Cybersecurity threats are growing exponentially every year as more data is stored and accessible digitally. Spending on cybersecurity solutions is estimated to more than double to $170 billion by 2020, according to a recent report. The U.S. Cybersecurity National Action Plan alone will invest tens of billions of dollars toward these efforts.
Developing a cybersecurity strategy is a must for all federal organizations as our enemies here and abroad attempt to steal our intellectual knowledge and financial data and endanger our homeland security.
Cyberattackers typically succeed because their targets continue addressing problems in the same manner. That's why effectively thwarting these attacks takes a more disruptive approach, using not only traditional strategic planning and prioritization, but also risk management, scenario planning, and "antifragile" thinking.
Why pattern disruption is important
Pattern disruption means expecting the unexpected, within reason. When an organization can successfully anticipate possible threats instead of being preoccupied with the status quo, it can proactively allocate resources, develop the right capabilities, and ensure operations can withstand any conditions. Essentially, it's controlled chaos.
Every organization — government or otherwise — must assess weaknesses and vulnerabilities to combat potential threats. Even large, longstanding, and apolitical organizations like the Minnesota Judicial Branch and Sony Pictures aren't immune from nefarious cyberattacks.
Organizations that embrace a disruptive path, though, are better equipped to withstand threats. History cannot predict emerging black swan events, so agency leaders must be willing to explore response strategies based on vulnerabilities. This pattern disruption can help manage stress, identify problems, and implement solutions.
The cyber world is volatile, uncertain, complex, and ambiguous — full of challenges and rapidly changing. As such, attempting to understand the unknown and testing different strategies is the best way for federal managers to strengthen their organizations against these threats. In other words, a disruptive approach will lead to new and effective solutions.
Implementing pattern disruption in government
Federal managers can build pattern disruption into their cybersecurity efforts using the following three-pronged approach.
- Disruptive thinking
Start by introducing new thinking around cybersecurity to mitigate threats and ensure antifragility. Traditional cybersecurity measures were created based on the general signature of past attackers, but this approach is too limited and threats are changing daily. Instead, federal agencies should seek new points of view.
President Barack Obama has attempted to do this by establishing the Commission on Enhancing National Cybersecurity, which brings together outside strategy, business, and technical thinkers throughout the country. This working group will make detailed recommendations to improve cybersecurity awareness and protections throughout government and private organizations over the next decade.
- Disruptive evolution
It's also important to innovate thinking along this disruptive trajectory, identifying issues, insights, concepts and action plans. The Government Accountability Office, for example, recently identified cyber weaknesses in a range of areas including financial reporting, contractor oversight, and building access at nearly two dozen federal agencies. The GAO provided each agency with recommendations to address those challenges.
The Air Force Research Laboratory is also taking a broad look at cyber solutions to adapt to emerging threats. Its research will examine several issues, among them cyber agility and system self-regeneration. Its plan is to make systems and network architectures more dynamic to avoid taking them offline when compromised. This is particularly important for military systems deployed in the field.
- Disruptive convergence
Lastly, federal organizations need to integrate these new plans across all cybersecurity touchpoints of each agency. Lay out expectations and performance metrics to ensure tactical accountability across operations, customer service, leadership functions, workforce training, and budgeting.
The Department of Defense has resource allocation in place to ensure program managers and their staff members understand what's supposed to happen with their program and budget at all times. It also recently issued a cybersecurity discipline plan across the entire military, which holds leaders accountable for missed goals and setbacks up and down the chain of command.
Cyberattacks are a growing threat, and the stakes have never been higher for federal agencies. Foreign and homegrown attackers are constantly searching for weaknesses in our federal systems. By practicing pattern disruption, federal managers can address the unknown in the most secure and efficient way.
Bradford Blevins is a managing partner at gothamCulture, a U.S. Army Infantry veteran and organizational strategy adviser.