it important to them. They can relate to it. So talking about, engaging in a dialogue and presenting situations that they can relate to. So for young kids we present these topics in an exploratory game called the My Secure Cyberspace Game where they take on the role of being Carnegie cadets and their mission is to secure cyberspace. So they are introduced to concepts and skill sets, and then they reinforce what they've learned through game play. So we're really speaking to them or approaching them in a medium that they enjoy and understand.
With senior citizens, we found that face to face interaction is most effective, and again in it's in a dialogue form where they like to talk about something they've encountered or something they are unsure of, and helping them to be able to evaluate a situation in the future if they encounter it once more.
FIELD: Now flipside of that, Dena; what do you find to be the biggest challenges in terms of cyber awareness?
TSAMITIS: Well, first of all the fact that there is no notion of 100% cybersecurity. I think everybody I talk to, people who aren't cybersecurity experts, who want to become more aware, they think 'Well, I want to learn everything so that I can protect myself.' I tell them it doesn't matter how much you learn, unfortunately; there's no notion of 100% cybersecurity even if you do all the right things. You still might encounter or be hit with a virus, or have your identity stolen, unfortunately, because it just seems like the adversary is always one step ahead of us. It just seems like -- I want to quote Howard Schmidt, who is the new White House Advisor on Cybersecurity, where he feels there is too much responsibility on the end user. That really, technology companies need to develop stronger technologies so that so much of the onus isn't on the user himself or herself to take the right steps. It should be seamless, transparent to the user.
FIELD: Now obviously this isn't just the responsibility of Carnegie Mellon and organizations like your own; this is something that businesses, organizations in the private and the public sectors have to take up. What do organizations really need to know about cyber awareness to be effective in their own methods?
TSAMITIS: Well for one thing, CyLab is a public private partnership. We've partnered with many companies who have become CyLab sponsors. So they sign up for membership. They tend an annual conference. They are introduced to the latest cybersecurity research, the types of threats and how these threats might impact their businesses and the steps that they can take to protect their business and their bottom line. I think it is important that companies really be proactive in this respect rather than waiting for something to happen and have to be reactive. So there are opportunities for all types of organizations to become more informed, to become more involved in helping develop these technology solutions.
FIELD: Two final things here, Dena. One, let us know how people can be involved with CyLab and this initiative, and then also I would like to hear from you for organizations looking to improve their cyber awareness. What are a couple of things they can do just to get started?
TSAMITIS: First of all you could find out more about CyLab at www.cylab.cmu.edu and we do have a portal online for home users where it provides customized information about cybersecurity steps and their solutions, and step by step tactical measures, information about the ethical implications, the privacy implications, the legal implications. There are literally thousands of chunks of information, and it allows users to customize the information ,and it dynamically generates pages to fulfill the user's request. And this can be found at www.mysecurecyberspace.com. This was created to help execute the former president's national strategy to secure cyberspace wherein it says that each citizen is responsible for securing his or her own part of cyberspace. This really equips the users with that knowledge and the steps they need to take to be able to do that.
FIELD: Dena. that is real useful. I appreciate your time and your insight today.
TSAMITIS: Thank you very much.
FIELD: We've been talking about cyber awareness. We've been talking with Dena Haritos Tsamitis with Carnegie Mellon. For Information Security Media Group, I'm Tom Field. Thank you very much.