What the Military Can Teach Business About Cyber
CIOREVIEW >> Defense >>

What the Military Can Teach Business About Cyber

Woody Groton, CIO at Draper
Woody Groton, CIO at Draper

Woody Groton, CIO at Draper

As a CIO, I have implemented and seen the benefits of cybersecurity played out on computer networks, hybrid workforces and cloud computing deployments. Nothing during my time in business, however, has matched my cybersecurity experience in the military. The lessons I learned there, and continue to learn in the National Guard, shape my job as a CIO.

Where it began

Cybersecurity, it is worth noting, grew up alongside the internet. Early on it was evident that networked computers could exchange more than just data. They could also serve as conduits for computer viruses and malware. In response, an entire profession has emerged, offeringtechnology and skills training designed to prevent, detect and recover from cyber-attacks.

My military experience goes beyond the typical experience of most professionals. The reasons are obvious. The military remains the only legitimate organization where offensive cyber takes place. Technically, defensive cybersecurity is all about blocking an intruder, and offensive cyber is about imposing effects on an adversary’s digital services or networks.

U.S. Cyber Command leads the effort for our nation. The Command stays up to date on the latest threats and tactics in a dynamic world. Take a look at their newest training effort to get a sense of how cybersecurity is navigated by military professionals.

Where the next cyber threat might come from is anyone's guess. Ransomware attacks have hit hospitals, banks and municipalities. Utilities go to great lengths to protect their networks. Unsecured weapon systems can be at risk. Preparations never end.

What I learned

To test the best approaches forcyber-incident response, I led an exercise called Cyber Yankeein Pembroke, New Hampshire.More than 300 people participated in a series of cyber exercises over two weeks. I led the effort as the Exercise Director. The exercise was developed to provide functional collective training for Federal Emergency Management Agency Region I (New England) defensive cyber operators as well as to improve interoperability between National Guard teams and state and critical infrastructure industry mission partners.

Cyber Yankee extended its reach by incorporating a remote exercise at a water treatment plant at Cybertropolis, a testing ground at the Muscatatuck Urban Training Center, in Butlerville, Indiana.In Cyber Yankee, the National Guard cyber warriors trained alongside engineers from public utilities in the water and electrical sector.Using an actual water treatment plant outfitted with multiple sensors greatly enhanced the realism of the exercise.

"U.S. Cyber Command leads the effort for our nation. The Command stays up to date on the latest threats and tactics in a dynamic world."

What we learned at Cyber Yankee is the importance ofbuilding relationships with state and federal government and industry partners. Additionally,team training, task and capabilities standardization and use of the right tools to ensure interoperability are critical to mission success. If this list sounds familiar to my fellow CIOs, I am glad. The interplay between people, planning and technology is my biggest takeaway from witnessing what it takes to prepare and respond to cyber-attacks.

To this list of training, standards and tools, I would add testing, testing and testing again.

What is next for CIOs

A CIOnever stops thinking about cybersecurity. Protection, it should be said, is a team effort that involves your leadership, staff, contractors, consultants and security professionals. As attacks spike, you want the right protections in place.

Bringing my experience from the military to my day job at Draper continues to guide me in building a cyberresilient enterprise. Like CIOs everywhere, my information technologystrategy is shaped to a large degree by the needs of the customer, and one of Draper’s biggest customers is the Department of Defense, so cyber is top of mind for us.

Here are some recommendations for building a cyberresilient enterprise.

• Migrate from on-prem to cloud-delivered security services, such as secure access service edge (SASE). SASE reimagines traditional security architecture for your network by taking advantage of security in the cloud for a remote workforce.

• Architect the concept of Zero Trust for the enterprise. This idea engenders a better user experience yet matures the cyber-hygiene of the organization by ensuring that all users are authenticated, authorized and continuously validated against security configurationsbefore being granted access to applications and data.

• Ensure that users throughout the enterprise are allowed to weigh in before any new cybersecurity measure are adopted.Make sure that the organization’s employees are involved in the testing and implementation so that you have their buy-in and their support, thereby avoiding the “surprise” factor upon rolling out new technologies.

• Hire people with U.S. Cyber Command and other military cyber work experience. They are ready to go on day one.

As CIOs reconsider their approach to cyberresilience, the military remains a valuable source to learn how it is done well.

Read Also

Digital Transformation and technological advancements in a NEO Bank

Matthias Fengler, Head of Finance & Controlling, N26

Digitising your businesses DNA

Fraser Collins, Group Head of Commercial Finance, International Personal Finance (IPF)

The Bank's Experience: How a Company's Use of Fintech Can Accelerate...

Mārtiņš Bērziņš, Head of Digital Customer Experience, Deputy Business Development, Citadele Bank

Fintech solutions for the exploding savings market: How banks can...

Paul Knodel, CEO and Managing Director, Raisin US Inc.

Looking to Finance a Tech Startup? Your Timing May Be Just Right

Kurt Nichols, Managing Director, Portfolio Manager, CIBC Innovation Banking

A Proven Use Case of EDI at Malouf

Nate Obray, Director of Software Services, Malouf, United States Of America.