Abstract

[...]rather than viewing the consumer as the passive recipient of protection, the model treats the consumer as one of the stakeholders in the information society that has shared responsibilities to take measures that promote the health and good functioning of the Internet as a global resource. [...]the consumer protection model with respect to general cyber security continues to be based on a vertical relationship between government and consumers, where government focuses on equipping consumers to be savvy about cyber security, but actually requires very little of consumers. [...]when we juxtapose key features of several countries' cyber security strategies with the expectations imposed on individual consumers, we find that the consumer protection models at work are patronizing or, in some cases, dismissive of the ability of individuals to make a real difference in cyber security. According to the Singaporean Strategy, the Singapore Police Force's Public Cyber-Outreach & Resilience Programme uses behavioral nudges to encourage the public to adopt good cyber hygiene.47 Singapore's National Cybercrime Action Plan, adopted in 2017, specifically identifies prevention as one of its four key principles; educating the public and boosting awareness of good cyber hygiene form a core part of the prevention principle.48 Cyber hygiene is thus a central part of the conversation about cyber security in Singapore. According to a joint statement issued by the EC and the High Representative of the European Union for Foreign Affairs and Security policy, certification schemes "could be used to signal that the products are built using state of the art secure development methods, that they have undergone adequate security testing, and that the vendors have committed to update their software in the event of newly discovered vulnerabilities or threats.