Everything we know about cyber-security we learned on YouTube.
Not exactly, but a video contest for college students tapped the current YouTube zeitgeist in an attempt to move the needle in the long, hard slog that is cyber-security awareness.
A pair of videos took top honors in the "30 Second Public Service Announcement" genre of the 2007 Computer Security Awareness Video Contest, conducted by the EDUCAUSE/Internet2 Computer and Network Security Task Force, the National Cyber Security Alliance and the ResearchChannel.
The silver award recognized a subtly sardonic PSA, Whoa, That's Awkward, by a Dartmouth College student featuring a hapless library patron whose laptop is overtaken by an endless sequence of embarrassing malware ads. The gold went to a more serious and stylized University of Delaware student entry called Avoid Infection. The video played on the metaphor of organic infections in a manner reminiscent of the ominous black-and-white films schools once played in health class.
The videos are on message with the allied but officially unrelated National Cyber Security Awareness month - turning on firewalls, turning off computers when not in use and keeping anti-viral software updated in between. The videos may be the bright light in the fourth annual month of cyber-security awareness.
For proof that such messages still have not penetrated organizations that should know better, look no further than a July 2007 memo to federal government agencies from the Office of Management and Budget called the Top Ten Risks Impeding the Adequate Protection of Government Information.
In it, E-Government and Information Technology Administrator Karen Evans itemizes common mistakes, including inadequate IT controls. The first in the list encapsulates the other nine in a single, simple sentence - "Security and privacy training is inadequate and poorly aligned" - which brings us back to national awareness month.
Awareness campaigns have a certain truthiness to them, insofar as they project what we wish were true despite what appears to be a purposeful ignorance, or as The Colbert Report's The Word might conjure it: "awarelessness."
If awareness were going to work, it would have worked by now. It's just a hunch, but the people and organizations refreshing their cyber-security initiatives this month are likely the same ones that made a point of reviewing their preparedness contingencies during National Readiness Month last month.
Volunteer efforts only get so far. Absent incentives for good behavior or sanctions against bad behavior, all the safe computing messages in the world will be lost on people who prefer the freedom of computing naked.
Our collective "awarelessness" suggests that we don't have four years of cyber-security awareness, we have one year of awareness four times.
Links to the winning awareness videos are available at the Web site.