Cybersecurity: The Human Dynamic

Rogers speaking to a group of USN sailors at the Center for Information Dominance 

In his speech to the US National Press Club the Director of the National Security Agency (NSA) Adm. Michael Rogers reminded his audience of the most critical, and challenging, aspect of all cyber operations. While the technical elements are important, he said, “Never, ever forget the human dynamic.”

Since taking the comined jobs of director of the NSA, chief of the Central Security Service and commander of US Cyber Command in April 2014,

Rogers has been in the unenviable position of leading the institutions tasked with protecting our nation’s data and networks at a time when threats have been growing, budgets have been shrinking and incidents ranging from Snowden to the Office of Personnel Management hack continue to chip away at the public’s trust.

To succeed in cyberspace, whether as part of a CYBERCOM’s offensive or an NSA information assurance mission, Rogers reminds his teams, “Don’t forget that at the end, you're dealing with a choice that some human made on a keyboard somewhere.”

Those humans can be divided into three segments: protectors, adversaries and end users. But that’s where the simplicity ends.

The protectors, or, more formally, members of the Cyber Mission Force, are already being deployed despite incomplete teams. You would never send out a fighter squadron with five out of 24 planes, Rogers said, but we’re doing just that for cyber teams because of growing, urgent demands for technical capability and expertise. Full operational capability is expected by Sept. 30, 2018.

It almost feels like NSA is becoming the Federal Emergency Management Agency of the cyber world, he joked.

“If you had told me that as a military leader, that as the director of the NSA, I would be involved in protecting a motion picture company, I would have told you, ‘Boy, I don’t think that’s going to come up,’” he said, referring to the Sony hack in 2014. “I failed to anticipate that one miserably.”

Those adversaries were linked to North Korea, but it’s not always that simple. In February, NASA was hacked by a group called AnonSec. The breach was fairly inconsequential, but the motive behind the attack—which seems to little more than “because we could”—represents the challenge of today’s shifting threat landscape.

“This is the one mission set I can think of,” Rogers said, “where every single user out there is both a potential point of advantage and a potential point of vulnerability.”

Therein lies the biggest challenge. When it comes to our nation’s networks, the largest threat to security isn’t the technology; it’s the people who use it.

“We don't give weapons to everyone in the [Defense Department],” Rogers said, but we do give them a keyboard. “You may have the greatest technical solution in the world about how you defend a system, [but] bad user behavior, bad choices, start to make your defensive abilities really challenging.”

That’s exactly what happened to the Justice Department earlier this year, when a hacktivist gained access to thousands of records after simply calling the help desk.

While the exact numbers depend on whom you ask, experts agree a majority of information security breaches are the results of sometimes malicious, but usually inadvertent, insider actions. Strong leadership helps, Rogers said, but ultimately, “it’s about making sure … individual users understand that their choices have broader impact.”

NextGov:

« Criminals Invent Clever New Way To Plant Banking Malware
Cloud Video Architecture Improves Emergency Services Response »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

F-Secure

F-Secure

F-Secure defends enterprises and consumers against everything from opportunistic ransomware infections to advanced cyber attacks.

Cyber Senate

Cyber Senate

Cyber Senate is dedicated to bringing Operators of Essential Services together with global subject matter experts to address the challenges of evolving cyber threats to critical infrastructure.

ReFoMa

ReFoMa

ReFoMa is a consultancy and advisory company with a focus on information Security.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

DataPassports

DataPassports

DataPassports is a data-centric security and privacy solution that enforces privacy and security from end-to-end with transparent protection of data at the source.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

Cyber Security Partners (CSP)

Cyber Security Partners (CSP)

Cyber Security Partners specialise in the provision of Cyber Security Consultancy, Data Protection and Certification and Compliance services.

SK Shieldus

SK Shieldus

SK shieldus are a converged security provider with business capabilities in both cybersecurity and physical security based on Big-Tech.

Aleo

Aleo

Aleo is building the world's leading developer platform for enabling absolute privacy on blockchains.

Blackpanda

Blackpanda

Blackpanda is Asia’s premier cyber security incident response group, hyper-focused on digital forensics and cyber crisis response.

Dutch Research Council (NWO)

Dutch Research Council (NWO)

The Dutch Research Council (NWO) is one of the most important science-funding bodies in the Netherlands and ensures quality and innovation in science.