Cybersecurity: The Human Dynamic

Rogers speaking to a group of USN sailors at the Center for Information Dominance 

In his speech to the US National Press Club the Director of the National Security Agency (NSA) Adm. Michael Rogers reminded his audience of the most critical, and challenging, aspect of all cyber operations. While the technical elements are important, he said, “Never, ever forget the human dynamic.”

Since taking the comined jobs of director of the NSA, chief of the Central Security Service and commander of US Cyber Command in April 2014,

Rogers has been in the unenviable position of leading the institutions tasked with protecting our nation’s data and networks at a time when threats have been growing, budgets have been shrinking and incidents ranging from Snowden to the Office of Personnel Management hack continue to chip away at the public’s trust.

To succeed in cyberspace, whether as part of a CYBERCOM’s offensive or an NSA information assurance mission, Rogers reminds his teams, “Don’t forget that at the end, you're dealing with a choice that some human made on a keyboard somewhere.”

Those humans can be divided into three segments: protectors, adversaries and end users. But that’s where the simplicity ends.

The protectors, or, more formally, members of the Cyber Mission Force, are already being deployed despite incomplete teams. You would never send out a fighter squadron with five out of 24 planes, Rogers said, but we’re doing just that for cyber teams because of growing, urgent demands for technical capability and expertise. Full operational capability is expected by Sept. 30, 2018.

It almost feels like NSA is becoming the Federal Emergency Management Agency of the cyber world, he joked.

“If you had told me that as a military leader, that as the director of the NSA, I would be involved in protecting a motion picture company, I would have told you, ‘Boy, I don’t think that’s going to come up,’” he said, referring to the Sony hack in 2014. “I failed to anticipate that one miserably.”

Those adversaries were linked to North Korea, but it’s not always that simple. In February, NASA was hacked by a group called AnonSec. The breach was fairly inconsequential, but the motive behind the attack—which seems to little more than “because we could”—represents the challenge of today’s shifting threat landscape.

“This is the one mission set I can think of,” Rogers said, “where every single user out there is both a potential point of advantage and a potential point of vulnerability.”

Therein lies the biggest challenge. When it comes to our nation’s networks, the largest threat to security isn’t the technology; it’s the people who use it.

“We don't give weapons to everyone in the [Defense Department],” Rogers said, but we do give them a keyboard. “You may have the greatest technical solution in the world about how you defend a system, [but] bad user behavior, bad choices, start to make your defensive abilities really challenging.”

That’s exactly what happened to the Justice Department earlier this year, when a hacktivist gained access to thousands of records after simply calling the help desk.

While the exact numbers depend on whom you ask, experts agree a majority of information security breaches are the results of sometimes malicious, but usually inadvertent, insider actions. Strong leadership helps, Rogers said, but ultimately, “it’s about making sure … individual users understand that their choices have broader impact.”

NextGov:

« Criminals Invent Clever New Way To Plant Banking Malware
Cloud Video Architecture Improves Emergency Services Response »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

AusCERT

AusCERT

AusCERT is the premier Computer Emergency Response Team (CERT) in Australia and a leading CERT in the Asia/Pacific region

Appdome

Appdome

Appdome is the industry's first mobile integration as a service company, providing solutions for enterprise mobility and mobile application security.

Protectimus

Protectimus

Affordable two factor authentication (2FA) provider. Protect your data from theft with multi factor authentication service from Protectimus.

Cyscale

Cyscale

Cyscale is a consultancy and development agency helping Enterprises adopt and migrate to the Cloud by providing an Automated Cloud Security Platform.

CNA Insurance

CNA Insurance

CNA offers a market-leading suite of cyber liability insurance products and risk control resources for businesses of all sizes.

WebSec B.V.

WebSec B.V.

WebSec is a Dutch Cybersecurity firm mainly focused on offensive security services such as pentesting, red teaming and security awareness and phishing campaigns.

WidePoint

WidePoint

WidePoint Corporation is an innovative provider of Trusted Mobility Management (TM2) solutions.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

GovernmentCIO

GovernmentCIO

GovernmentCIO was founded with a single purpose: to transform government IT. We are thought leaders in data analytics, machine learning, cybersecurity and IT transformation.

ConnectSecure

ConnectSecure

ConnectSecure (formerly CyberCNS) is a global cybersecurity company that delivers tools to identify and address vulnerabilities and manage compliance requirements.

Softwerx

Softwerx

Softwerx is the UK’s leading Microsoft cloud security practice. We’ve been helping forward-thinking companies better secure their businesses for nearly twenty years.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

Central Intelligence Agency (CIA)

Central Intelligence Agency (CIA)

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

Firesand

Firesand

Based in Milton Keynes, Firesand Ltd provides penetration testing services to improve your cyber security and protect your company against hackers.

Global Resilience Federation (GRF)

Global Resilience Federation (GRF)

GRF builds, develops and connects security information sharing communities for mutual defense.

Network Coverage

Network Coverage

Network Coverage align, maintain, and integrate technology and cloud solutions with business operations to improve productivity and security with as few issues and disruptions as possible.