Cybersecurity: The Human Dynamic

Uploaded on 2016-07-25 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Rogers speaking to a group of USN sailors at the Center for Information Dominance 

In his speech to the US National Press Club the Director of the National Security Agency (NSA) Adm. Michael Rogers reminded his audience of the most critical, and challenging, aspect of all cyber operations. While the technical elements are important, he said, “Never, ever forget the human dynamic.”

Since taking the comined jobs of director of the NSA, chief of the Central Security Service and commander of US Cyber Command in April 2014,

Rogers has been in the unenviable position of leading the institutions tasked with protecting our nation’s data and networks at a time when threats have been growing, budgets have been shrinking and incidents ranging from Snowden to the Office of Personnel Management hack continue to chip away at the public’s trust.

To succeed in cyberspace, whether as part of a CYBERCOM’s offensive or an NSA information assurance mission, Rogers reminds his teams, “Don’t forget that at the end, you're dealing with a choice that some human made on a keyboard somewhere.”

Those humans can be divided into three segments: protectors, adversaries and end users. But that’s where the simplicity ends.

The protectors, or, more formally, members of the Cyber Mission Force, are already being deployed despite incomplete teams. You would never send out a fighter squadron with five out of 24 planes, Rogers said, but we’re doing just that for cyber teams because of growing, urgent demands for technical capability and expertise. Full operational capability is expected by Sept. 30, 2018.

It almost feels like NSA is becoming the Federal Emergency Management Agency of the cyber world, he joked.

“If you had told me that as a military leader, that as the director of the NSA, I would be involved in protecting a motion picture company, I would have told you, ‘Boy, I don’t think that’s going to come up,’” he said, referring to the Sony hack in 2014. “I failed to anticipate that one miserably.”

Those adversaries were linked to North Korea, but it’s not always that simple. In February, NASA was hacked by a group called AnonSec. The breach was fairly inconsequential, but the motive behind the attack—which seems to little more than “because we could”—represents the challenge of today’s shifting threat landscape.

“This is the one mission set I can think of,” Rogers said, “where every single user out there is both a potential point of advantage and a potential point of vulnerability.”

Therein lies the biggest challenge. When it comes to our nation’s networks, the largest threat to security isn’t the technology; it’s the people who use it.

“We don't give weapons to everyone in the [Defense Department],” Rogers said, but we do give them a keyboard. “You may have the greatest technical solution in the world about how you defend a system, [but] bad user behavior, bad choices, start to make your defensive abilities really challenging.”

That’s exactly what happened to the Justice Department earlier this year, when a hacktivist gained access to thousands of records after simply calling the help desk.

While the exact numbers depend on whom you ask, experts agree a majority of information security breaches are the results of sometimes malicious, but usually inadvertent, insider actions. Strong leadership helps, Rogers said, but ultimately, “it’s about making sure … individual users understand that their choices have broader impact.”

NextGov:

« Criminals Invent Clever New Way To Plant Banking Malware
Cloud Video Architecture Improves Emergency Services Response »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Phy-Cy.X Security Group

Phy-Cy.X Security Group

Phy-Cy.X specialize in the “Physics” of Information Security through both physical and cyber domains. We are not an IT company, we ARE an Information Security company.

SecureDrives

SecureDrives

Passwordless Authentication & Encrypted Data Storage Solutions from SecureDrives. We are enabling organisations to work safely and securely, using technology driven solutions.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Pathway Communications

Pathway Communications

Established in 1995, Pathway Communications – is part of the Pathway Group of Companies, a Canadian IT Managed Services organization.

ORS Consulting

ORS Consulting

ORS Consulting is a specialist provider of risk management advisory services supporting asset-intensive industries such as chemicals, energy, power and utilities, defence and maritime.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

Sekoia.io

Sekoia.io

Sekoia.io is a European cybersecurity company whose mission is to develop the best protection capabilities against cyber-attacks.

Surf Security

Surf Security

SURF Security has transformed the browser into your strongest security asset while providing complete end-user privacy – all with full compliance.

Cybersecurity Agency of Catalonia - Spain

Cybersecurity Agency of Catalonia - Spain

Cybersecurity Agency of Catalonia is responsible for implementing public policies in the field of cybersecurity and developing the cybersecurity strategy of the Generalitat de Catalunya.

Octane

Octane

Octane is an AI cybersecurity startup using machine learning to identify and fix vulnerabilities in blockchain codebases.