Cybersecurity Awareness for the Masses, Part I

As Cybersecurity Awareness Month comes to an end, we at New America’s Cybersecurity Initiative have been reflecting on the nature of “cybersecurity awareness.” Making people more aware of the vulnerabilities in the digital infrastructure that permeates their lives is a laudable goal, and ideally awareness month gives the public more information about how they can help mitigate those threats. The occasion also provides those of us who work in the field an opportunity to showcase the diversity of the work we do, and that others could do alongside us.

The month is chocked full of corporate events and think tank panels (including, for the sake of full disclosure, our own). But do these activities actually help spread meaningful awareness about cybersecurity to the general public? This is the rationale behind the project that our own Peter Singer is already running with New America Cybersecurity Policy Fellow Kal Raustiala of UCLA to host cybersecurity workshops in Hollywood and New York for movie and TV writers. But what else, we asked, is out there to help elevate cybersecurity in the public consciousness over the next eleven months in a way that will resonate? In short, what are our favorite cybersecurity references in popular culture that we think others should know about?

We decided to reach out to our New America Cybersecurity Policy Fellows to ask them just that question. As you will see, we got a great response, and we are publishing the results of that survey in three parts, one part per day beginning today. Quite apart from giving readers a chance to get to know some of our Fellows, and being fun to share in its own right, we hope it helps encourage a broader approach to cybersecurity awareness.

Today, we start the series with a collection of moments in pop culture that have inspired our Fellows and have the power to inspire others. Tomorrow we look at examples of representation in cybersecurity films, books, video games, music, and television that our Fellows have highlighted as positive role models. The following day, we will look at cautionary tales of cybersecurity gone wrong and lessons from pop culture.

Let us know what you think. And, of course, feel free to share on social media—cybersecurity is essential to our future national, economic and personal security. And it can also be fun.

Maarten Van Horenbeeck - CISO at Zendesk

Bugs

From 1995 through 1999, viewers across Europe were treated to a unique BBC television show. Drama series Bugs covered the lives of technology crime investigators as they investigated attacks on new technologies, trying to understand why industrial control systems fail and even respond to a man-in-the-middle attack on an undersea cable system.

Featured in an entertaining way, the approaches these fictional heroes took were often realistic and resembled techniques cybersecurity defenders, and their adversaries, take in real life. In one of my favorite episodes in which the automatic pilot of an airplane is hacked, investigators measure the field strength of a malicious radio signal and triangulate where the criminal—who has hijacked the airplane—is operating from. In another, they respond to malware that identifies digital information suitable for blackmail.

While the stories were often fantastical, in a time where internet use in the UK grew from 1.9% to 21% of the population, they were an introduction to a new world. Growing up as a teenager in Europe, Bugs remains a fond memory of a weekly appointment with my parents’ TV set, and an instigator to researching many concepts that later became invaluable in my actual cyber security career.

Hsia-Ching (Carrie) Chang - Assistant Professor at the University of North Texas

CSI: Cyber

Most of us have probably seen at least one episode of the CSI (Crime Scene Investigation) series (CSI: Las Vegas, CSI: Miami, or CSI: New York) on CBS since its debut in 2000. The latest series, CSI: Cyber, drew my attention when it aired in 2014. CSI: Cyber tells stories about the FBI's Cyber Crime Division, which was very interesting to me because the show focuses on cyber crime through the lens of digital forensics and behavioral psychology. I learned from the TV show because it provided a glossary of cybersecurity terms covered in the episodes. For instance, I learned that “juice jacking” refers to “invasion of your personal device while you are simply charging your battery” at a doctored USB charging point. Although the show did not teach the audience how to prevent it, I was curious about how to take precautions and sought out more information about the risk. Unfortunately, unlike other long-lasting CSI series, CSI: Cyber was canceled in 2016. If CSI: Cyber was not canceled, CSI's popularity would have some real-world effects on raising cybersecurity awareness across the nation and around the globe.

Nathan Fisk - Assistant Professor at the University of South Florida

Hackers & Cyberpunk 2077

I consider myself to be of a generation of cybersecurity/IT-minded people who developed an interest in the field because of popular representations of hackers. As a nerdy teen I remember the fall of 1995, riding my bike to see Hackers for the third time—a bad movie that would nonetheless shape my cultural leanings and technological development for years to come. There was nothing quite like the thrill of replicating the microcassette red box attack from the movie for the first time—or the dread of an operator icily notifying me that she was calling the cops.

When I think about what recent images I’ve seen that might mark the same kind of cultural moment for future generations, I’m drawn to Cyberpunk 2077. Releasing in 2019, it looks like CD Projekt Red has set the stage to show a new generation how empowering and cool an adversarial mindset can be, drawing on the cyberpunk traditions that brought so many of us into the fold. Despite a somewhat poor track record concerning gender, I’m hopeful that the game will provide the character options and flexibility to allow everyone to see themselves as the hacker (anti)hero.

Rogier Creemers - Postdoctoral Scholar at the Leiden Institute for Area Studies

WarGames

I’d like to go on a bit more of a retro bent: the 1983 classic WarGames. It’s got so much of the things we are now all concerned about in an embryonic form: how to deal with autonomous learning and decision making systems, how to safeguard critical security systems from external hacking, the kinetic consequences of cybersecurity breaches, human-machine interfaces. And all with these wonderful bleeping dial-up modems.

Brian Nussbaum - Assistant Professor at SUNY - Albany

The Wire

Few movies or television shows have better captured the adversarial relationship between criminals and law enforcement around information and communications security than The Wire. In addition to being a brilliant portrait of the drug trade, law enforcement, and city politics in Baltimore in the early 2000s, The Wire documented a pre-smartphone arms race of communications and interception techniques waged between drug trafficking organizations and the police. By exploiting jurisdictional lines and easily adopting new technologies, the dealers always outpaced law enforcement at first; however, by exploiting technical or network vulnerabilities and the weak (or lazy) operational security behaviors of the criminals, the police always found ways to “stay up” on at least some of the dealer’s communications. Through five seasons, The Wire painted an amazing picture of the drug war in an American city. It also touched on issues of post-2001 national security surveillance, the structural challenges faced by slow moving bureaucracies in a time of rapidly advancing technology, and the challenges in understanding clandestine organizations using incomplete information. The technology and approaches described in The Wire were in fact so spot on, that law enforcement actually had to ask them to leave some details out!