Cybersecurity: Converting Shock into Action
Abstract
BIGBADABOOM-2. That's the name of a recent cybersecurity breach affecting 5 million stolen credit card and debit card holders (O'Brien, 2018). Unfortunately, these breaches are becoming all too common. At an alarming rate, nation states and malign actors are better equipped to conduct cyberattacks than ever. The risk is growing. Some adversaries will be able to disrupt critical infrastructure against the United States in a crisis short of war (Coates, 2018). To make matters worse, cyber threat actors are more threatening and their abilities more sophisticated. While "abilities"are just as important to defend against cyberattacks, attitudes are just as vital when it comes to the selection of the required learning strategies given their connection to necessary cybersecurity behaviors. Unfortunately, the DoD's current approach for the acquisition community won't easily fulfill the stated and implied security and resilience imperatives anytime soon unless attitudes (a critical catalyst) start to change. The learning strategies required that embody it trace back to Bloom, Krathwohl, and Harrow;all research leaders in their respective fields. Their works speak to the importance of the affective domain (i.e., the way our attitudes affect our learning behaviors). This study explores the impact of the DoD's overall implied cybersecurity learning strategy and associated actions taken to date;all intended to safeguard the efficacy of the DoD's weapon systems and supporting infrastructure. Also included is a case study discussion to demonstrate the cybersecurity actions taken by one particular organization to better prepare themselves for their assigned cybersecurity duties despite the DoD's good intentions. The learning outcome of this case study could serve as a forerunner for other DoD acquisition organizations as they consider how to implement a robust, effective and sustainable cybersecurity program. The researchers firmly believe that the DoD will be hard pressed to achieve the desired gains in security and resilience without recognizing that the critical cybersecurity behaviors and concomitant attitudes at the individual, team, and organizational levels come first. And, that might come as a shock.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.NPS Report Number
SYM-AM-18-177Collections
Related items
Showing items related by title, author, creator and subject.
-
Cybersecurity: Converting Shock Into Action (Part 1)
Shaw, Paul; Tremaine, Robert (Monterey, California. Naval Postgraduate School, 2018-04-30); SYM-AM-18-092BIGBADABOOM-2. That's the name of a recent cybersecurity breach affecting 5 million stolen credit card and debit card holders (O'Brien, 2018). Unfortunately, these breaches are becoming all too common. At an alarming rate, ... -
Cybersecurity: Converting Shock Into Action (Part 2)
Shaw, Paul; Tremaine, Robert (Monterey, California. Naval Postgraduate School, 2019); SYM-AM-19-038Last year, the authors presented Part 1, which focused on a discussion on policy/directives and then explored the efficacy of the DoD’s cybersecurity strategy and associated actions taken to date—all intended to safeguard ... -
Non-Traditional Attack Surfaces to CIP and IIOT Networks [video]
Fansler, Aaron A.D. (Naval Postgraduate School, Monterey, California, 2018);Mr. Fansler presentation will discuss the use of machine learning in cyber security. Some significant steps have been made in the I.T. world but not in the O.T. world. The only advances come from the attacker’s side where ...