The Human Threat
From the following article from Harvard Business Review:
https://hbr.org/2015/09/cybersecuritys-human-factor-lessons-from-the-pentagon (Links to an external site.)
Summarize the article using a paragraph-length summary (100-300 words) using this structure: https://newcollege.asu.edu/writing-program/guide/giving-your-readers-the-gist to an external site.
Write a 300-500 word analysis of the challenges described in the article, and how you believe the DOD has changed or accelerated IT infrastructure or cybersecurity plans or how trends in the private sector have been updated since it was written. Show your research. Give examples and provide your assessment.
Critical analysis guidance: https://newcollege.asu.edu/writing-program/guide/reading-as-inquiry-exercises to an external site.
Use APA format for this submission.
Compile your findings into a single MS Word or PDF document for submission. Use TIMES NEW ROMAN 12-point font. Your document should contain:
Your First and Last Name
Name of the Lab
Your brief summary
Your proof of research
Brief Summary of the Article, “Cybersecurity’s Human Factor: Lessons from the Pentagon”
Since 2009, the United States military has been prompted to upgrade its technologies in the entire military domain to protect itself from the numerous cyber attacks posed to its systems (Winnefold et al., 2015). Through the U.S Cyber Command, the military systems would receive sophisticated sensors, analytics and consolidated security stacks, suites of equipment that carry out various functions to provide greater visibility of the systems. Nevertheless, even with the major upgrades made, the risk of human error has consistently been a threat to the military’s systems. Companies in the digital world must address the risk of human error since the malicious attackers are always looking to exploit the possibility of human beings making a mistake as they interact with the systems; hence the former obtains the entry points to carry out their cyber attacks.
To this effect, the article recommends that organizations need to create “High-Reliability organizations (HROs)” by building an exceptional culture of high performance that consistently minimizes risk (Winnefold, 2015). Mitigating the human threat will entail changing the organization’s ethos culture and specifically how they structure themselves, train themselves, and apply the operation concepts. The development of a HERO is guided by six interconnected principles that could aid the military and other companies to weed out and contain the repercussions from human error. These principles are integrity, the depth of knowledge, procedural compliance, forceful backup, the questioning attitude and formalities in communication. The author asserts that it would be easier for organizations to create a rule-bound culture and operating approaches to increase the quality, safety and equal opportunity from the information systems. Regardless of the dynamics of an organization, the respective leaders could look into several measures that embed the six principles in the daily routine of the system users.
Individual Analysis On the Challenges and Proof of Research
This article primarily concentrated on the human error threat that affects military networks. Human users have been considered the weakest link to attaining the highest levels of cyber security. With various examples provided, such as the Islamic Static taking control in the U.S Central Command’s Twitter, the research indicates that it talkies only one user making a deliberate or non-deliberate action or inaction for the malicious attackers to find an entry point into the systems which allows them to carry out their cyber attacks on their systems. Human errors compromise the systems even in the most basic measures such as dual-factor authentication or failing to protect their physical devices.
The human error challenge affects both IT professionals and the wider workforce. Numerous cyberattacks are preventable by patching the known vulnerabilities and ensuring the appropriate setup of the security configurations. However, it is prudent to realize that people also matter regarding cybersecurity. Technology will provide system users with a false sense of security, especially when the human users are not equipped with substantial knowledge and skills to combat the possibility of them making mistakes as they interact with the systems.
With an understanding that people also matter in cyber security, the next challenge is determining how they will be equipped appropriately to mitigate the possibilities of them making mistakes. One of them is how hard it is to cultivate a security-first culture within an organization. The human users must engage in extensive training that will change their questioning attitudes towards the change in the organization’s ethos and culture. As the author of the article, human errors occur due to violating either of the six principles required to attain a highly reliable organization. The primary challenge is finding measures that ensure the organization’s environment upholds the principles and pushes them towards greater cyber security levels.
The Department of Defense implemented its cyber security strategy to mitigate the numerous cyber threats that its digital systems constantly face (Eversden, 2021). Through the Cyber Command, this strategy consists of having cyber protection teams to carry out their defensive operations, having combat mission teams that deal with the cyber operations on behalf of the combatant commands within the offensive sphere, the cyber support intelligence teams that deal with provisioning intelligence, mission planning and providing other necessary support needed. These teams work in conjunction with the cyber security technical measures to create the DoD secure and reliable cyberspace that has protected the important freedoms, privacy and the free flow of information. The country’s ability to utilize cyberspace for fast communication and information sharing has been fundamental in supporting the DoD’s missions. Additionally, its depth of knowledge within the global ICT sector which encompasses cyber security expertise would give the Department a strategic advantage in cyberspace.
Subsequently, the progress that the DoD has attained in cyberspace would be influential in building and leveraging the technological prowess of the private sector. The latter players have made considerable investments in their people, research and technology (The Department Of Defense Strategy For Operating In Cyberspace, 2011). Considering that the DoD has embraced the entrepreneurship spirit and partnerships with the private sector, the private sector will obtain extensive insights into improving their communities and institutions due to better cybersecurity activities. One of the goals of DoD in the cybersecurity strategy has been improving partnerships with allies and industry so that they could all benefit from the positive synergies in the processes and technologies and intellectual capital (Department of Defense, n.d.). This would be evident through the Information Technology Exchange Program that has expanded to different government civilians working in the private sector and other industry participants participating in the GoD billets. Through these partnerships, the involved platers allow information sharing and enhance collaboration in simplifying the readiness of their cyber environments and capabilities.
These collaborations between the DoD and the private sector would have the US government increasingly acknowledge the growing cyber threats and the attendant risks to the private sector. The awareness would yield to government policies, regulations and legislations in conjunction with the creation of dedicated institutions and initiatives for protecting cyberspace in the entire nation, among their citizens and their economies from being exploited by malicious parties (Levite et al., 2018). The sophisticated players in the private sector have established and expanded their cyber threat intelligence operations and respective practices by using the cyber security strategy of the DoD as an important guideline. These developments would help in protecting their networks, products and services. This protection has been extended to the entire supply chain and its consumers.
Nevertheless, the dynamics and the incentive structure that has shaped how cyberspace has been evolving has not left much room for optimism that the cyber risk situations will change for the better (Levite et al., 2018). This sobering evaluation has reflected an awareness of the motivations driving human and state actions in conjunction with the constant competition between attackers and defenders. The recent trends within the cyberattacks environment have suggested that the aggressors are directing their efforts on the human attack surfaces. These circumstances create cyber vulnerabilities that can be exploited and damaging in the information systems. The government authorities working in conjunction with the private sector will be very important in the cyber environment to mitigate the human error threat. It also works on technical security measures.
Department of Defense. (n.d.). Way Forward To Tomorrow’s Strategic Landscape. Retyrieved from https://dodcio.defense.gov/Portals/0/Documents/JIE/DoD%20IT%20Environment%20Way%20Forward%20-%20DISTRO%20(Aug%202016).pdf
Eversden, A. (2021, August 16). After years of flat cybersecurity budgets, DoD asks for more money and cyber mission force personnel. Retrieved from https://www.c4isrnet.com/cyber/2021/05/28/after-years-of-flat-cybersecurity-budgets-dod-asks-for-more-money-and-cyber-mission-force-personnel/
Levite, A., Kannry, S., & Hoffman, W. (2018, November 7). Addressing the private sector cybersecurity predicament: The indispensable role of insurance. Retrieved from https://carnegieendowment.org/2018/11/07/addressing-private-sector-cybersecurity-predicament-indispensable-role-of-insurance-pub-77622
The Department Of Defense Strategy For Operating In Cyberspace. (2011). Retrieved from https://csrc.nist.gov/CSRC/media/Projects/ISPAB/documents/DOD-Strategy-for-Operating-in-Cyberspace.pdf
Winnefeld, J. A., Kirchhoff, C., & Upton, D. M. (2015, September 1). Cybersecurity’s human factor: Lessons from the Pentagon. Retrieved from https://hbr.org/2015/09/cybersecuritys-human-factor-lessons-from-the-pentagon