SAN FRANCISCO—Mimicking public health strategies, such as maintaining good “cyber hygiene,” could improve cyber security, according to a new paper by a team of economists and public health researchers at RTI International.
The paper, published in the November/December issue of Cross Talk, provides a substantive look at how public health strategies and research methodologies could be used to guide cyber security strategies.
Currently, no centralized approach has been successfully used to coordinate action in improving cyber security. The government has played a relatively limited role, developing standards for industry and, more recently, distributing education materials to schools and civic organizations, but most of the focus has been on business security.
“The public health community has been very successful in identifying, monitoring, and reducing the health impacts of many types of threats,” said Brent Rowe, a senior economist at RTI and the paper’s lead author. “Given the many similarities between public health and cyber security, the cyber security community would be wise to leverage relevant public health strategies and analysis techniques.”
The paper takes a detailed look at public health frameworks that can be used to identify and describe specific cyber security threats and potential solutions.
According to the authors, some of the key lessons from the public health community include:
- Introduce potential solutions to individuals in a way that establishes a measure of trust
- Provide solutions in a convenient and attractive framework (individuals will not engage if participation is difficult, expensive or inconvenient)
- Communicate the nature of threats and interventions to a wide variety of audiences
- Involve multiple organizations (government and nongovernment) in responding to a threat or set of threats
- Consider the unpredictability of individual behavior
“Although the idea of organizing the community of cyber security stakeholders similar to the complexity and scale of public health is daunting, public health research, implementation, and evaluation strategies offer a wealth of well-tested approaches that could be easily leveraged to study cyber security topics, such as how to better understand cyber security risk preferences,” said Michael Halpern, Ph.D., a senior public health researcher and an RTI Senior Fellow.