Building Cybersecurity Awareness: The need for evidence-based framing strategies

Cybersecurity is a global phenomenon representing a complex socio-technical challenge for governments, but requiring the involvement of individuals. Although cybersecurity is one of the most important challenges faced by governments today, the visibility and public awareness remains limited. Almost everybody has heard of cybersecurity, however, the urgency and behaviour of persons do not reflect high level of awareness. The Internet is all too often considered as a safe environment for sharing information, transactions and controlling the physical world. Yet, cyberwars are already ongoing, and there is an urgent need to be better prepared. The inability to frame cybersecurity has resulted in a failure to develop suitable policies. In this paper, we discuss the challenges in framing policy on cybersecurity and offer strategies for better communicating cybersecurity. Communicating cybersecurity is confronted with paradoxes, which has resulted in society not taking appropriate measures to deal with the threats. The limited visibility, socio-technological complexity, ambiguous impact and the contested nature of fighting cybersecurity complicates policy-making. Framing using utopian or dystopian views might be counterproductive and result in neglecting evidence. Instead, we present evidence-based framing strategies which can help to increase societal and political awareness of cybersecurity and put the issues in perspective.

[1]  Paul T. Jaeger,et al.  National Security Letters, the USA PATRIOT Act, and the Constitution: The tensions between national security and civil rights , 2008, Gov. Inf. Q..

[2]  Rahul Telang,et al.  Does information security attack frequency increase with vulnerability disclosure? An empirical analysis , 2006, Inf. Syst. Frontiers.

[3]  Sophie A. Nicholson-Cole Promoting Positive Engagement With Climate Change Through Visual and Iconic Representations , 2009 .

[4]  Antonio F. Gómez-Skarmeta,et al.  Distributed Capability-based Access Control for the Internet of Things , 2013, J. Internet Serv. Inf. Secur..

[5]  J. Bargh,et al.  Automaticity of social behavior: direct effects of trait construct and stereotype-activation on action. , 1996, Journal of personality and social psychology.

[6]  S. Woolgar,et al.  Mundane Governance: Ontology and Accountability , 2013 .

[7]  Adel Said Elmaghraby,et al.  Cyber security challenges in Smart Cities: Safety, security and privacy , 2014, Journal of advanced research.

[8]  G. Manimaran,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems , 2008, IEEE Transactions on Power Systems.

[9]  G. Vries,et al.  How Positive Framing May Fuel Opposition to Low-Carbon Technologies: The Boomerang Model , 2017 .

[10]  Yanyan Zhuang,et al.  It's the psychology stupid: how heuristics explain software vulnerabilities and how priming can illuminate developer's blind spots , 2014, ACSAC.

[11]  A. Tversky,et al.  Prospect Theory : An Analysis of Decision under Risk Author ( s ) : , 2007 .

[12]  T. Crompton,et al.  Common Cause: The case for working with our cultural values , 2010 .

[13]  Calvin Burns,et al.  'Cyber Gurus': A rhetorical analysis of the language of cybersecurity specialists and the implications for security policy and critical infrastructure protection , 2015, Gov. Inf. Q..

[14]  Joan Meyers-Levy,et al.  The Influence of Message Framing and Issue Involvement , 1990 .

[15]  Philip Doty,et al.  U.S. homeland security and risk assessment , 2015, Gov. Inf. Q..

[16]  Christopher G. Reddick,et al.  Public opinion on National Security Agency surveillance programs: A multi-method approach , 2015, Gov. Inf. Q..

[17]  A. Tversky,et al.  Prospect theory: an analysis of decision under risk — Source link , 2007 .

[18]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[19]  Tomasz Janowski,et al.  Digital government evolution: From transformation to contextualization , 2015, Gov. Inf. Q..

[20]  R. Petty,et al.  Message Framing and Persuasion: A Message Processing Analysis , 1996 .

[21]  Schneider,et al.  All Frames Are Not Created Equal: A Typology and Critical Analysis of Framing Effects. , 1998, Organizational behavior and human decision processes.

[22]  Christian Leuprecht,et al.  Beyond the Castle Model of cyber-risk and cyber-security , 2016, Gov. Inf. Q..

[23]  Bart W. Terwel,et al.  Spare the details, share the relevance: The dilution effect in communications about carbon dioxide capture and storage , 2014 .

[24]  Jensen J. Zhao,et al.  Opportunities and threats: A security assessment of state e-government websites , 2010, Gov. Inf. Q..

[25]  Alexander J. Rothman,et al.  Shaping perceptions to motivate healthy behavior: the role of message framing. , 1997, Psychological bulletin.