With
cyberattacks soaring, corporations must step up efforts to protect
their IT networks. Most firms could learn from the U.S. military, which
has been tightening its cyberdefenses for the past six years. In the
past
year alone, it adroitly repelled more than 30 million intrusions. A
focus on reducing human error is core to the military’s heightened
security. As is true in the private sector, mistakes by administrators
and users open the door to the vast majority of successful
attacks. To address this, the Defense Department has been borrowing from
the “high reliability” practices of the U.S. Navy’s nuclear program,
which hasn’t had a single accident in its six decades of existence. In
this article the former vice chairman of the
Joint Chiefs of Staff, a special assistant to the Joint Chiefs’
chairman, and a management professor describe the military’s approach
and how business leaders can apply it in their firms. It involves six
cultural principles: • integrity, which leads people
to adhere fully to protocol and own up immediately to mistakes; • depth
of knowledge, which is ensured by rigorous and continual training and
testing; • procedural compliance, which is enforced by extensive
inspections; • forceful backup, to prevent problems
that could be introduced by workers acting alone; • a questioning
attitude, which induces people to investigate anomalies quickly; and •
formality, which prevents miscommunication. By taking charge, making
everyone accountable, and instituting tough standards
for IT training and operation, CEOs can embed these principles in their
organizations and close critical gaps in security. [ABSTRACT FROM
AUTHOR]