“Behave online… like you beh
What brought about the need for Government to publish a National Cyber Security Strategy?
When Government drafted the National Digital Strategy, it was already clear that there would be the need to draft also a national strategy about Cyber Security, that amongst others, covers the need for related national awareness. Why is that? Today, computers are the digital revolution which is owned by almost everyone. Technology evolves at a very fast rate, almost every week. Therefore, it is of primary importance to educate the public that although computers are a very positive tool, there are certain dangers and abuses to which they must be cautious about.
It is for this reason that Government felt that as a country we could not allow that this technology be used as a weapon, without having the necessary strategy in place through which we can implement necessary action items and organise initiatives to voice the message of how an individual can protect oneself from potential risks. We are not only referring to the private citizens, but also to entrepreneurs who conduct business interactions using their computers and who must be alert and evaluate the messages they receive. We also refer to our youths who are using tablets and computers from a very young age. It is equally important that we educate their guardians and parents in the first place. They should be cautious on behalf of their children, who do not have much experience about life. At the same time, they should prepare them for situations where people whom they speak to on the internet might not be who they claim to be and therefore should be careful when meeting someone they have got to know online.
This means that your online behaviour should be equivalent to how you behave in life. If someone you do not know stops you in the street and asks you to go with him, you ask yourself who is this person. These standards should be followed even on the internet.
The computer is a very positive tool and we are looking at how to increase connectivity, even through the Digital Single Market which unites the European Union under one strategy. However, we must realise that there are potential risks on the internet, through transfer of data and through telephony. Let us not forget the recent incidents where people were asked through an electronic message to phone on an overseas number to divulge personal information. This is one form of danger which we need to educate the public about.
It is for one of these reasons, that Government has tasked MITA to formulate a National Cyber Security Strategy of which national cyber security awareness is one of the action items being already implemented in collaboration with MITA.
What are the main goals of this strategy?
As highlighted earlier, national cyber security awarness is one of the key goals of the National Cyber Security Strategy. Awareness, as a goal is also accompanied by the need for education at all levels of formal education, as well as related training amongst the present workforce so as to ensure adequate cyber skill capabilities on a national level within the short as well as within the longer term.
However, we are also focussing on other five goals of equal importance and which form part of the National Cyber Security Strategy.
One of the primary goals is to establish a governance framework – at a strategic and operational level - to ensure the attainment of the Strategy, as well as permanance in the conduct of preparedeness and resilience in an ever evolving cyber threat landscape.
Cybercrime, as one of the key concerns within cyber security, is another area of focus within the Strategy, in terms of consolidation of related existing national effort as well as direction and initatives on a pan European and international front, given that cyber crime essentially knows no national borders.
Based upon such an understanding, it is therefore equally important to ensure preparedness in terms of national security, including ensuring the relevance of our existing laws and regulations in the light of challenges posed by cyber security. Therefore, the strengthening of national cyber defence is another goal of the National Cyber Security Strategy.
The need of a more secure cyber space is also extended towards the more secure provision of online public services as well as on various aspects concerning the private sector as one of our major contributors to the economy. Hence, the strategy has also a dedicated goal which delves on various related measures in this respect.
Ultimately, it is understood that cyber security is an area which cannot be dealt with by one individual, organisation or government alone. Hence, another of the key goals of the National Cyber Security Strategy is cooperation, both on a national front as well as on an international basis. Here again, we are not just focussing on cooperation within the realm of technology itself but also on various other socioeconomic dimensions, given that cyber security ultimately pervades and impacts upon various disciplines.
How is this awareness campaign aligned to the objectives of this strategy?
In line with the National Cyber Security Strategy , the awareness campaign aims to cover all national key stakeholders – Government, the private sector, including SMEs which constitute the majority of our country’s economy as well as our citizens, including those who are vulnerable, and who may be the most likely to fall victim to cyber security related grievances.
In the process, the awareness campaign is aiming to strenghten motivation, apart from basic awareness amongst individuals and organisations for their need to learn and pay particular attention to various signals of fake cyber related communications on a day to day basis. In this manner, the awareness campaign may lead to an establishment of a cyber secure culture that keeps in view of potential misuse, vulnerabilities and risks, potentially arising from Information and Communication technologies applied, whilst embracing their good and effective use on a day to day basis.
As also imparted by the National Cyber Security Strategy, the awareness campaign aims to convey the message that it is ultimately in everyone’s interest and responsibility to take the necessary relevant cyber security safeguards; keeping in view of the inherent inter-connectedness of individuals and organisations alike in the digital world.
MITA’S Manager Fiorita Sceberras How would you describe Cyber Security in simple terms?
Cyber security includes anything that has to do with the interaction of an individual or organisation with the digital world. Traditionally, we used to focus on the technical aspect of information security, but cyber security also includes procedures and processes adopted on a daily basis. It also includes the relative legislative structures that support cyber security and tackles the awareness of people acting in their personal capacity or as part of an organisation to protect themselves from risks that may arise through this interaction with the digital world.
What brought about the need for a National Cyber Security Awareness Campaign?
The National Cyber Security Strategy is based upon six goals, of which one relates to awareness. Therefore, we consider the awareness campaign that was launched last January – Sigurta’ Online Ghalik, as one of the pillars upon which the strategy is built. It was set as one of the goals in view of recent statistics that reveal that the cyber security threat landscape is significantly changing and corresponding risks have significantly increased over the past months and years. For this reason, we believe that increased awareness in this respect will greatly help the general public including children, youths, adults and the elderly, together with the SMEs in protecting themselves against these risks.. Our intention is to also provide the necessary guidance that will help different people detect a cyber security attack should this happen and perform the necessary steps to recover from such an eventuality.
What is the high level plan of this campaign?
The campaign will be spread over two years. During the first part of the campaign, we focused on introducing and explaining the notion of cyber security to the general public. We are aware that this subject might be relatively new for certain audiences so we wanted to be clear and explain in simple terms what it is all about. In this way, people can relate themselves to it, rather than considering it as a bombastic term that cannot affect them in their daily lives. During the second part of the campaign, we will then be focusing on the three main aspects related to cyber security - “Protect, Detect, React”. Our immediate plan is to focus on the protective aspect of cyber security during March and April, on detecting cyber security attacks during May and June and then shift the focus on the reactive aspect during July.
Which media are you using to deliver your message?
Our main channels for this campaign are social media, including our Facebook page Cyber Security – Malta and our website www.ncss.gov.mt on which we post a lot of useful information, posters, videos and newsfeeds which are collected from sources focussing on cyber security. We are also using the local radio and TV stations to deliver our message through adverts that are conveying concise and clear messages. In the meantime, we are planning what we are referring to as “highlight activities” through which we can deliver our message on a more personal level to specific audiences. We are planning to organise a cyber security week at Esplora where the idea is to have enought time to discuss the three aspects of cyber security through our opportunity to meet school children during the week and the general public during the weekend. In doing so, we plan toorganise interactive and interesting workshops that engage all those who choose to attend and explore this subject.
We are also looking at the opportunity of delivering our message to the students at Junior College, and the general public through the Local Councils.
Why are you targeting these particular levels of society?
Over the years, there seems to have been the perception that cyber security is only a concern for bigger businesses and companies. It might be because cyber attacks experienced by bigger companies obtain a lot of publicity in the media since these result in significant money losses, theft of large amounts of personal information etc. In reality however, we know that small businesses and individuals are also being subjected to similar