author photo
By SecureWorld News Team
Tue | Oct 1, 2019 | 3:45 AM PDT

When National Cybersecurity Awareness Month (NCSAM) started in 2004, there were a lot of other milestones happening.

Ken Jennings won 74 games and $2.5 million on Jeopardy.

The Boston Red Sox broke the "Curse of the Bambino" by winning their first World Series since 1918.

And Verizon was attempting to wire every home in Pennsylvania with 45Mbps of internet access.

Now, the Red Sox have won three more titles, Ken Jenning's record has been topped, and do we need to say anything about the dream of 45Mbps connection speeds?

What has endured since 2004? The National Cybersecurity Awareness Month has endured, and it is more relevant and timely than ever before.

Here's a look at the history of NCSAM.

Who started National Cybersecurity Awareness Month?

National Cybersecurity Awareness Month (NCSAM) was launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in October 2004 as a broad effort to help all Americans become safer and more secure online.

"When NCSAM first began, the awareness efforts centered around advice like updating your antivirus software twice a year to mirror similar efforts around changing batteries in smoke alarms during daylight saving time," says the NCSA.

Why was National Cybersecurity Awareness Month started?

If you consider the chance for thunderstorms at your house, there are a lot of days where the possibility exists. However, a meteorologist will tell you it often takes a triggering event to activate the atmosphere and get the storms going.

And when it comes to the start of National Cybersecurity Awareness Month, Chinese cyberattacks may have been the triggering event.

James R. Lint, at the American Military University, wrote about this when he was a faculty member in the School of Business:

One of the best and earliest articles describing the events that pushed the formation of NCSAM was Nathan Thornburgh's 2005 Time Magazine article. This article, "Inside the Chinese Hack Attack," was an early and unclassified view of Titan Rain, a designation that the U.S. government gave to a series of coordinated attacks on American computer systems starting in 2003.

In his article, Thornburgh states: "Hackers breaking into official U.S. networks are not just using Chinese systems as a launch pad, but are based in China. Their story: Sometime on November 1st, 2004, hackers sat down at computers in southern China and set off once again on their daily hunt for U.S. secrets. Since 2003, the group had been conducting wide-ranging assaults on U.S. government targets to steal sensitive information, part of a massive cyberespionage ring that U.S. investigators have codenamed Titan Rain.

While some people think recent events of both Chinese and Russian hacking are new, they have a long history that caused the origin of NCSAM."

What has changed since the start of NCSAM?

The National Cyber Security Alliance spells out what has changed since the beginning of the event. A change in reach, urgency, and themes seem to top the list:

Since the combined efforts of NCSA and DHS have been taking place, the month has grown in reach and participation. Operated in many respects as a grassroots campaign, the month's effort has grown to include the participation of a multitude of industry participants that engage their customers, employees and the general public in awareness, as well college campuses, nonprofits and other groups.

Between 2009 and 2018, the month's theme was "Our Shared Responsibility." The theme reflected the role that we all—from large enterprises to individual computer users—have in securing the digital assets in their control.

In 2009, DHS Secretary Janet Napolitano launched NCSAM at an event in Washington, D.C., becoming the highest-ranking government official to participate in the month's activities. In subsequent years, leading administration officials from DHS, the White House and other agencies have regularly participated in events across the United States.

In 2010, the kickoff of National Cybersecurity Awareness Month also included the launch of the STOP. THINK. CONNECT. campaign. President Obama's proclamation for the month includes STOP. THINK. CONNECT. as the national cybersecurity education and awareness message.

Starting in 2011, NCSA and DHS developed the concept of weekly themes during the month. This idea was based on feedback from stakeholders that the many aspects of cybersecurity should be better articulated, making it easier for other groups to align with specific themes. Themes have included education, cybercrime, law enforcement, mobility, critical infrastructure and small and medium-sized businesses.

Following wide success of the "shared responsibility" theme in years past, the Cybersecurity and Infrastructure Security Agency (CISA) and NCSA are shifting strategic focus. Driven through mass public engagement, the "Own IT. Secure. IT. Protect IT." theme, accompanied by clear and simple calls to action, will help to encourage personal accountability and proactive behavior in security best practices, digital privacy and draw attention to careers in cybersecurity.

What is next for the National Cybersecurity Awareness Month?

If we had a really good crystal ball, we'd play the lotto, and make specific predictions of what's next for NCSAM. 

However, our SecureWorld team feels confident in one thing. We've watched an increasing number of security leaders at our regional cybersecurity conferences become the "first" at their organizations.

The first-named VP of InfoSec, the first-named Director of Cybersecurity, the first-named Security Awareness Manager, and so on.

And as the leaders we serve continue to rise in prominence, along with the challenge of cybersecurity, we are confident that National Cyber Security Awareness Month will continue to grow in prominence, as well.

[RESOURCE: 2019 NCSAM theme and resources]