On Tuesday, June 25, Ahmad Sultan—a past CLTC grantee and author of the report Improving Cybersecurity Awareness in Underserved Populations—appeared before a Congressional Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation hearing on “Cybersecurity Challenges for State and Local Governments: Assessing How the Federal Government Can Help.”
Sultan was invited to share the findings outlined in his CLTC white paper, which highlights how ‘underserved’ residents in San Francisco—including low-income residents, seniors, and foreign language speakers—face higher-than-average risks of being victims of cyber attacks. The report was adapted from Sultan’s Master’s thesis at UC Berkeley’s Goldman School of Public Policy, “Cybersecurity Awareness for the Underserved Population of San Francisco,” which was funded by CLTC and commissioned by the City and County of San Francisco’s Committee on Information Technology.
In his opening remarks, Rep. Bennie G. Thompson, Chairman of the Subcommittee, alluded to Sultan’s research. “While we talk a lot about how automation might impact the workforce, we talk less about how poor cyber hygiene and low tech literacy can present a real economic barrier to entry,” Thompson said. “Right now, studies show that the most vulnerable and underserved among us—low-income, immigrants, and elderly populations—are the most likely to fall victim to an online scam or click the wrong link. These mistakes can be costly, especially for someone on the margins, and negative experiences like these may also lead many to steer clear of important online services like online banking, health management tools, or even email.”
Sultan sat on a panel that also included Keisha Lance Bottoms, Mayor of Atlanta, who oversaw the city’s response to a major ransomware attack in March 2018; Thomas Duffy, Senior Vice President of Operations and Chair of the Multi-State ISAC, Center for Internet Security; and Mr. Frank J. Cilluffo, Director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University.
In his testimony, Sultan spoke of the need to “reconcile the macro with the micro, reconciling government’s attempts to enhance national security with the plight of individuals and their struggle to use digital devices to improve social mobility.” He added that “we are replicating the same gender- and race-based patterns of inequality online that the existing social structures around us enforce offline. This inequality in outcomes is a form of market failure that governments need to correct.”
Offering his recommendations for policymakers, Sultan drew upon a parallel to public health and called on the federal government to provide support for state and city governments. “We need to pursue a holistic approach, where cybersecurity concerns are addressed at a societal level much like public health issues,” he said. “Promoting cyber hygiene through trainings, public service initiatives, and public-private partnerships can lead to significant gains in the lives of underserved populations, while protecting businesses and government systems from cyber threats. But to achieve these games state and local governments will require financial support and guidance from the federal government. It is my hope that policymakers recognize the challenges ahead and rise to the occasion.”
Watch the video of the hearing above or on YouTube.