It's purpose, says the Cabinet Office, is "to change the way people view online safety and provide the public and businesses with the skills and knowledge they need to take control of their cyber security."
The website contains simple security advice built into an extended 'street' metaphor displayed as cartoons and video animations. For example, the way viruses spread is illustrated by a cartoon showing a lady catching a cold by hugging people in an office lift (elevator). The site contains advice on staying on the right side of the Data Protection Act, setting up secure WiFi, how to create a strong password and so on.
Security Minister James Brokenshire said, "The internet has radically changed the way we work and socialize. It has created a wealth of opportunities, but with these opportunities there are also threats. As a government we are taking the fight to cyber criminals wherever they are in the world.
"However, by taking a few simple steps while online the public can keep cyber criminals out and their information safe."
Welcomed by the Security Community
The campaign has been broadly welcomed by the security industry. It "is a great step towards helping SMEs combat the ever-present cyber security threat", commented Martin Sugden, CEO of Boldon James.
“We support any initiatives that focus on making individuals feel safe online”, said Neil Munroe, External Affairs Director for Equifax.
"As threats evolve and become more complex", says Ashish Patel, Regional Director at Stonesoft, "campaigns such as “Cyber Streetwise”, which embody the growing value placed on cross-industry and governmental collaboration within the security space, should go some way to ensuring the issue of cybercrime is taken more seriously by businesses."
But there is a hidden danger in this campaign. “This is an extremely useful resource for small business managers, who are often pressured for time and do not have access to internal expertise. Implementing all the areas highlighted will provide some basic protection against low-level threats and significantly reduce risk", comments Matt Palmer, a member of the ISACA Security Advisory Group. That is the point: the advice will provide 'some basic protection against low-level threats,' but it is being sold by the security minister as a way 'the public can keep cyber criminals out and their information safe.'
Not a Complete Solution
"It should be clearer", stresses Palmer, "that the good practices listed are a starting point for effective small business security, not a complete solution. The hidden danger in the government's Cyber Streetwise campaign is that security naive users will follow the advice and believe that they are secure when they are not.
That's not to say the campaign has no value at all. "Although Cyber Streetwise might seem a little cartoonish and simplistic for those of us hardened by years fighting online threats, it's probably a step in the right direction for many folks," security expert Graham Cluley told Infosecurity. The real issue is what the government does next. "In my view", he added, "the hard work is not so much in creating the site – but in promoting it and further educating users about online threats. That's going to cost a lot more cash to do properly than creating a website."
The problem for the security industry is that it cannot be seen to criticize and alienate government, which is generally any country's biggest security customer. Nevertheless, speaking anonymously for obvious reasons, one security expert told Infosecurity, "The site actually links to some useful resources (and others that are less useful, but are no doubt gratifying to its partners in the commercial world). However, wrapping it in a junior-school interface that the average 12-year-old would probably find patronizing is likely to alienate people and organizations that might actually find some of the content useful, if it had been better presented."
The anonymous source continued:"Its own advice is simplistic – the stuff on passwords makes me want to scream, and what about other methods of authentication? – but not always valueless. However, a simple menu system without the metaphor might well have been more efficient for browsing purposes, and there is no evidence that the resources cited have been critically evaluated with an eye to presenting a comprehensive educational resource. There is a need for a site that does what this one tries to do. It may be better than nothing. But I can't see that I'll be going out of my way to recommend it to anyone but my most technically challenged friends and relatives. Maybe. I'm sure GCHQ loves it."