Content area
Full text
Abstract: Most military forces recognise the importance and the challenges of cyber as an operational domain. In addition to specialised cyber units, cyber is present in every division and arms of service as a result the military face increasing risks from cyber threats. It is thus crucial to establish and maintain a capability to ensure cybersecurity. Most organisations purchase and use technical controls to counter cyber threats, but users are considered the weakest link in maintaining cybersecurity, even if they are cyber aware. The cultivation of a cybersecurity culture has been shown to be the best approach to address human behaviour in the cyber domain. The development and fostering of an organisational cybersecurity culture is receiving increasing attention. This paper gives an overview of existing frameworks and guidelines in this regard and applies these approaches to the military environment. The military environment differs markedly from a business environment in terms of the nature of their work and traditional military culture. The paper proposes a framework for a military force to cultivate and foster a cybersecurity culture within the traditional military culture. This framework has to be tested in a military environment.
Keywords: cybersecurity culture, cyber operations, cyber warrior, military culture
1.Introduction
Cyber has become pervasive in modern society and all organisations; alongside the many benefits cyber offer, there are also many risks and threats. Most organisations are taking measures to establish and maintain cybersecurity. These measures include technical measures as well as measures to raise cyber awareness and influence behavior of the workforce. The cultivation of a cybersecurity culture has been shown to be a primary measure to ensure cybersecurity in a nation of in an organisation (Gcaza & von Solms, 2017).
Herskovits (1948) described culture as a collective and shared sense of relatedness to the human experience. According to Schein (1985), there are four categories of culture: macro-cultures (nations or occupations that exists globally), organisational cultures, sub-cultures (groups within organisations) and micro-cultures (microsystems within organisations). Within the cultures, there are three levels that include visible artifacts, espoused beliefs and values, and basic underlying assumptions.
"Cyber culture" is a macro-culture that refers to the culture found amongst cyber professionals. Da Veiga (2016) defines cybersecurity culture as "the intentional and unintentional manner in which cyberspace...