Guns and Cyber Security

The online world can be a dangerous place for the unprepared.  And it’s just going to get worse. It’s time to teach Cyber Security as integral part of the high school and college curriculum and to all corporate employees.

—-

I grew up in New York City and for a few years heaven on earth for me was going to Boy Scout camp in the summer near the Delaware River.  Boy Scout HandbookThe camp had all the summer adventures a city kid could imagine, hiking, fishing, canoeing, etc. But for me the best part was the rifle range.  For a 12-year old kid from the city shooting target practice and skeet  with a 22 rifle meant being entrusted by adults with something you knew was dangerous – because they were beating gun safety into our brains every step of the way.

From the minute we walked onto the shooting range to even before we got to touch a gun, we learned basic rules of handling weapons I still haven’t forgotten. You screwed up and you got yelled at and if you did it again you got escorted out of the rifle range.

While target practice and skeet shooting were fun, safety was serious.

scouts at rifle range

Over the years I would learn how to shoot an M-16 in basic training in the military, go through a basic combat course to go to Southeast Asia (when we acted like this was a lark, our instructor stopped our drill and said, “For your sake I hope the guys shooting at you were screwing around in their combat course.”  It got our attention.)  When I bought the ranch herds of wild boar still roamed the fields. While we were putting in the miles of fencing to keep them out, I bought much heavier weapons to deal with a charging 400-pound boar and hired an instructor to teach me how to safely use them.  Each time gun safety was an integral part of training with new weapons.  For me, guns and gun safety became one and the same.

Hacking and Cyber Security
For consumers, online surfing, shopping, banking and entertaining ourselves have become an integral part of our lives. And with that has come identify theft, hacking, phishing, online scams, bullying, and predators online. As well as a loss of privacy.

But for businesses, the threats are even more real. Go ask RSA, Northrop, Lockheed, Google, Amazon and almost every other company with an online presence. Intellectual property stolen, customer data hacked, funds illegally transferred, goods stolen, can damage a company and put them out of business.

I think we’re missing something.

In the last 20 years 3 billion people have gained access to the web. Yet for most of them safety online remains a problem for other people. It pretty clear that for a company going online today is equivalent to playing with a loaded gun. The analogy of comparing the net with guns might seem stretched, but I think it’s an apt one. Guns have been around for hundreds of years, to provide food as well as wage war, but it wasn’t until the 20th century that gun safety rules were codified and taught.

I think we need the equivalent of gun safety training for online access.

We now know the basic tools online hackers use. We know enough to harden sites to stop the simple hacks and to educate employees about basic social engineering and phishing attempts. It’s time to teach Cyber Security as integral part of the high school and/or college curriculum – not as an elective. Companies need to make Cyber Security education an integral part of their on-boarding process.

The Air Force Academy basic Cyber Security course is a good place to start (Stanford and other schools have a similar syllabi.) The class consists of basic networking and administration, network mapping, remote exploits, denial of service, web vulnerabilities, social engineering, password vulnerabilities, wireless network exploitation, persistence, digital media analysis, and cyber mission operations.

Lessons Learned

  • The web is not a benign environment
  • Companies, high schools and colleges ought to make a basic Cyber Security course a requirement of getting online access.

Listen to the post here or download the podcast here

6 Responses

  1. Agreed Steve. This is a vital point of education that we are not yet getting right.

    One question: How to help young folks to appropriately visualize and feel the potential impacts of not getting security right? With guns, its easy to visualize the consequences of getting it wrong. I wonder what is the equivalent of the drill instructor’s strategy for ‘getting your attention’ that we can apply electronically?

    Electronic exploits are silent, invisible, anonymous, and remote. All of these characteristics make it hard for the “now, now, now” high feedback computer users of today to treat them as real, impactful, and imminent.

    -Kevin in Austin.

  2. It’s like driver training!
    Thanks Steve.

  3. They brought in a speaker to my daughter’s high school to talk the students about some of the perils of the internet. He talked about a wide range of issues from cyber bullying, to security to etiquette. He mentioned that whatever gets posted in the web is there permanently and that future employers will do an internet search on you to gather information, so be careful about what you post. He cited a case where a particular student was awarded a scholarship at a certain college but after the scholarship body was made aware of derogatory comments attributed to the student that he posted on his blog, the scholarship award was revoked.

  4. Agreed Steve. This is a vital point of education that we are not yet getting right.

    One question: How to help young folks to appropriately visualize and feel the potential impacts of not getting security right? With guns, its easy to visualize the consequences of getting it wrong. I wonder what is the equivalent of the drill instructor’s strategy for ‘getting your attention’ that we can apply electronically?

    Electronic exploits are silent, invisible, anonymous, and remote. All of these characteristics make it hard for the “now, now, now” high feedback computer users of today to treat them as real, impactful, and imminent.

    -Kevin in Austin.

  5. […] This post originally appeared on the blog of startup guru Steve Blank. […]

  6. […] I grew up in New York City and for a few years heaven on earth for me was going toBoy Scout camp in the summer near the Delaware River. The camp had all the summer adventures a city kid could imagine, hiking, fishing, canoeing, etc. But for me the best part was the rifle range….read full post. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 151,816 other followers