Cybersecurity: The Human Dynamic

Rogers speaking to a group of USN sailors at the Center for Information Dominance 

In his speech to the US National Press Club the Director of the National Security Agency (NSA) Adm. Michael Rogers reminded his audience of the most critical, and challenging, aspect of all cyber operations. While the technical elements are important, he said, “Never, ever forget the human dynamic.”

Since taking the comined jobs of director of the NSA, chief of the Central Security Service and commander of US Cyber Command in April 2014,

Rogers has been in the unenviable position of leading the institutions tasked with protecting our nation’s data and networks at a time when threats have been growing, budgets have been shrinking and incidents ranging from Snowden to the Office of Personnel Management hack continue to chip away at the public’s trust.

To succeed in cyberspace, whether as part of a CYBERCOM’s offensive or an NSA information assurance mission, Rogers reminds his teams, “Don’t forget that at the end, you're dealing with a choice that some human made on a keyboard somewhere.”

Those humans can be divided into three segments: protectors, adversaries and end users. But that’s where the simplicity ends.

The protectors, or, more formally, members of the Cyber Mission Force, are already being deployed despite incomplete teams. You would never send out a fighter squadron with five out of 24 planes, Rogers said, but we’re doing just that for cyber teams because of growing, urgent demands for technical capability and expertise. Full operational capability is expected by Sept. 30, 2018.

It almost feels like NSA is becoming the Federal Emergency Management Agency of the cyber world, he joked.

“If you had told me that as a military leader, that as the director of the NSA, I would be involved in protecting a motion picture company, I would have told you, ‘Boy, I don’t think that’s going to come up,’” he said, referring to the Sony hack in 2014. “I failed to anticipate that one miserably.”

Those adversaries were linked to North Korea, but it’s not always that simple. In February, NASA was hacked by a group called AnonSec. The breach was fairly inconsequential, but the motive behind the attack—which seems to little more than “because we could”—represents the challenge of today’s shifting threat landscape.

“This is the one mission set I can think of,” Rogers said, “where every single user out there is both a potential point of advantage and a potential point of vulnerability.”

Therein lies the biggest challenge. When it comes to our nation’s networks, the largest threat to security isn’t the technology; it’s the people who use it.

“We don't give weapons to everyone in the [Defense Department],” Rogers said, but we do give them a keyboard. “You may have the greatest technical solution in the world about how you defend a system, [but] bad user behavior, bad choices, start to make your defensive abilities really challenging.”

That’s exactly what happened to the Justice Department earlier this year, when a hacktivist gained access to thousands of records after simply calling the help desk.

While the exact numbers depend on whom you ask, experts agree a majority of information security breaches are the results of sometimes malicious, but usually inadvertent, insider actions. Strong leadership helps, Rogers said, but ultimately, “it’s about making sure … individual users understand that their choices have broader impact.”

NextGov:

« Criminals Invent Clever New Way To Plant Banking Malware
Cloud Video Architecture Improves Emergency Services Response »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

SWEDAC is the national accreditation body for Sweden. The directory of members provides details of organisations offering certification services for ISO 27001.

Securis

Securis

Securis provides organizations and agencies with the highest level of professional, ultra-secure data destruction and IT recycling.

US-Africa Cybersecurity Group (USAFCG)

US-Africa Cybersecurity Group (USAFCG)

USAFCG provides cybersecurity consulting services and delivers training programs for capacity building in Africa.

Kainos

Kainos

Kainos is a leading provider of Digital Services and Platforms. Our services include Digital Transformation, Cyber Security, Cloud, AI, IoT and more.

MorganFranklin Consulting

MorganFranklin Consulting

MorganFranklin Consulting is a management advisory firm that works with businesses and government to address complex and transformational technology and business objectives including cybersecurity.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.