Online Safety and the Relationship with Cybersecurity

 Introduction

This post will give an overview of the relationship between online safety and cybersecurity. This will hopefully give an idea of how they work together, their differences and how they both complement each other. Online safety refers to the act of staying safe online. It is also commonly known as internet safety, e-safety and cyber safety. It encompasses all technological devices which have access to the internet from PCs and laptops to smartphones and tablets. Being safe online means individuals are protecting themselves and others from online harms and risks which may jeopardise their personal information, lead to unsafe communications or even affect their mental health and wellbeing.


In English, we have different words for safety and security. With their use and meaning often being used for different contexts. Though depending on the context 'safety' in English can mean to be secure or 'security' referring to being safe. Though in French for example they use the same word for both 'sécurité' so the meaning is context dependant. But at times this may cause issues when you are discussing problems that overlap or convey requirements to be met in different countries. Which when it comes to standards writing can at times causes issues even though the vast majority of standards documents are written and published in English the contributors are often drawn from different countries so will not necessarily have English as a first language. So agreeing to text which everyone is happy on meaning and context can sometimes take a while. 


Safety and security are terms that are associated with the protection of a person, organisation, and assets against external threats or incidents that are likely to cause harm. Security is generally focused on ensuring that external factors do not cause trouble or unwelcome situation to the organisation, individuals, and assets. While safety is the feeling of being protected from the factors that cause harm. A key difference is that the feeling of being safe is often an emotional aspect while security has to do with the physical aspect. An individual feels safe when they are embraced by their loved ones which means that their emotional safety has been taken care of. On the other hand, the aspect of security comes with physical aspects like tall walls that are protecting an individual from external threats. It is important to note that security is mostly an external affair while safety is an internal aspect. People looking for security ensure that they are highly protected against external factors that are likely to harm them. On the other hand, an individual within the organisation might cause the essence of lacking safety or a party might make themselves not feel safe. The other notable difference between security and safety is that security is the protection against deliberate threats while safety is the aspect of being secure against unintended threats. People and assets are usually protected against deliberate threats that are caused by malicious actors who have the intention to sabotage the operations of the company, steal resources of the organisation, or harm an individual. On the other hand, the safety of a person is mostly installed so that they can be protected against unintended accidents. For example, individuals are required to wear safety clothing in an organisation that deals with chemicals so that they can be protected against accidents.


Often when discussing online safety it mainly focuses on individuals own choices but it is equally to companies implementing online safety measures for their customers and how those same companies protect their employees. 


Resources and Guides

For looking up and reading about examples of online safety and cybersecurity resources from the UK NCSC and Gov.UK Online safety are a couple of good places to start. Other resources are available. 


Shopping online securely (https://www.ncsc.gov.uk/guidance/shopping-online-securely)

This gives advice on best practise on being aware of how to stay off but also explains what type of cybersecurity steps you should take along with advice if something goes wrong. 


Online gaming for families and individuals (https://www.ncsc.gov.uk/guidance/online-gaming-for-families-and-individuals)

This gives advice on best practises on securing devices, account protection, privacy protection and reminding why it is usefully best to official stores or sources. Also, it provides resources on protecting younger players from cyberbullying, excessive time spent playing games, to unscrupulous game designs which encourage children to pay for content.


Online Safety - Guidance and Regulation (https://www.gov.uk/search/guidance-and-regulation?page=1&parent=%2Fsociety-and-culture%2Fonline-safety&topic=ecc8978c-cc6b-463e-a3d5-d5428c3e9f7d)


While more geared to organisations than individuals there is useful information and guidance to be found for online safety though some of it does cover dark topics so would recommend taking time to read through it. 


Overlap between Safety and Security

 Access control 

Access control could be considered the main overlap since it is about preventing unauthorised access from a malicious actor from causing harm. For example in preventing cyberbullying or harassment systems that block malicious actors and limits their ability to regain access through alternative personas prevents them from causing harm. 


Behaviour and awareness 


In cybersecurity, this would fall under the area of human factors and in online safety, it is about educating people. It is vital in ensuring consumers know how to stay safe online but often involves understanding what types of cybersecurity steps they should also take. Along with recognising different types of cyberattacks. This also applies to employees within companies as humans are often described as the weakest link in cybersecurity so measures which ensure awareness and secure behaviour are essential.


Design 

The principles of 'Secure by design/default' which embeds cybersecurity from the start within a product or service instead of adding it onto them near or at the end of the design process is key to ensuring its vulnerabilities can be minimised from the start of a product or services life cycle. By ensuring vulnerabilities are minimised can make it difficult for malicious actors to exploit a device or service to the user thus keeping them safe from potential harm.


Implementation

The motivation to ensure and improve online safety is being pushed in new and upcoming laws and regulations. For example in the UK the draft 'Online Safety Bill' but other countries are looking at similar legislation but there have different motivations and goals concerning online safety simply due to different cultural views of what safety means. 

Though if individuals and companies are already following best cybersecurity and privacy best practices they will all already go a long to ensuring online safety. But they are not an excuse to ignore online safety as assuming you will follow 'A' you also cover 'B' doesn't always work. 

There is potential in how standards bodies provide support and guidance for online safety but it is not necessarily always a technical problem. Online safety tends to be more education and awareness problem so would fall under human factors. Though ETSI TC Cyber group on their long term Roadmap have Usability and User behaviour so online safety is within their area of work. 


Conclusion

Hopefully, an interesting read as a whole I think we are slowly moving forward in continuously improving online safety though it is not necessarily a smooth road as with most things concerning safety it often takes a serious incident or disaster for change to happen. Though upcoming laws and regulations from EC/EU aim to raise the standard of cybersecurity as a whole which should hopefully translate to better online safety. 

Sources

https://nationalonlinesafety.com/wakeupwednesday/what-is-online-safety 

http://www.differencebetween.net/language/words-language/difference-between-safety-and-security/

https://www.ncsc.gov.uk/guidance/shopping-online-securely

https://www.ncsc.gov.uk/guidance/online-gaming-for-families-and-individuals

https://www.gov.uk/search/guidance-and-regulation?page=1&parent=%2Fsociety-and-culture%2Fonline-safety&topic=ecc8978c-cc6b-463e-a3d5-d5428c3e9f7d


Comments

Post a Comment

Popular posts

Balancing functionality, usability and security in design

Image
Introduction When designing new devices or applications there is a requirement nowadays to consider there functionality, usability and security. While there has been a push through secure-by-design guidelines for security to be built-in from the beginning there are still gaps in implementation and part of these gaps are design considerations of functionality and usability. Part of this that doing security well is hard work, but it should never block useful functionality for the user. Ideally, when security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. Though achieving this balance is admittedly not straightforward. This blog post will aim to look at this triad and how they can be balanced and not compromise each other. Defining the Triad in design A triangle can be used to help explain the relationship between the concepts of security, functionality and ea
Read more

Personal Interest - Unbuilt fleets of the Royal Navy

Image
Introduction Throughout the 20th Century the Royal Navy designed and examined different types of fleets that were never realised either due to budget constraints, arms treaties or the changing nature of war. These are only a few examples of the different types of unbuilt fleets. Some of these had prototypes built and tasted for the Royal Navy which would serve as technological testbeds. Images and info from secret projects forum, shipbucket, popular mechanics/science and naval-matters. Washington Naval Treaty (WNT) The  Washington Naval Treaty  was a treaty signed during 1922 among the major nations that had won  World War I , which agreed to prevent an  arms race  by limiting naval construction. It was negotiated at the  Washington Naval Conference , held in  Washington, D.C. , from November 1921 to February 1922, and it was signed by the governments of the United Kingdom, the United States, France, Italy, and Japan. It limited the construction of  battleships ,  battlecruisers
Read more

Personal Interest - RAF Unbuilt Projects

Image
  Introduction This blog post looks at the different groups of cancelled RAF projects. It will focus on the 50s, 60s, 90s/00s and a brief look at hypersonic research projects. While these projects were often cut or cancelled for budget or austerity reasons, they were also pushed by the changing nature of warfare firstly from conventional style WW2 warfare to the predicated quick, short scale nuclear war which was expected from 1947 to 1989. Later from the 90s and into the 21st Century a change from state on state conflict to facing insurgencies, counter-terrorism and peacekeeping missions again led to a change in how wars are fought. Though the work and research done on these projects would rarely go to waste with it being used and applied in other projects and works even if sometimes it could take another ten or twenty years before anything operational came of that work. There won't be large amounts of text explaining or exploring the designs there are far better sources for th
Read more