Design Thinking: the Cyber Defense Strategy for Local Government Agencies
In early 2016, cyber hacktivists targeted the state of Michigan’s main website to draw attention to the Flint water crisis. Hacktivist (activists who are cyber hackers) attacks on state and local governments have extended to denying the public access to government websites to acquire information or use their services e.g., pay taxes. More sinister attacks may be directed towards local infrastructure, for example, the electrical grid, water treatment works, and transportation hubs. State and non-state actors are weaponizing cyber tools. North Korea, Russia, and China are building their arsenals through protestors and terrorist groups and the bored basement teenager.
With such an array of potential threats and local government faced with the challenge of where to direct limited resources, Design Thinking provides a possible approach to help frame and address cyber issues.
Design Thinking is particularly applicable to the homeland security mission given its value to solve “wicked” problems that are complex interdependencies and dynamic, therefore cannot be definitively described or solved. The homeland security community can use Design Thinking processes for developing innovative intervention strategies for these complex, dynamic cyber threats. Design Thinking can help drive a culture of innovation in a resourced constrained environment. As Anthony Masys states, “It is about not only understanding the future but also influencing it.”
Local government can employ Design Thinking by using these steps:
- Empathize: Learn about the cyber issues involved. For example, capture perspectives from local government employees and their cyber practices (not just IT), and understand possible current and future motivations of perpetrators
- Frame and Re-Frame: Frame and understand the cyber issues impacting the local government based on the empathize stage
- Explore: Develop creative solutions for developing effective cyber defenses. These are not just technical but also human centric, for example, installing a culture of effective cyber-hygiene for employees to not unwittingly allow a hacker in
- Prototype: Review scaled down approaches to defend and prevent attacks. This may include new cyber-hygiene and work flow practices
- Implement: Test and refine the approaches through red teaming hypothetical attacks and scenarios
The step-by-step Design Thinking process offers cyber security analysts with a dynamic and flexible approach to meet the adaptive threat.
About Arc Aspicio Arc Aspicio is a management, strategy, and technology consulting firm that takes a mission-oriented approach to complex client challenges. As a rapidly growing company, Arc Aspicio has a bold strategy for 2016-2018 that drives growth through new capabilities in strategy, design, human capital, data analytics, information sharing, cybersecurity, and strategic communications. The company is known for a strong, collaborative culture that values gratitude – for its clients and its great team. And, #welovedogs! Follow us on Twitter @arcaspicio or learn more at www.arcaspicio.com
