Improving the Cybersecurity of U.S. Air Force Military Systems Throughout Their Life Cycles: Cybersecurity Management

This article is an excerpt from the book Improving the Cybersecurity of U.S. Air Force Military Systems Throughout Their Life Cycles, specifically the chapter describing Cybersecurity Management. The authors begin by defining cybersecurity and the cyber domain, then discuss the idea of cybersecurity and what cybersecurity should achieve, both in terms of exploitation (attacks from enemies) as well as offensive tactics (attacks on enemies) as well as addressing defense and resilience. The main idea is that cyber robustness and cyber resiliency are key to survivability, whether the actor in question is a user, a system, or a state. In addition, the authors discuss the fact that when creating cyber systems, engineers often have to make trade-offs between functionality and security, often having to “accept certain levels of vulnerabilities in order to achieve some functionality, often knowingly, and sometimes unknowingly.” Issues such as these create challenges for general management and organization. As one organizational sociologist in the article describes, the stability, complexity, and diversity all greatly affect the system and environment and should thus govern the organizational policies and management of the environment. “The cybersecurity environment is dynamic and complex,” and there is no simple solution to mitigating risks and preventing threats.