Saturday, September 5, 2009

Cyber Warriors All (Some, Any, None)

We must recognize that we are all Cyber Warriors. We are responsible for the information we extract from and add to the networks, which is essential to mission success.

We all must recognize our role in this digital environment. How many of us have one or more USB memory devices? How many of us make copies of information or work on a CD? And how many of us leave the workplace with these items without them being encrypted, making their loss more painful than just the resultant loss of productivity; the potential loss of sensitive information.

How many of us perform official business on our home email systems, which are not as secure as our networks? While we all are required to take privacy and information assurance training, do we actually take it to heart that we are all Cyber Warriors and as such must act accordingly? Whether we engage the network in a classified or unclassified environment, information security and assurance are everyone’s responsibility.

We have training available to us and countless standard operating procedures; but, are we doing enough? Information security cannot be managed by the Naval Network Warfare Command and the Marine Corps Security and Operations Center alone. We all have a role in this Information Age and a responsibility to protect our information.

From the Navy CIO's blog.

2 comments:

Anonymous said...

While it may be hard to disagree with the comments as posted, the question I have for the Navy CIO is, "What are you doing to overcome these challenges?" The Navy can't keep preaching work-life balance, tech savvy jobs, and a desire to leverage "web 2.0" without IT policies that help enable them. The quickest reaction to a newly discovered security vulnerability is a policy to ban or limit the tool that created the vulnerability. Doing so may be a necessary interim step, but the Navy appears to be failing at implementing a long term solution that addresses the vulnerability and restores the capability. At the end of the day, the Navy's IT policies affect recruiting, retention and operating efficiency. We can't continue to preach don't without figuring out how we can do.

Anonymous said...

"Cyber Warriors All"

I disagree completely. The IT who ensures the network is up and operating is no more a "Cyber Warrior" than is the Postal Clerk that keeps our mail coming. Ok, bad analogy, but it makes the point.

"Cyber Warriors" are those individuals who achieve a warfare commanders intent in and/or through cyberspace, not your average user who can barely type, create a strong password, spell CNO, etc.

Those average users are operating in cyberspace, but they are not a warrior in it...they are bystanders. Those who are "warriors" are focused on seizing the initiative in/through cyberspace for very specific purposes, akin to maneuver warfare.

Just my 2 cents, but we need to stop overselling "we are all cyberwarriors" because if we were, our networks would be much more secure and our adversaries would be much more worried about theirs!