One begins to wonder what it is the government knows about threats to our national and economic security in cyberspace that it’s not telling us. What more it knows, that is, than is already common currency or the stuff of paranoia.

Are there threats so specific as to be made worse by naming them, for example – so the government won’t? Or, as seems more likely, only murky and difficult-to-assess threats about which it knows little more?

Whichever it is, two recent government initiatives, from the White House and the Department of Homeland Security (DHS), helped ratchet up awareness of cybersecurity as a larger social issue, as an issue, indeed, of citizen responsibility.

Ask not what the Internet can do for you, but what you can do for the Internet.

First, it was the White House announcing availability of a reclassified version of the Obama administration's Comprehensive National Cybersecurity Initiative (CNCI), a blueprint for federal cybersecurity begun in 2008.

Then the DHS came forward with its intriguing call for ideas from the general public on how to get the word out about the importance of (and best practices around) cybersecurity. The government adopts crowdsourcing.

The lesson to be taken from the CNCI document is clear enough and directly targeted at enterprises: this is what we’re doing, you should be doing something similar.

One would hope that enterprises were already implementing the most germane and concrete of the measures outlined in the CNCI document.

Deploy enterprise-wide intrusion detection systems. Interconnect data centers to “enhance situational awareness.” Pay closer attention to supply chain risk-management in general, and specifically ensure that all connections to the wider Internet can be trusted as secure.

But who knows, maybe not.

Cyber security

The federal initiative includes 12 sub-initiatives, which you can read by following the link and downloading the document.

Some of the bullet points seem vague – for example, “Coordinate and redirect research and development efforts.” Um, how, to what end? Or, “Define and develop enduring deterrence strategies and programs.” Okay, roger that.

And some appear to have limited application in the enterprise. For example, “Develop and implement a government-wide cyber counterintelligence (CI) plan.” Or, “Define the Federal role for extending cybersecurity into critical infrastructure domains.”

But again, maybe not.

The publishing of the reclassified CNCI document was really a gesture, in line with the Obama administration’s commitment to transparency in government and underscoring its call for cooperation on cybersecurity across government and industry.

In announcing the release of the document at the RSA Conference, an annual symposium for cryptography and information security professionals held earlier this month in San Francisco,  White House Internet security adviser Howard A. Schmidt said, “We must all partner together to make sure cybersecurity is secure.”

We knew what he meant. (But seriously, do they teach them the art of redundancy when they enter government?)

Cyber attack

The DHS crowdsourcing initiative is also in keeping, in a way, with the notion of transparency in government – and a continuation of the Obama machine’s commitment to exploiting the Web and social media tools to galvanize citizens, while furthering its own objectives.

The National Cybersecurity Awareness Campaign Challenge ends April 30. The DHS is inviting submissions from anyone – as long as they can produce a document in Word format. (Note: it’s possible to do this without actually owning a copy of Microsoft Office, so the DHS is technically not shilling for Microsoft.)

The challenge? “The National Cybersecurity Awareness Campaign Challenge Competition is designed to solicit ideas from industry and individuals alike on how best we can clearly and comprehensively discuss cybersecurity with the American public.”

As with any request for submission or proposal, the DHS provides a list of specifications. Campaign plans must include mechanisms for quantifying distribution and receipt of messages, for example.

But they must also ensure privacy protection and cannot under any circumstance generate spam. So don’t bother suggesting the DHS subpoena e-mail addresses of every citizen and flood their mailboxes with alarmist messages about cybersecurity.

Rats.

They must be repeatable. So no demanding a two-minute slot at the next Super Bowl half-time show for a DHS dog-and-pony show on cybersecurity. (It does conjure images, though, doesn’t it? Wardrobe malfunction, anyone?)

Perhaps the most intriguing requirement is, “Use of Web 2.0 Technology.” So not only is the DHS using social media tools to source ideas for its cybersecurity education program, it’s also broadly hinting that successful entrants will find other ways to use such tools to achieve the department’s goals.

We’re guessing that simplistic suggestions, such as launching a cybersecurity wiki won’t cut it. A little too obvious. The United States Intelligence Community, whose various members are now heavily involved in cybersecurity, did this as far back as 2006 with its Intellipedia site. They’re all over wikis.

(Note, before you go haring off to check on Intellipedia: this is not an example of transparency in government – you need a .mil or .gov e-mail address to register to access the site.)

Ditto for suggestions the DHS set up a Facebook page or start tweeting about the need to keep virus software up-to-date.

But that’s the brilliant thing about crowdsourcing. It will inevitably elicit lots and lots of ideas, including, one hopes, some that are well-thought-out and original.

After the winner of the Challenge is announced at the end of May or beginning of June and the DHS begins to roll out its education campaign, it will be interesting to see what the content of that campaign, as opposed to its delivery mechanisms, will be.

Will the government help us better understand the need for cybersecurity? Or will it merely instruct us in how to shadow box a faceless cyber enemy?

 Gerry Blackwell is a freelance writer based in Canada. His cybersecurity column appears here month. Read last month's cyber security column here.