Cybersecurity: The Human Dynamic

Uploaded on 2016-07-25 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Rogers speaking to a group of USN sailors at the Center for Information Dominance 

In his speech to the US National Press Club the Director of the National Security Agency (NSA) Adm. Michael Rogers reminded his audience of the most critical, and challenging, aspect of all cyber operations. While the technical elements are important, he said, “Never, ever forget the human dynamic.”

Since taking the comined jobs of director of the NSA, chief of the Central Security Service and commander of US Cyber Command in April 2014,

Rogers has been in the unenviable position of leading the institutions tasked with protecting our nation’s data and networks at a time when threats have been growing, budgets have been shrinking and incidents ranging from Snowden to the Office of Personnel Management hack continue to chip away at the public’s trust.

To succeed in cyberspace, whether as part of a CYBERCOM’s offensive or an NSA information assurance mission, Rogers reminds his teams, “Don’t forget that at the end, you're dealing with a choice that some human made on a keyboard somewhere.”

Those humans can be divided into three segments: protectors, adversaries and end users. But that’s where the simplicity ends.

The protectors, or, more formally, members of the Cyber Mission Force, are already being deployed despite incomplete teams. You would never send out a fighter squadron with five out of 24 planes, Rogers said, but we’re doing just that for cyber teams because of growing, urgent demands for technical capability and expertise. Full operational capability is expected by Sept. 30, 2018.

It almost feels like NSA is becoming the Federal Emergency Management Agency of the cyber world, he joked.

“If you had told me that as a military leader, that as the director of the NSA, I would be involved in protecting a motion picture company, I would have told you, ‘Boy, I don’t think that’s going to come up,’” he said, referring to the Sony hack in 2014. “I failed to anticipate that one miserably.”

Those adversaries were linked to North Korea, but it’s not always that simple. In February, NASA was hacked by a group called AnonSec. The breach was fairly inconsequential, but the motive behind the attack—which seems to little more than “because we could”—represents the challenge of today’s shifting threat landscape.

“This is the one mission set I can think of,” Rogers said, “where every single user out there is both a potential point of advantage and a potential point of vulnerability.”

Therein lies the biggest challenge. When it comes to our nation’s networks, the largest threat to security isn’t the technology; it’s the people who use it.

“We don't give weapons to everyone in the [Defense Department],” Rogers said, but we do give them a keyboard. “You may have the greatest technical solution in the world about how you defend a system, [but] bad user behavior, bad choices, start to make your defensive abilities really challenging.”

That’s exactly what happened to the Justice Department earlier this year, when a hacktivist gained access to thousands of records after simply calling the help desk.

While the exact numbers depend on whom you ask, experts agree a majority of information security breaches are the results of sometimes malicious, but usually inadvertent, insider actions. Strong leadership helps, Rogers said, but ultimately, “it’s about making sure … individual users understand that their choices have broader impact.”

NextGov:

« Criminals Invent Clever New Way To Plant Banking Malware
Cloud Video Architecture Improves Emergency Services Response »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Phoenix TS

Phoenix TS

Phoenix TS offers world-class management, computer, and IT security certification training courses.

F5 Networks

F5 Networks

F5 products ensure that network applications are always secure and perform the way they should—anywhere, any time, and on any device.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud-based, PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

CyberPilot

CyberPilot

CyberPilot ApS is a Danish cybersecurity company. We work with all types of companies and organisations, both large and small, who want to achieve effective cybersecurity.

CyberVista

CyberVista

CyberVista is a cybersecurity training education and workforce development company. Our mission is to eliminate the skills gap by creating job ready professionals.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

NSO Group

NSO Group

NSO Group develops technology that enables government intelligence and law enforcement agencies to prevent and investigate terrorism and crime.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

Truly Secure

Truly Secure

Truly Secure is an IT Service Provider that ensures greater efficiency and security within a company's technological environment.

Siren

Siren

Siren provides the leading Investigative Intelligence Platform to some of the world’s leading Law Enforcement, National Security and Cyber threat investigators.

Cyber Qubits

Cyber Qubits

Cyber Qubits is a cybersecurity training and consulting company focused on developing the next generation of cybersecurity professionals.

Softanics

Softanics

Softanics’ ArmDot protects .NET apps with advanced obfuscation, control flow protection, and virtualization, securing code against reverse engineering without requiring agents or environment changes.

Decent Cybersecurity

Decent Cybersecurity

Decent Cybersecurity is a forerunner and proven partner in the field of cybersecurity, utilizing AI, post-quantum cryptography and quantum resistant blockchain for data protection enhancement.

Element

Element

Element is a new type of communications platform. It combines consumer messaging apps, collaboration tools and video conferencing to replace email, address shadow IT and improve security.