The enemy has passed through the gate: insider threats, the dark triad, and the challenges around security

Purpose – The purpose of this paper is to highlight the potential role that the so-called “toxic triangle” (Padilla et al., 2007) can play in undermining the processes around effectiveness. It is the interaction between leaders, organisational members, and the environmental context in which those interactions occur that has the potential to generate dysfunctional behaviours and processes. The paper seeks to set out a set of issues that would seem to be worthy of further consideration within the Journal and which deal with the relationships between organisational effectiveness and the threats from insiders.<p></p> Design/methodology/approach – The paper adopts a systems approach to the threats from insiders and the manner in which it impacts on organisation effectiveness. The ultimate goal of the paper is to stimulate further debate and discussion around the issues.<p></p> Findings – The paper adds to the discussions around effectiveness by highlighting how senior managers can create the conditions in which failure can occur through the erosion of controls, poor decision making, and the creation of a culture that has the potential to generate failure. Within this setting, insiders can serve to trigger a series of failures by their actions and for which the controls in place are either ineffective or have been by-passed as a result of insider knowledge.<p></p> Research limitations/implications – The issues raised in this paper need to be tested empirically as a means of providing a clear evidence base in support of their relationships with the generation of organisational ineffectiveness.<p></p> Practical implications – The paper aims to raise awareness and stimulate thinking by practising managers around the role that the “toxic triangle” of issues can play in creating the conditions by which organisations can incubate the potential for crisis.<p></p> Originality/value – The paper seeks to bring together a disparate body of published work within the context of “organisational effectiveness” and sets out a series of dark characteristics that organisations need to consider if they are to avoid failure. The paper argues the case that effectiveness can be a fragile construct and that the mechanisms that generate failure also need to be actively considered when discussing what effectiveness means in practice.<p></p&gt

Returning to Complex Strategic Analysis: A Discussion on the Diminishing Window of Opportunity for United States Nuclear Policy Preparation with Respect to China

American upheaval over the Chinese technologically advanced strategic threat permeates throughout the government and political culture. The response to this fear is a somewhat nascent reactive U.S. policy toward China as it relates to strategic weapon systems. The U.S. currently is responding by attempting to revitalize an aging nuclear architecture, and re-prioritize strategic weapons in U.S. defense spending. However, U.S. policy must move beyond justifying nuclear weapons and requesting increased funding. What is necessary for this balance beyond an arms race is the intellectual prescription for the calculated employment or fielding of those arms. Ultimately, this paper suggests the U.S. develop a Chinese facing strategic weapons policy consisting of a phased approach of temporal periods with associated polices, technological pursuits, and arms control implications - similar to those posited in the early stages of the Cold War. This paper assessed formal U.S. policy documents, de-classified documents, and federal intelligence reports and testimonies to understand more completely nuclear/strategic weapon force postures. The research canvassed publications from well-known Western think tanks, diplomats, and officials; as well as comparable non-Western, primarily Asian sources for a more complete analysis of culture, economy, and policy. The paper concludes that Chinese nuclear force posture and economic dynamics provide a window for the United States to prepare its own strategic forces and policy to better address the growing threat. This type of complex strategic analysis proved critical to responsive nuclear force postures in the Cold War. An assessment of Chinese strategic culture provided insight into how to produce an effective and dynamic U.S. nuclear policy. Lastly, a sample time-bound force development road map depicts the utility and applicability of such a model, while making some key recommendations for future policy

The Army Role in Achieving Deterrence in Cyberspace

In 2015, the Department of Defense (DoD) released the DoD Cyber Strategy which explicitly calls for a comprehensive strategy to provide credible deterrence in cyberspace against threats from key state and nonstate actors. To be effective, such activities must be coordinated with ongoing deterrence efforts in the physical realm, especially those of near-peers impacting critical global regions such as China in the Asia-Pacific region and Russia in Europe. It is important for the U.S. Army to identify and plan for any unique roles that they may provide to these endeavors. This study explores the evolving concept of deterrence in cyberspace in three major areas: • First, the monograph addresses the question: What is the current U.S. deterrence posture for cyberspace? The discussion includes an assessment of relevant current national and DoD policies and concepts as well as an examination of key issues for cyber deterrence found in professional literature. • Second, it examines the question: What are the Army’s roles in cyberspace deterrence? This section provides background information on how Army cyber forces operate and examines the potential contributions of these forces to the deterrence efforts in cyberspace as well as in the broader context of strategic deterrence. The section also addresses how the priority of these contributions may change with escalating levels of conflict. • Third, the monograph provides recommendations for changing or adapting the DoD and Army responsibilities to better define and implement the evolving concepts and actions supporting deterrence in the dynamic domain of cyberspace.https://press.armywarcollege.edu/monographs/1379/thumbnail.jp

DOD Role For Securing United States Cyberspace

The cyber attacks on Estonia in late April and the early weeks of May 2007 significantly crippled the country, preventing it from performing banking, communications, news reporting, government transactions and command and control activities. Estonia is considered a “Wired Society”, much like the United States. Both countries rely on the cyberspace infrastructure economically and politically. Estonia sought assistance outside the country to recover from and to address the attacks. The cyber attacks on Estonia focused world-wide attention on the effects that cyberspace attacks could have on countries. If a cyber attack of national significance occurred against the United States, what would the United States do? The Department of Defense is responsible for protecting the nation and its geographical boundaries from attack, but what is DoD’s role for securing the United States’ cyberspace? Research was conducted by studying national orders, strategies, policies plans, and doctrine to determine DoD’s role for securing the United States’ cyberspace. Research revealed that DoD is assigned the lead role as Sector Specific Agency (SSA) for the Defense Industrial Base (DIB). As the lead SSA for the DIB, DoD’s role for securing the United States’ cyberspace is to identify, assess, and improve risk management of the critical infrastructure within the DIB. Our nation’s defense and military strength rely on the DoD which in turn relies on the DIB to enable DoD to perform its mission. Participation by the DIB is on a voluntary basis, with DIB participants making the risk management calls and implementing the strategies that best fit their needs, which may not serve national security objectives

Strategic deterrence redux Nuclear weapons and European security

One of the most notable consequences of the end of the Cold War was the diminished role of nuclear weapons in international relations. The world’s primary nuclear weapon powers, the United States and the Russian Federation, made considerable reductions in their nuclear forces. The climax of the process was the New START Treaty signed in 2010. Now, the optimism that characterized the first decades of the post-Cold War era is rapidly evaporating. Geopolitical competition again dominates global and regional security dynamics. Nuclear powers are modernizing their forces and introducing novel systems that may affect strategic stability. At the same time, existing arms control regimes are crumbling. This report takes stock of recent developments in deterrence in general, and nuclear deterrence in particular. Its main ambition is to understand how deterrence has changed in light of certain post-Cold War trends, particularly in Europe. To this end, the report introduces the basic principles of deterrence. It also explores the nuclear-related policies and capabilities of the four nuclear weapon states most directly involved in European security affairs – Russia, the United States, France, and the United Kingdom. Importantly, the report also analyses the implications of the recent trends in strategic deterrence for Northern Europe

Toward a sustainable cybersecurity ecosystem

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. Cybersecurity issues constitute a key concern of today’s technology-based economies. Cybersecurity has become a core need for providing a sustainable and safe society to online users in cyberspace. Considering the rapid increase of technological implementations, it has turned into a global necessity in the attempt to adapt security countermeasures, whether direct or indirect, and prevent systems from cyberthreats. Identifying, characterizing, and classifying such threats and their sources is required for a sustainable cyber-ecosystem. This paper focuses on the cybersecurity of smart grids and the emerging trends such as using blockchain in the Internet of Things (IoT). The cybersecurity of emerging technologies such as smart cities is also discussed. In addition, associated solutions based on artificial intelligence and machine learning frameworks to prevent cyber-risks are also discussed. Our review will serve as a reference for policy-makers from the industry, government, and the cybersecurity research community

Issues and Opinions: Assessing the Emphasis on Information Security in the Systems Analysis and Design Course

Due to several recent highly publicized information breaches, information security has gained a higher profile. Hence, it is reasonable to expect that information security would receive an equally significant emphasis in the education of future systems professionals. A variety of security standards that various entities (e.g., NIST, COSO, ISACA-COBIT, ISO) have put forth emphasize the importance of information security from the very beginning of the system development lifecycle (SDLC) to avoid significant redesign in later phases. To determine the emphasis on security in typical systems analysis and design (SA&D) courses, we examine (1) to what extent security is emphasized in the core SA&D courses and (2) at what phase in the SDLC do most SA&D courses begin to emphasize security. In order to address these questions, we reviewed SA&D textbooks currently on the market to identify how extensively they cover security-related issues. Given the fairly high awareness of information security in practice, we expected to see an equally high emphasis on such matters in the textbooks. However, our review suggests that this is not the case, which suggests a gap in our preparation. To address this gap, we offer a proposal for modifying a portion of the SA&D curricula

Cyber Deterrence

Cyber operations by both state actors and non-state actors are increasing in frequency and severity. As nations struggle to defend their networks and infrastructure, their ability to apply the principles of deterrence to cyber activities correspondingly increases in importance. Cyber deterrence offers much more flexibility and increased options from traditional deterrence methodologies developed in the Cold War’s nuclear age. In addition to traditional retaliation, cyber deterrence includes options such as taking legal action; and making networks invisible, resilient, and interdependent. It also presents new ways to view and apply accepted methodologies such as invulnerability. As the U.S. continues to develop and implement cyber deterrence strategies and capabilities, there are important legal issues that require consideration, including international law, the law of armed conflict, and U.S. domestic law. This paper will identify and discuss six prominent theories of cyber deterrence and briefly analyze legal issues associated with this vital area of national security. The law not only provides important factors that must be considered as cyber deterrence doctrine is solidified, but it also provides significant insights into how these theories of cyber deterrence can best be utilized to support national strategic goals

Cognitive Machine Individualism in a Symbiotic Cybersecurity Policy Framework for the Preservation of Internet of Things Integrity: A Quantitative Study

This quantitative study examined the complex nature of modern cyber threats to propose the establishment of cyber as an interdisciplinary field of public policy initiated through the creation of a symbiotic cybersecurity policy framework. For the public good (and maintaining ideological balance), there must be recognition that public policies are at a transition point where the digital public square is a tangible reality that is more than a collection of technological widgets. The academic contribution of this research project is the fusion of humanistic principles with Internet of Things (IoT) technologies that alters our perception of the machine from an instrument of human engineering into a thinking peer to elevate cyber from technical esoterism into an interdisciplinary field of public policy. The contribution to the US national cybersecurity policy body of knowledge is a unified policy framework (manifested in the symbiotic cybersecurity policy triad) that could transform cybersecurity policies from network-based to entity-based. A correlation archival data design was used with the frequency of malicious software attacks as the dependent variable and diversity of intrusion techniques as the independent variable for RQ1. For RQ2, the frequency of detection events was the dependent variable and diversity of intrusion techniques was the independent variable. Self-determination Theory is the theoretical framework as the cognitive machine can recognize, self-endorse, and maintain its own identity based on a sense of self-motivation that is progressively shaped by the machine’s ability to learn. The transformation of cyber policies from technical esoterism into an interdisciplinary field of public policy starts with the recognition that the cognitive machine is an independent consumer of, advisor into, and influenced by public policy theories, philosophical constructs, and societal initiatives