Does the US Need a 'See Something, Say Something" Campaign for Cyber?

The federal government must play team leader in upping the country's cybersecurity game, according to a new study.

Specifically, Alan Webber, IDC Government Insights research director for global public safety and national security, recommends the government look to Israel's model of security.

The government instills in Israelis an awareness of digital threats, much like the way America has made citizens aware of physical threats with "See Something, Say Something” ads at airports, train stations and other public gathering spaces.  The federal government’s “Stop. Think. Connect.” cyberthreat warning, however, does not seem to be entering into the public consciousness.

"The United States lacks a cybersecurity-focused culture," Webber said in a report released Thursday. "The nation of Israel has a very high-level security culture, both physically and digitally."

Israel's real-world protections include fences, security patrols and other tangible items. Israel’s digital defenses include "a cultural mindset that is suspicious of unsolicited emails and packages, looks for things out of the ordinary, and is consistently mindful of security,” Webber said.

In the United States, citizens lock their doors, install surveillance cameras and call the police to report suspicious activities, he said. But that caution has not transferred into cyberspace, where Americans, largely, do not look out for suspicious email headers, fraudulent websites and other online abnormalities.  

Antivirus software, services that scour the secret "Dark Web" where personal information is auctioned, and employee training have not stopped hackers from stealing Target credit card data, copying Sony’s intellectual property and exposing secrets about federal employees from the Office of Personnel Management.

Webber highlights "great initial efforts" at the Department of Homeland Security, such as the National Cybersecurity and Communications Integration Center, conceived several years ago to share tips on hacks with the private sector. But the extent to which federal information-sharing hubs and each of the 16 critical private sectors -- from chemical manufacturers to entertainment firms -- are in lockstep remains unclear. 

"The amount of information is not as extensive as it could be," Webber said.

The IDG report does not discuss the controversial issue of the United States "hacking back," or perpetrating cyber espionage and deploying damaging malware to preempt attacks on U.S. networks. Webber said he assumes such offensive actions already are underway. 

"We have depended upon government to protect us, from the police officer walking his beat to the soldiers, sailors and airmen in the U.S. military," he said. "But the nature and the speed of threats have changed, and with it so should what government does to protect its citizens and businesses in this new cyber world."