On September 30, the President issued a proclamation designating October as “National Cyber Security Awareness Month.” As I tell everyone I meet, this shouldn’t matter just to geeks like me, the President’s Cyber Coordinator. With our world ever more connected to the Internet – our phones, our tablets, even our cars – cybersecurity matters to everyone.
This October marks the 10th anniversary of our efforts to raise awareness, and we’ve come a long way in the past decade. Yet despite the fact that more people than ever before are aware of cyber threats – such as to personal email accounts, banks, and critical infrastructure – and are working to counter them – through secure passwords and good online awareness – we still have a lot to do. Cyber is one of those challenging areas in which there really is no “done.” Even though the internet feels like it’s been around for a long time, we are still learning as a society about how to operate safely and securely online.
As we think about how to best to do that, one factor about the nature of cyberspace becomes particularly relevant – its borders. Traditionally, many have argued that cyberspace has no borders and that that fact is both a strength – in terms of a free flow of information that drives the economy and supports free speech – and a weakness – in that it also allows malicious actors great freedom of movement.
But I would argue that such an emphasis on borders is misplaced. There are borders and boundaries everywhere in cyberspace; everywhere that networks, routers, servers, devices, and people touch the internet there are borders. Instead, what cyberspace lacks is an interior – there is really no “protected inside” to a network, a space that is far away and insulated from what happens at the edge.
So the very nature of cyberspace and its interconnectedness mean that everything and everyone touches an edge or a border in some fashion.
This reality has profound implications for how we organize ourselves a society to protect ourselves in cyberspace – and how I carry out my role as cybersecurity coordinator. For example, in the physical world, we assign the mission of “border security” to the Federal Government. But if everyone lives at the border in cyberspace, then it’s not physically possible to assign the “border security” mission to just one group or element of our society, even the Federal Government. That means that everyone needs to play a part in protecting our cyber borders.
That is why National Cyber Security Awareness Month is so important. We need everyone to understand how to participate in their individual, and our collective, defense. Cybersecurity is a shared responsibility, and we all have a role to play – from the government and law enforcement, to the private sector, to the general public. This united effort is necessary to maintain a cyberspace that is safer and more resilient and that remains a source of tremendous opportunity and growth for years to come. And in the end, we cannot afford to only think about cybersecurity awareness just one month out of the year. We need to be aware of our practices and habits each day, and we must remain focused on meeting the evolving challenges in securing cyberspace.