National Cyber Security Day is a well-kept secret

U.S. residents adjusting to the daylight savings time change will have to be forgiven for sleeping through much of National Cyber Security Day on Sunday. The semi-annual event passed with nary a mention, even as antivirus software companies warned customers of yet another virulent e-mail worm.

A spokesman for the National Cyber Security Alliance, a government-industry group that sponsors the event said the group is doing a good job of communicating with the public. However, the lack of fanfare on Sunday had at least one computer security expert wondering about the effectiveness of industry-led efforts to address cybersecurity and improve the security of the U.S.'s information technology infrastructure.

First held in 2002, the semi-annual National Cyber Security Days are coordinated with daylight savings in April and October in the U.S. and are intended to raise the public's awareness of cybersecurity issues and promote safe online practices, said Keith Nahigian, a spokesman for the alliance.

In the past, the group has planned major news and events to coincide with its Cyber Security Days. In October, the Alliance held a press conference to announce the award of a US$650,000 matching grant from the U.S. Department of Homeland Security (DHS) to fund a national advertising campaign promoting safe computing for Internet users and small business owners, Nahigian said.

However, no major news or initiatives were planned for Sunday, when the Alliance's "big deliverable" was an updated list of "security tips" for computer users, which was published on the www.staysafeonline.info Web page, Nahigian said.

That list, which offers oft-heard advice such as "don't open e-mail from unknown sources," "use (antivirus) software," and "back up your computer data" required multiple revisions and took "a lot of time" to complete, Nahigian said.

The group also released public service announcements for radio and worked with universities, including Rutgers in New Jersey and George Mason University in Virginia, to hold security education and awareness events, he said.

Asked about the school's involvement with Cyber Security Day, a spokeswoman for George Mason University cited an article dated March 26 from the school's student newspaper that said the school would hold a series of seminars on subjects like "Desktop Strategies to Secure Your Cyber Space" and "Filesharing: Music, Movies, Software--How to Avoid Being Subpoenaed," in coordination with National Cyber Security Day.

For the most part, the job of marking Cyber Security Day fell to alliance members such as Symantec Corp., America Online Inc. (AOL) and the U.S. Federal Trade Commission (FTC), Nahigian said.

"Individual (member) companies are doing stuff," he said, citing announcements from Symantec and AOL.

The FTC released a statement with the alliance and the Council of Better Business Bureaus on April 2, encouraging small businesses to perform semiannual security audits and providing its own security checklist, which was almost identical to the alliance's list.

A Symantec spokeswoman said that the company didn't do any promotions for Cyber Security Day. AOL did not respond to a request for comment.