Cybersecurity: Converting Shock Into Action (Part 2)

Abstract

Last year, the authors presented Part 1, which focused on a discussion on policy/directives and then explored the efficacy of the DoD's cybersecurity strategy and associated actions taken to date all intended to safeguard the efficacy of DoD systems. The goal of the research in Part 2 is centered on the design and implementation of the cybersecurity training intended to achieve the key cybersecurity behaviors to meet that end. The Kirkpatrick Learning Level framework is used to help translate learning objectives into security and resilience critical behaviors for organizational oversight. The process of translating Knowledge, Skills, and Attitudes (KSAs) into learning objectives and workplace behaviors is also discussed. However, what the workforce actually applies in the workplace is the most important part of the equation, especially its correlation to expected outcomes. Part 2 addresses just that. The DoD will be hard-pressed to achieve any mission assurance objectives for security and resilience without recognizing that (1) cybersecurity critical learning behaviors require commitment at all levels individual, team, and organizational; and (2) cybersecurity must be viewed as more of a dilemma where emerging threats will surface continuously and must be assessed with regular frequency to ensure the viability of the DoD's weapon systems lethality.