Representatives of computer companies and governments meeting at the EastWest Institute security meeting in Brussels said that an industry culture of obscure jargon is preventing the world’s two billion Internet users from putting security measures in place to protect themselves.
The group met to figure out how to protect computer users from massive abuse, fraud, online theft, vandalism and espionage.
The New York Times story carried the following quotes from those at the meeting:
“The malicious and criminal use of cyberspace today is stunning in its scope and innovation,” — Dell Services President Peter Altabef.
“If you don’t demystify security, people become anxious about it and don’t want to do it…. There are some people in the profession who to some degree enjoy the mystification of what they do, that it’s not penetrable. It’s almost a sense of superiority,” — former U.S. Homeland Security Secretary Michael Chertoff
“We use a lot of complex terminology where it’s not needed. We don’t encourage people to think enough,” — Steve Purser, head of Technical Competence at the EU’s European Network and Information Security Agency.
The ugly reality is that computers are not simple and computer security is very technical and ever-changing.
Personally I don’t think very many technical people have the “sense of superiority” that Chertoff mentioned. A huge number of them have mathematical, detail-oriented minds and they simply aren’t good communicators. There are fabulous communicators in the computer security space, but, it takes a “big picture” mind set to communicate well. It takes a “little-tiny-detail” mind to write code, run networks and keep security systems running.
The best we can do is to keep trying through:
— industry wide consciousness that we NEED to explain things to non-technical people
— company blogs written for the common user
— resource pages with easy-to-understand materials about security
— organizations such as the various Computer Emergency Response Teams (CERTs) and non-profit organizations
— security-awareness days and PR events
— graphic user interfaces, help screens and manuals written with inexperienced users in mind
Companies, organizations and government agencies should hire professional communicators, teach them computer security and have them write/tweet/blog/speak to teach kids and the “home user” what they need. Hey, the newspaper business is going the way of the buggy-whip industry. There are loads of great journalists out there looking for a new career.
That’s how I got here.
A great resource for “non-technical” people can be found at US-CERT’s site: http://www.us-cert.gov/nav/nt01/
And the National Cyber Security Alliance site StaySafeOnline.org: http://www.staysafeonline.org/