1. 1
MEASURING AND
MITIGATING
VULNERABILITIES OF UAS
OPERATORS IN CREW
RESOURCE MANAGEMENT
(CRM)
WHAT PERSONALITY WEAKNESSES IN THE
HANDWRITING OF UAS OPERATORS INCREASE THE
RISK OF INTERNAL CYBER SECURITY BREACHES?
By John Boesen, MS, CQE
The Handwriting Guy
3. 3
Introduction
This whitepaper addresses personality weaknesses found in handwriting of UAS
operators that could result in internal cyber security breaches in the context of Crew Resource
Management (CRM). Integrity is a major aspect of risk management in a Security Needs
Definition Matrix (SNDM). The emerging world of unmanned vehicles has pushed into the
traditional world of piloted aviation. CRM principles apply to both although CRM is still
adapting to unmanned aerial vehicles and systems.
Computer networks, open Internet access, portable drives, and mobile devices bring risks
of cyber security breaches. Organizational structures of government agencies and civilian
companies are adapting by creating Chief Information Security Officers (CISO), who apply
resources in the form of countermeasures to mitigate these risks. With the advent of unmanned
aircraft systems (UAS) those risks increase the demand for countermeasure resources. UAS carry
the next wave of real-world technology, not comic book science fiction. The rate of acceleration
is increasing and finding ways to operate safely in the national airspace (NAS) and securely
manage and use massive networked databases has become a priority.
Responding to pressure from multiple interests, the FAA chose to begin managing UAS
operation by implementing a vehicle owner registration policy. Following the brief initial
registration period, the number of registered UAS outnumbered manned aircraft in the U.S. Like
ocean waves that keep coming, so will issues dealing with UAS. As of the date of this
whitepaper, the FAA has no written public policy addressing Cyber Security for UAS in the U.S.
national airspace (NAS). Considering the enormity of the fledgling UAS industry, the
vulnerabilities it adds for mitigation, and the severity of threats requiring countermeasures, it
would be reasonable to add it to the list of U.S. Critical Infrastructure.
Crew resource management (CRM) evolved in the manned aircraft industry with rules,
training, and licensing to manage flight in the national airspace (NAS). CRM must now include
those operating and managing the operation of UAS.
People are using technology in places and ways beyond imagination in many cases that
were once only dreamed about. It’s becoming hard to tell science fiction from science fact. Value
came with innovation. So did vulnerabilities.
Threats to an agency, company, or organization from unauthorized access to what the
UAS camera sees or what data it collects can compromise classified records, trade secrets,
financial and medical records, and other private information important to the military,
commercial businesses, and non-profit organizations.
UAS operators must be able to concentrate on a display screen to "see" through the eye of
the camera mounted on an unmanned aerial vehicle (UAV), also called a drone, and use a smart
phone, tablet computer, desktop computer, or console screen to 'pilot' the aircraft in 360 degrees
from a fixed or mobile command station.
4. 4
Operators must maintain a balance between focus and awareness of the environment in
which the vehicle is flying in the context of the mission; able to sit for extended periods without
much physical activity; be detail oriented; loyal/patient; manually dexterous; frank or secretive
but not deceptive or manipulative; reticent not talkative; responsive but not withdrawn,
expressive, or impulsive; decisive; comfortable following directions, procedures, rules, and
regulations; be able to adapt quickly to avoid a midair collision with a manned or unmanned
aircraft in controlled or non-controlled airspace.
In addition to the personality being analyzed, external variables come into play. Members
of an operator's family or the operator can become seriously ill or be threatened with harm by
extortionists causing the operator to compromise his/her integrity and act out of self-interest or
fear. An operator can pose as an ally but in fact be a spy. Any number of worst case scenarios
may be considered.
Crew Resource Management (CRM)
Among the principles of CRM are teamwork, communication, conflict resolution, critical
thinking, decision making, situational awareness, and stress management. CRM is integrated into
aviation training to help each crew member model successful behavior of other individuals and
crews, a countermeasure to human error.
What happens to productivity and morale when a co-worker or supervisor won’t or can’t
interact effectively with the team? Who do you know that is silent in brainstorming meetings or
nods or shrugs rather than speaking in response to questions? Someone acting out of self-interest
or who keeps to themselves can work against achieving common goals of an organization.
The screening process of applicants for open positions that includes analyzing samples of
their handwriting can better identify those who would be the best fit to get the job done and also
match the culture of the company. Keeping out those with all the right credentials and
experience, but who bring a hostile, disruptive, or other personality that would reduce
productivity or morale or who might intentionally commit a crime against the organization or its
personnel, helps build a constructive work environment. It doesn’t end there, however. Once
employed, stressful life events can turn a person into one that is more likely to threaten the
security and integrity of the organization, should they begin to act out of self-interest or self-
preservation to protect loved ones against harm.
Collaboration and cooperation depend on frank and honest communication. Transparency
is the antithesis of compartmentalization. At the same time a person must be capable of keeping
private information confidential, sharing it only on a need to know basis or maintaining strict
confidentiality. To build mutual respect you must trust the communication.
A perfect world would be free of conflict. Since we aren’t to that point, the team must be
able to resolve conflict, which encourages the free flow of ideas and inspires creativity. Being
able to fix problems or at least reach the best alternative solution diffuses personality conflicts,
softens the hostility of win/lose competitiveness, and keeps people’s attention on the big picture
of organizational goals.
5. 5
Decisions must be made. Second-guessing, paying superficial attention to matters, or
missing important details delays and corrupts the process and weakens the effectiveness of
decisions. The best match to fill an open position would include decisiveness. Bringing
indecision into the workplace invites instability.
Situational awareness is about seeing the big picture and knowing what’s going on
around you. An operator must combine sight through the UAS camera with appropriate reaction
time in response to payload sense and avoid data. Focus and awareness are inversely related. As
one increases the other decreases. You either zoom in or zoom out, not both. Any distortion of
perception can compromise a mission on which everyone must be on the same page.
Automation is a fact of life in the UAS world. The vehicles rely on technology for critical
control systems, communication, payloads, and navigation. Corruption by hacking, spoofing, or
impersonating communication constitutes cyber security breaches. An organization cannot afford
a member who brings a disruptive personality into the crew, nor can it afford to take crew
integrity for granted. Continuous security checks must be part of CRM.
Depending on the missions and workplace environment, stress management must be
addressed regularly. Achieving peak crew performance on a consistent basis requires devoting
meaningful attention to fatigue, burnout, crew readiness and mission stress, physical and mental
health. Focus on hiring the right person rather than not hiring the wrong one. Define the job and
assign it to a qualified person. Avoid assigning an unqualified or inadequately trained person to a
crew position.
Handwriting Analysis
Human personality is revealed in the body language of handwriting and hand printing
whether by whole letter formation, single stroke or combination of strokes. The analysis of the
samples is projective not predictive. The writer projects the personality on the paper or other
writing surface. Analysis of writing is an effective tool that can be added into the job applicant
screening process and to post-employment employee management. It is never recommended to
make human resource decisions based solely on handwriting analysis or any other single method.
The screening of applicants for open positions improves the odds of creating and
maintaining a positive and productive work environment with strong morale and loyalty. Certain
personality traits are best kept out of a UAS command center. Keep in mind that one trait does
not define the personality. Finding an undesirable trait in a handwriting sample may be a red flag
but not necessarily disqualify a person as the best fit for the job. It does mean that management
may have to deal with aspects of the trait at some point in the future and a hiring manager must
decide whether this is worth the risk. We expect that bad guys will be bad. We expect good guys
to be good but they can turn bad or make varying degrees of mistakes.
Post-employment employee management on a periodic basis prevents complacency and
reduces the risk of conventional cyber attack. Adding UAS into the mix further complicates
cyber security risk analysis and mitigation. Traumatic life changes and outside influences may
corrupt the reliability and integrity of what was once determined to be a trustworthy employee.
The greater the access to key information or awareness to internal vulnerabilities, or the higher
6. 6
the level in the organization, the greater the risk for a cyber security breach. The following traits
may increase the risk of a cyber security breach by a UAS operator.
Repression in the writing is reductive to loyalty. It eliminates analytical ability causing
the writer to naïvely accept false facts or issues. Resentment, jealousy, depth, and weak character
may precipitate criminal vengeance. Vanity, resentment and jealousy are reductive to loyalty and
integrity. According to Royce Smith, the following example shows the complexity of analyzing
vanity.
Vanity can be revealed eight (8) ways:
• Overly tall stems of lower case letters “t” and “d”
• Overly tall, retraced, and slender loops of lower case letters “b”, “f”, “h”, “k”, and “l”
• Overly tall Capital letters
• Overly short stems of lower case letters “t” and “d”
• Jealousy with ostentation and cool nature (self-interest)
• Pride coupled with large upper loops
• Pride with imagination
• Very large upper and lower loops
Personality traits can be identified in multiple ways, so creating a complete personality
profile from a large sample in needed to thoroughly assess the extent an individual meets the job
requirements and fits the needs of the organization. That’s the advice of Lorraine Owens, MGA,
who has authored handwriting books that provide trait descriptions and definitions to assist in
understanding the work personality.
People who want things they can’t afford or take things that belong to others have a
desire to acquire. Weak-willed individuals tend to be undisciplined and prone to being influenced
by others even if it means doing something immoral or illegal. People can lie to themselves or
others. This leads to several undesirable consequences such as making excuses for poor
performance, telling half-truths, intentionally hurting or misleading others, covering up or
distorting facts, or avoiding controversy by manipulation or telling half truths. Selfish people put
their own interests or well-being first. Others simply cannot stand up to pressure, persuasion, and
temptation and can submit to influence not in the best interests of the organization.
Conclusion
No countermeasure or training method has yet been found that can prevent every mistake
or guarantee complete defense against internal or external cyber threats. The best alternative is to
be prepared, vigilant, resilient, and proactive. The frequency and intensity of cyber threats and
the number of near-miss events between manned and unmanned aircraft are increasing. Flight
safety in the national airspace demands effective professional expertise.
Measuring and mitigating risks of internal cyber security breaches by UAS operators can
be facilitated by adding handwriting analysis to the HR toolkit. Personality profiles created from
analyzing handwriting samples can increase the effectiveness of Crew Resource Management
both in the pre-employment screening of applicants to open positions and in recurring reviews of
current staff.
7. 7
Subject Matter Experts
Randall K. Nichols, Lorraine L. Owens, and Royce Smith have played key roles in
mentoring the author on his career path and production of this whitepaper.
Randall K Nichols, Professor Emeritus – Cybersecurity & Adjunct Faculty UAS-
Cybersecurity Programs, Kansas State Polytechnic University, Salina, KS.
Author/ Developer: MS / Certificate in Unmanned Aerial Systems (UAS) -Cybersecurity
Retired Chair and Program Developer: MS - Cybersecurity –Intelligence and Forensics
Retired Chair and Program Director: BS – Cybersecurity and Information Assurance
Co-Author/ Developer: MPS – Risk Assessment and Cybersecurity Policy
Author/Developer: MS Cyber Surveillance and Warfare
Nichols served as Technology Director of Cryptography and Biometrics for the
International Computer Security Association (ICSA), President, and Vice President of the
American Cryptogram Association (ACA). Nichols is internationally respected, with 47 years of
experience in a variety of leadership roles in cryptography, counter-intelligence, INFOSEC, and
sensitive computer applications in the engineering, consulting, construction, and chemicals
industries.
Lorraine L. Owens, Master Certified Graphoanalyst; Life Member of the International
Graphoanalysis Society (IGAS) since 1967; B.A. in Psychology; Listed in Who’s Who of
American Women (1981-89 Editions); President of Kaleidoscope Industries Corp, Kansas City,
Missouri; Past President of Missouri Chapter IGAS (1971 and 1977); Recipient of the
President’s Certificate of Merit Award, 1980; IGAS Graphoanalyst of the Year (2004), Seminar
speaker to chapters in the United States, Canada, and England; Lectured at Stanford University
Graduate School of Business; Member of the National Association of Women Business Owners;
Resource for the Young Presidents Organization and the World Business Council;
Graphoanalysis experience includes personnel work, expertise in the field of learning disabilities,
personal and compatibility reports; work with psychologist at the Kansas State Prison and using
Graphotherapy, taught Psychology 103 at the IGAS Annual Congress in Chicago, Illinois;
participant in research projects for the IGAS. Author of Different Ways to Describe Traits (1976)
out of print, Handwriting Analysis Dictionary (1981, revised 1987), Dual Aspects of Traits
(1987), and Trait Combinations (1989).
Royce Smith, Certified Graphoanalyst (IGAS); Master Graphologist, International
Graphology Association (IGA), UK; U.S. Marine Corps Master Sergeant, retired in 1970 after 24
years; 54 years as a Handwriting Analysis Practitioner; Past member of The American College
of Forensic Examiners; Completed courses on Document Examination and Criminal Law.
8. 8
About the Author
John M. Boesen is a court qualified expert handwriting analyst and document examiner
with over 18 years’ experience and is registered as a handwriting expert with the Kansas State
Board of Indigent’s Defense Services, Topeka, Kansas. Mr. Boesen holds a Master of Science
Degree in Management from Friends University, Wichita Kansas, is co-author of three National
Critical Infrastructure Estimates on Unmanned Aircraft Systems, and is the first person to earn a
Graduate Certificate in Cyber Security for Unmanned Aircraft Systems (UAS) from Kansas State
Polytechnic University, Salina, Kansas.
Mr. Boesen examines handwriting and hand printing on questioned documents for
attorneys and individuals, and consults with HR departments and business owners to support
hiring and employee management decisions with pre-employment screening and post-
employment employee management using personality profiles from analyzing handwriting
samples.
Mr. Boesen has spoken before audiences at the Bombardier Aerospace Management
Association, Kansas Legal Professionals, AOPA, Financial Executives International, and Retired
Federal Employees Association in Wichita, Kansas, Brown Mackie College and Salina Area
Technical College in Salina, Kansas, and testified in support of strong handwriting standards in
K-12 curricula to the Kansas State Board of Education in Topeka, Kansas.
Author profile: https://www.linkedin.com/in/john-boesen-ms-cqe-064a2518?trk=hp-identity-
name
April 2016