CYBERSECURITY'S HUMAN FACTOR: LESSONS FROM THE PENTAGON

Once a vulnerable IT colossus, the U.S. military is becoming an adroit operator of well-defended networks. Today the military can detect and remedy intrusions within hours, if not minutes. From September 2014 to June 2015 alone, it repelled more than 30 million known malicious attacks at the boundaries of its networks. Of the small number that did get through, fewer than 0.1% compromised systems in any way. One key lesson of the military's experience is that while technical upgrades are important, minimizing human error is even more crucial. Mistakes by network administrators and users open the door to the overwhelming majority of successful attacks. The U.S. Cyber Command has been upgrading the military's technology. Network administrators can now quickly detect anomalies, determine if they pose a threat, and alter the network's configuration in response. Companies need to address the risk of human error too. Cyberdefenders need to create "high-reliability organizations" by building an exceptional culture of high performance that consistently minimizes risk. Guidelines for creating a high-reliability IT organization are presented.