With cyberattacks soaring, corporations must step up efforts to protect their IT networks. Most firms could learn from the U.S. military, which has been tightening its cyberdefenses for the past six years. In the past year alone, it adroitly repelled more than 30 million intrusions.
A focus on reducing human error is core to the military’s heightened security. As is true in the private sector, mistakes by administrators and users open the door to the vast majority of successful attacks. To address this, the Defense Department has been borrowing from the “high reliability” practices of the U.S. Navy’s nuclear program, which hasn’t had a single accident in its six decades of existence.
In this article the former vice chairman of the Joint Chiefs of Staff, a special assistant to the Joint Chiefs’ chairman, and a management professor describe the military’s approach and how business leaders can apply it in their firms. It involves six cultural principles:
- integrity, which leads people to adhere fully to protocol and own up immediately to mistakes;
- depth of knowledge, which is ensured by rigorous and continual training and testing;
- procedural compliance, which is enforced by extensive inspections;
- forceful backup, to prevent problems that could be introduced by workers acting alone;
- a questioning attitude, which induces people to investigate anomalies quickly; and
- formality, which prevents miscommunication.
By taking charge, making everyone accountable, and instituting tough standards for IT training and operation, CEOs can embed these principles in their organizations and close critical gaps in security.
HBR Reprint R1509G
