{"id":39546,"date":"2021-11-18T11:09:42","date_gmt":"2021-11-18T16:09:42","guid":{"rendered":"https:\/\/engineering.jhu.edu\/case\/?post_type=news&#038;p=39546"},"modified":"2021-11-18T11:10:17","modified_gmt":"2021-11-18T16:10:17","slug":"creating-a-culture-of-cybersecurity","status":"publish","type":"news","link":"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/","title":{"rendered":"Creating a culture of cybersecurity"},"content":{"rendered":"<div class=\"page-title-container row\">\n<div class=\"center force\">\n<h3 class=\"subheadline\">In advance of his book &#8216;Confronting Cyber Risk,&#8217; engineer Gregory Falco discusses how and why organizations should incorporate cybersecurity into everyday business and planning<\/h3>\n<\/div>\n<\/div>\n<div class=\"row\">\n<div class=\"center force\">\n<div class=\"body-copy column force\">\n<p>In 2020, a hack believed to have been perpetrated by the Russian intelligence service compromised more than 100 clients of the SolarWinds network management company. Affected organizations included tech giants Microsoft, Cisco, and Intel, as well as the Pentagon and the Cybersecurity and Infrastructure Security Agency\u2014the very agency tasked by the Department of Homeland Security with protecting federal computer networks from cyberattacks.<\/p>\n<p>Then, this past spring, hackers from the criminal organization DarkSide demanded 75 Bitcoin\u2014the equivalent of about $4.4 million\u2014to restore operations of the Colonial Pipeline, which supplies gasoline and jet fuel to the southeastern United States. It was the largest cyberattack on U.S. fuel infrastructure in the country&#8217;s history.<\/p>\n<p>As these high-profile attacks indicate, cybersecurity is an issue of increasing importance to public and private organizations. But despite the increasing online presence of these organizations, many of their systems simply do not have good protection mechanisms in place.<\/p>\n<div class=\"image inline align-left size-medium image-square column has-caption\" data-id=\"34532\">\n<div class=\"image-container\"><img decoding=\"async\" src=\"https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_medium\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=0FidDQeu\" sizes=\"(min-width: 1680px) 579px, (min-width: 1280px) 456px, (min-width: 1024px) 406px, (min-width: 863px) 325px, (min-width: 768px) 347px, (min-width: 640px) 309px, (min-width: 412px) 258px, (min-width: 375px) 307px, 279px\" srcset=\"https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_medium\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=0FidDQeu 420w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_630\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=jJ0tDMUF 630w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/full_width\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=b9ikpYZ3 825w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_1030\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=2nl64RBS 1030w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_large\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=RsVA3Tcj 1194w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_1300\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=5B_LNC-5 1300w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_xlarge\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=lH6pEBKy 1440w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_1600\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=iuLwjEmT 1600w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_1800\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=nTk7v9oT 1800w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_2000\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=zNe76KPr 2000w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_2400\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=y3z8S46C 2400w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_2880\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=ppsIbvyV 2880w\" alt=\"Gregory Falco\" \/><\/div>\n<div class=\"caption\">\n<p><span class=\"visuallyhidden\">Image caption:<\/span>Gregory Falco<\/p>\n<\/div>\n<\/div>\n<p>For insights into the ongoing problem of securing online networks, the Hub spoke with<a href=\"https:\/\/engineering.jhu.edu\/faculty\/gregory-falco\/\">Gregory Falco<\/a>, assistant professor in the Whiting School of Engineering&#8217;s<a href=\"https:\/\/engineering.jhu.edu\/case\/\">Department of Civil and Systems Engineering<\/a>and the<a href=\"https:\/\/iaa.jhu.edu\/\">Institute for Assured Autonomy<\/a>, in advance of the publication of his book,<a href=\"https:\/\/global.oup.com\/academic\/product\/confronting-cyber-risk-9780197526545\"><em>Confronting Cyber Risk: An Embedded Endurance Strategy for Cybersecurity<\/em><\/a>(Oxford University Press). Falco co-authored the book with Eric Rosenbach, director of the Belfer Center for Science and International Affairs at the Harvard Kennedy School.<\/p>\n<h4>What is the first thing that you recommend organizations address to increase their protection against cyber-attacks?<\/h4>\n<p>Think about cybersecurity not as an IT issue, but as a senior executive and leadership issue. Cybersecurity and cyber protection are often thought of as reactive measures, but organizations need to start seeing cyber protection as a way of planning. Similar to financial planning, cybersecurity should be incorporated as a part of everyday business. It&#8217;s not an add-on; it should be embedded in the organization, which is why we used the term &#8220;embedded endurance strategy&#8221; when writing the book. The term shows that we view cybersecurity as an endurance exercise. Even if measures are embedded in the organization, cybersecurity issues are going to be happening for the entirety of its existence. It&#8217;s important to think about strategy and risk mitigation from a long-term marathon endurance standpoint.<\/p>\n<h4>Why is an embedded endurance strategy important?<\/h4>\n<p>Addressing issues as they arise will probably cost an organization more money because they&#8217;ll be paying for consultants to troubleshoot things as they happen. Using a comprehensive approach means shifting the way of viewing this challenge as ongoing rather than a single instance. When long-term prevention becomes a part of an organization&#8217;s culture, it requires leaders to think through every aspect of a potential event. This forethought allows them to move swiftly, while also maintaining the integrity of their organization&#8217;s efforts in the event of an attack.<\/p>\n<p>Knowing who your attacker is and what they&#8217;re going to want will help an organization formulate their strategy. Does your attacker want to create chaos in the system? Do they want cash? Are they a competitor who wants to steal your IP? By answering these and other questions, companies can figure out ways to act both during and after the attack.<\/p>\n<div class=\"image inline align-left size-medium image-portrait column\" data-id=\"34533\">\n<div class=\"image-container\"><img decoding=\"async\" src=\"https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_medium\/public\/confronting.jpeg?itok=EovFvPOf\" sizes=\"(min-width: 1680px) 579px, (min-width: 1280px) 456px, (min-width: 1024px) 406px, (min-width: 863px) 325px, (min-width: 768px) 347px, (min-width: 640px) 309px, (min-width: 412px) 258px, (min-width: 375px) 307px, 279px\" srcset=\"https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_medium\/public\/confronting.jpeg?itok=EovFvPOf 420w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_630\/public\/confronting.jpeg?itok=S8BfFrKs 630w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/full_width\/public\/confronting.jpeg?itok=JLYCZGsy 825w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_1030\/public\/confronting.jpeg?itok=2WvGDnKp 1030w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_large\/public\/confronting.jpeg?itok=wmpZVKe9 1194w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_1300\/public\/confronting.jpeg?itok=l3nynSgT 1300w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_xlarge\/public\/confronting.jpeg?itok=QlEiOmqO 1440w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_1600\/public\/confronting.jpeg?itok=STRqBPpB 1600w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_1800\/public\/confronting.jpeg?itok=V0JLSsZH 1800w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_2000\/public\/confronting.jpeg?itok=pxdaL77P 2000w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_2400\/public\/confronting.jpeg?itok=pH0bEQp- 2400w, https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/soft_crop_2880\/public\/confronting.jpeg?itok=RlalC4lP 2880w\" alt=\"Cover image of 'Confronting Cyber Risk' by Gregory Falco and Eric Rosenbach\" \/><\/div>\n<div class=\"caption\">\n<p class=\"credit\">IMAGE<span class=\"visuallyhidden\">CREDIT<\/span>: OXFORD UNIVERSITY PRESS<\/p>\n<\/div>\n<\/div>\n<p>My co-author and I propose a holistic approach to help organizations think through cyber issues. Through anecdotes and case studies, we help leaders consider the pre-event, during-event, and post-event components of an organization&#8217;s cyber experience.<\/p>\n<h4>Considering that the cyber protection methods are always evolving, are there any actions that you recommend to leadership teams as they build and revise their embedded endurance strategy?<\/h4>\n<p>Read the news to see how other organizations are handling their cyber events. Even non-technical news can provide insight as to what exactly happened during a cyber event, as long at the organization is transparent in their reporting. There&#8217;s still a stigma regarding being hacked. If organizations choose to be transparent about what is happening\u2014and who is affected\u2014when they are hacked, they can use their event as a case study of sorts for other leadership teams. Especially in instances of ransomware attacks, it&#8217;s helpful to know details like how much the company was charged and did they negotiate with the attacker.<\/p>\n<p>These are not new problems. The more that people are reading and learning about them, the more cognizant leadership teams should be of their actions when it comes to cyber safety. Our hope with the book is to encourage more proactive measures through the embedding of preventative thoughts, actions, and processes into every aspect of an organization&#8217;s operations. This allows for long-term planning and a more organized, comprehensive strategy for dealing with cyber events when they occur.<\/p>\n<\/div>\n<p><a href=\"https:\/\/hub.jhu.edu\/2021\/11\/18\/gregory-falco-confronting-cyber-risk\/\"><em>This article originally appeared in the Hub<\/em><\/a>.<\/p>\n<\/div>\n<\/div>\n","protected":false},"template":"","class_list":["post-39546","news","type-news","status-publish","hentry","news_categories-human-safety-security","news_categories-systems"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Creating a culture of cybersecurity - Department of Civil &amp; Systems Engineering<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Creating a culture of cybersecurity - Department of Civil &amp; Systems Engineering\" \/>\n<meta property=\"og:description\" content=\"In advance of his book &#8216;Confronting Cyber Risk,&#8217; engineer Gregory Falco discusses how and why organizations should incorporate cybersecurity into everyday business and planning In 2020, a hack believed to&hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/\" \/>\n<meta property=\"og:site_name\" content=\"Department of Civil &amp; Systems Engineering\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-18T16:10:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_medium\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=0FidDQeu\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Creating a culture of cybersecurity - Department of Civil &amp; Systems Engineering","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/","og_locale":"en_US","og_type":"article","og_title":"Creating a culture of cybersecurity - Department of Civil &amp; Systems Engineering","og_description":"In advance of his book &#8216;Confronting Cyber Risk,&#8217; engineer Gregory Falco discusses how and why organizations should incorporate cybersecurity into everyday business and planning In 2020, a hack believed to&hellip;","og_url":"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/","og_site_name":"Department of Civil &amp; Systems Engineering","article_modified_time":"2021-11-18T16:10:17+00:00","og_image":[{"url":"https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_medium\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=0FidDQeu","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/","url":"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/","name":"Creating a culture of cybersecurity - Department of Civil &amp; Systems Engineering","isPartOf":{"@id":"https:\/\/engineering.jhu.edu\/case\/#website"},"primaryImageOfPage":{"@id":"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/#primaryimage"},"image":{"@id":"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/#primaryimage"},"thumbnailUrl":"https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_medium\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=0FidDQeu","datePublished":"2021-11-18T16:09:42+00:00","dateModified":"2021-11-18T16:10:17+00:00","breadcrumb":{"@id":"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/#primaryimage","url":"https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_medium\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=0FidDQeu","contentUrl":"https:\/\/api.hub.jhu.edu\/factory\/sites\/default\/files\/styles\/hub_medium\/public\/Screen%20Shot%202021-11-17%20at%2010.04.52%20AM.png?itok=0FidDQeu"},{"@type":"BreadcrumbList","@id":"https:\/\/engineering.jhu.edu\/case\/news\/creating-a-culture-of-cybersecurity\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/engineering.jhu.edu\/case\/"},{"@type":"ListItem","position":2,"name":"News","item":"https:\/\/engineering.jhu.edu\/case\/news\/"},{"@type":"ListItem","position":3,"name":"Creating a culture of cybersecurity"}]},{"@type":"WebSite","@id":"https:\/\/engineering.jhu.edu\/case\/#website","url":"https:\/\/engineering.jhu.edu\/case\/","name":"Department of Civil &amp; Systems Engineering","description":"Department of Civil &amp; Systems Engineering","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/engineering.jhu.edu\/case\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Department of Civil &amp; Systems Engineering","distributor_original_site_url":"https:\/\/engineering.jhu.edu\/case","push-errors":false,"_links":{"self":[{"href":"https:\/\/engineering.jhu.edu\/case\/wp-json\/wp\/v2\/news\/39546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/engineering.jhu.edu\/case\/wp-json\/wp\/v2\/news"}],"about":[{"href":"https:\/\/engineering.jhu.edu\/case\/wp-json\/wp\/v2\/types\/news"}],"wp:attachment":[{"href":"https:\/\/engineering.jhu.edu\/case\/wp-json\/wp\/v2\/media?parent=39546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}