SlideShare a Scribd company logo

UAS Whitepaper John Boesen

J
John Boesen, MS, CQE
1 of 8
Download to read offline
1 MEASURING AND MITIGATING VULNERABILITIES OF UAS OPERATORS IN CREW RESOURCE MANAGEMENT (CRM) WHAT PERSONALITY WEAKNESSES IN THE HANDWRITING OF UAS OPERATORS INCREASE THE RISK OF INTERNAL CYBER SECURITY BREACHES? By John Boesen, MS, CQE The Handwriting Guy
2
3 Introduction This whitepaper addresses personality weaknesses found in handwriting of UAS operators that could result in internal cyber security breaches in the context of Crew Resource Management (CRM). Integrity is a major aspect of risk management in a Security Needs Definition Matrix (SNDM). The emerging world of unmanned vehicles has pushed into the traditional world of piloted aviation. CRM principles apply to both although CRM is still adapting to unmanned aerial vehicles and systems. Computer networks, open Internet access, portable drives, and mobile devices bring risks of cyber security breaches. Organizational structures of government agencies and civilian companies are adapting by creating Chief Information Security Officers (CISO), who apply resources in the form of countermeasures to mitigate these risks. With the advent of unmanned aircraft systems (UAS) those risks increase the demand for countermeasure resources. UAS carry the next wave of real-world technology, not comic book science fiction. The rate of acceleration is increasing and finding ways to operate safely in the national airspace (NAS) and securely manage and use massive networked databases has become a priority. Responding to pressure from multiple interests, the FAA chose to begin managing UAS operation by implementing a vehicle owner registration policy. Following the brief initial registration period, the number of registered UAS outnumbered manned aircraft in the U.S. Like ocean waves that keep coming, so will issues dealing with UAS. As of the date of this whitepaper, the FAA has no written public policy addressing Cyber Security for UAS in the U.S. national airspace (NAS). Considering the enormity of the fledgling UAS industry, the vulnerabilities it adds for mitigation, and the severity of threats requiring countermeasures, it would be reasonable to add it to the list of U.S. Critical Infrastructure. Crew resource management (CRM) evolved in the manned aircraft industry with rules, training, and licensing to manage flight in the national airspace (NAS). CRM must now include those operating and managing the operation of UAS. People are using technology in places and ways beyond imagination in many cases that were once only dreamed about. It’s becoming hard to tell science fiction from science fact. Value came with innovation. So did vulnerabilities. Threats to an agency, company, or organization from unauthorized access to what the UAS camera sees or what data it collects can compromise classified records, trade secrets, financial and medical records, and other private information important to the military, commercial businesses, and non-profit organizations. UAS operators must be able to concentrate on a display screen to "see" through the eye of the camera mounted on an unmanned aerial vehicle (UAV), also called a drone, and use a smart phone, tablet computer, desktop computer, or console screen to 'pilot' the aircraft in 360 degrees from a fixed or mobile command station.
4 Operators must maintain a balance between focus and awareness of the environment in which the vehicle is flying in the context of the mission; able to sit for extended periods without much physical activity; be detail oriented; loyal/patient; manually dexterous; frank or secretive but not deceptive or manipulative; reticent not talkative; responsive but not withdrawn, expressive, or impulsive; decisive; comfortable following directions, procedures, rules, and regulations; be able to adapt quickly to avoid a midair collision with a manned or unmanned aircraft in controlled or non-controlled airspace. In addition to the personality being analyzed, external variables come into play. Members of an operator's family or the operator can become seriously ill or be threatened with harm by extortionists causing the operator to compromise his/her integrity and act out of self-interest or fear. An operator can pose as an ally but in fact be a spy. Any number of worst case scenarios may be considered. Crew Resource Management (CRM) Among the principles of CRM are teamwork, communication, conflict resolution, critical thinking, decision making, situational awareness, and stress management. CRM is integrated into aviation training to help each crew member model successful behavior of other individuals and crews, a countermeasure to human error. What happens to productivity and morale when a co-worker or supervisor won’t or can’t interact effectively with the team? Who do you know that is silent in brainstorming meetings or nods or shrugs rather than speaking in response to questions? Someone acting out of self-interest or who keeps to themselves can work against achieving common goals of an organization. The screening process of applicants for open positions that includes analyzing samples of their handwriting can better identify those who would be the best fit to get the job done and also match the culture of the company. Keeping out those with all the right credentials and experience, but who bring a hostile, disruptive, or other personality that would reduce productivity or morale or who might intentionally commit a crime against the organization or its personnel, helps build a constructive work environment. It doesn’t end there, however. Once employed, stressful life events can turn a person into one that is more likely to threaten the security and integrity of the organization, should they begin to act out of self-interest or self- preservation to protect loved ones against harm. Collaboration and cooperation depend on frank and honest communication. Transparency is the antithesis of compartmentalization. At the same time a person must be capable of keeping private information confidential, sharing it only on a need to know basis or maintaining strict confidentiality. To build mutual respect you must trust the communication. A perfect world would be free of conflict. Since we aren’t to that point, the team must be able to resolve conflict, which encourages the free flow of ideas and inspires creativity. Being able to fix problems or at least reach the best alternative solution diffuses personality conflicts, softens the hostility of win/lose competitiveness, and keeps people’s attention on the big picture of organizational goals.
5 Decisions must be made. Second-guessing, paying superficial attention to matters, or missing important details delays and corrupts the process and weakens the effectiveness of decisions. The best match to fill an open position would include decisiveness. Bringing indecision into the workplace invites instability. Situational awareness is about seeing the big picture and knowing what’s going on around you. An operator must combine sight through the UAS camera with appropriate reaction time in response to payload sense and avoid data. Focus and awareness are inversely related. As one increases the other decreases. You either zoom in or zoom out, not both. Any distortion of perception can compromise a mission on which everyone must be on the same page. Automation is a fact of life in the UAS world. The vehicles rely on technology for critical control systems, communication, payloads, and navigation. Corruption by hacking, spoofing, or impersonating communication constitutes cyber security breaches. An organization cannot afford a member who brings a disruptive personality into the crew, nor can it afford to take crew integrity for granted. Continuous security checks must be part of CRM. Depending on the missions and workplace environment, stress management must be addressed regularly. Achieving peak crew performance on a consistent basis requires devoting meaningful attention to fatigue, burnout, crew readiness and mission stress, physical and mental health. Focus on hiring the right person rather than not hiring the wrong one. Define the job and assign it to a qualified person. Avoid assigning an unqualified or inadequately trained person to a crew position. Handwriting Analysis Human personality is revealed in the body language of handwriting and hand printing whether by whole letter formation, single stroke or combination of strokes. The analysis of the samples is projective not predictive. The writer projects the personality on the paper or other writing surface. Analysis of writing is an effective tool that can be added into the job applicant screening process and to post-employment employee management. It is never recommended to make human resource decisions based solely on handwriting analysis or any other single method. The screening of applicants for open positions improves the odds of creating and maintaining a positive and productive work environment with strong morale and loyalty. Certain personality traits are best kept out of a UAS command center. Keep in mind that one trait does not define the personality. Finding an undesirable trait in a handwriting sample may be a red flag but not necessarily disqualify a person as the best fit for the job. It does mean that management may have to deal with aspects of the trait at some point in the future and a hiring manager must decide whether this is worth the risk. We expect that bad guys will be bad. We expect good guys to be good but they can turn bad or make varying degrees of mistakes. Post-employment employee management on a periodic basis prevents complacency and reduces the risk of conventional cyber attack. Adding UAS into the mix further complicates cyber security risk analysis and mitigation. Traumatic life changes and outside influences may corrupt the reliability and integrity of what was once determined to be a trustworthy employee. The greater the access to key information or awareness to internal vulnerabilities, or the higher
6 the level in the organization, the greater the risk for a cyber security breach. The following traits may increase the risk of a cyber security breach by a UAS operator. Repression in the writing is reductive to loyalty. It eliminates analytical ability causing the writer to naïvely accept false facts or issues. Resentment, jealousy, depth, and weak character may precipitate criminal vengeance. Vanity, resentment and jealousy are reductive to loyalty and integrity. According to Royce Smith, the following example shows the complexity of analyzing vanity. Vanity can be revealed eight (8) ways: • Overly tall stems of lower case letters “t” and “d” • Overly tall, retraced, and slender loops of lower case letters “b”, “f”, “h”, “k”, and “l” • Overly tall Capital letters • Overly short stems of lower case letters “t” and “d” • Jealousy with ostentation and cool nature (self-interest) • Pride coupled with large upper loops • Pride with imagination • Very large upper and lower loops Personality traits can be identified in multiple ways, so creating a complete personality profile from a large sample in needed to thoroughly assess the extent an individual meets the job requirements and fits the needs of the organization. That’s the advice of Lorraine Owens, MGA, who has authored handwriting books that provide trait descriptions and definitions to assist in understanding the work personality. People who want things they can’t afford or take things that belong to others have a desire to acquire. Weak-willed individuals tend to be undisciplined and prone to being influenced by others even if it means doing something immoral or illegal. People can lie to themselves or others. This leads to several undesirable consequences such as making excuses for poor performance, telling half-truths, intentionally hurting or misleading others, covering up or distorting facts, or avoiding controversy by manipulation or telling half truths. Selfish people put their own interests or well-being first. Others simply cannot stand up to pressure, persuasion, and temptation and can submit to influence not in the best interests of the organization. Conclusion No countermeasure or training method has yet been found that can prevent every mistake or guarantee complete defense against internal or external cyber threats. The best alternative is to be prepared, vigilant, resilient, and proactive. The frequency and intensity of cyber threats and the number of near-miss events between manned and unmanned aircraft are increasing. Flight safety in the national airspace demands effective professional expertise. Measuring and mitigating risks of internal cyber security breaches by UAS operators can be facilitated by adding handwriting analysis to the HR toolkit. Personality profiles created from analyzing handwriting samples can increase the effectiveness of Crew Resource Management both in the pre-employment screening of applicants to open positions and in recurring reviews of current staff.
7 Subject Matter Experts Randall K. Nichols, Lorraine L. Owens, and Royce Smith have played key roles in mentoring the author on his career path and production of this whitepaper. Randall K Nichols, Professor Emeritus – Cybersecurity & Adjunct Faculty UAS- Cybersecurity Programs, Kansas State Polytechnic University, Salina, KS. Author/ Developer: MS / Certificate in Unmanned Aerial Systems (UAS) -Cybersecurity Retired Chair and Program Developer: MS - Cybersecurity –Intelligence and Forensics Retired Chair and Program Director: BS – Cybersecurity and Information Assurance Co-Author/ Developer: MPS – Risk Assessment and Cybersecurity Policy Author/Developer: MS Cyber Surveillance and Warfare Nichols served as Technology Director of Cryptography and Biometrics for the International Computer Security Association (ICSA), President, and Vice President of the American Cryptogram Association (ACA). Nichols is internationally respected, with 47 years of experience in a variety of leadership roles in cryptography, counter-intelligence, INFOSEC, and sensitive computer applications in the engineering, consulting, construction, and chemicals industries. Lorraine L. Owens, Master Certified Graphoanalyst; Life Member of the International Graphoanalysis Society (IGAS) since 1967; B.A. in Psychology; Listed in Who’s Who of American Women (1981-89 Editions); President of Kaleidoscope Industries Corp, Kansas City, Missouri; Past President of Missouri Chapter IGAS (1971 and 1977); Recipient of the President’s Certificate of Merit Award, 1980; IGAS Graphoanalyst of the Year (2004), Seminar speaker to chapters in the United States, Canada, and England; Lectured at Stanford University Graduate School of Business; Member of the National Association of Women Business Owners; Resource for the Young Presidents Organization and the World Business Council; Graphoanalysis experience includes personnel work, expertise in the field of learning disabilities, personal and compatibility reports; work with psychologist at the Kansas State Prison and using Graphotherapy, taught Psychology 103 at the IGAS Annual Congress in Chicago, Illinois; participant in research projects for the IGAS. Author of Different Ways to Describe Traits (1976) out of print, Handwriting Analysis Dictionary (1981, revised 1987), Dual Aspects of Traits (1987), and Trait Combinations (1989). Royce Smith, Certified Graphoanalyst (IGAS); Master Graphologist, International Graphology Association (IGA), UK; U.S. Marine Corps Master Sergeant, retired in 1970 after 24 years; 54 years as a Handwriting Analysis Practitioner; Past member of The American College of Forensic Examiners; Completed courses on Document Examination and Criminal Law.
8 About the Author John M. Boesen is a court qualified expert handwriting analyst and document examiner with over 18 years’ experience and is registered as a handwriting expert with the Kansas State Board of Indigent’s Defense Services, Topeka, Kansas. Mr. Boesen holds a Master of Science Degree in Management from Friends University, Wichita Kansas, is co-author of three National Critical Infrastructure Estimates on Unmanned Aircraft Systems, and is the first person to earn a Graduate Certificate in Cyber Security for Unmanned Aircraft Systems (UAS) from Kansas State Polytechnic University, Salina, Kansas. Mr. Boesen examines handwriting and hand printing on questioned documents for attorneys and individuals, and consults with HR departments and business owners to support hiring and employee management decisions with pre-employment screening and post- employment employee management using personality profiles from analyzing handwriting samples. Mr. Boesen has spoken before audiences at the Bombardier Aerospace Management Association, Kansas Legal Professionals, AOPA, Financial Executives International, and Retired Federal Employees Association in Wichita, Kansas, Brown Mackie College and Salina Area Technical College in Salina, Kansas, and testified in support of strong handwriting standards in K-12 curricula to the Kansas State Board of Education in Topeka, Kansas. Author profile: https://www.linkedin.com/in/john-boesen-ms-cqe-064a2518?trk=hp-identity- name April 2016

Recommended

Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security RisksEnterprise Security Risk Management
 
Outsourcing
OutsourcingOutsourcing
Outsourcingkarlhennessy
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-MaligecChristine Maligec, CRM-E, CRIS
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber RiskMark Gibson
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
Leading the way
Leading the wayLeading the way
Leading the wayKirstin Ferguson
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer
 

Recommended

Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security RisksEnterprise Security Risk Management
 
Outsourcing
OutsourcingOutsourcing
Outsourcingkarlhennessy
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-MaligecChristine Maligec, CRM-E, CRIS
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber RiskMark Gibson
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
Leading the way
Leading the wayLeading the way
Leading the wayKirstin Ferguson
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer
 
Driving at Work HSE Guide
Driving at Work HSE GuideDriving at Work HSE Guide
Driving at Work HSE GuideAlan Bassett
 
The Importance of Trust for Developing Tomorrow’s Information Security Leader...
The Importance of Trust for Developing Tomorrow’s Information Security Leader...The Importance of Trust for Developing Tomorrow’s Information Security Leader...
The Importance of Trust for Developing Tomorrow’s Information Security Leader...Ed Yuwono
 
Retention of Crew
Retention of CrewRetention of Crew
Retention of Crewian_maclean
 
HR summit 2013 - Role of HR in Crisis Management & Organizational Sustainability
HR summit 2013 - Role of HR in Crisis Management & Organizational SustainabilityHR summit 2013 - Role of HR in Crisis Management & Organizational Sustainability
HR summit 2013 - Role of HR in Crisis Management & Organizational SustainabilityMarc Ronez
 
Cyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India AffiliateCyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India AffiliateIRM India Affiliate
 
How to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateHow to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateIRM India Affiliate
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinDavid X Martin
 
IOD Convention 2017_Governance, Ethics and Sustainability_Marc Ronez
IOD Convention 2017_Governance, Ethics and Sustainability_Marc RonezIOD Convention 2017_Governance, Ethics and Sustainability_Marc Ronez
IOD Convention 2017_Governance, Ethics and Sustainability_Marc RonezMarc Ronez
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsDavid X Martin
 
Sms Guidance Pamphlet
Sms Guidance PamphletSms Guidance Pamphlet
Sms Guidance PamphletGarnerbarro PL
 
Erm indian-higher-education
Erm indian-higher-educationErm indian-higher-education
Erm indian-higher-educationIRM India Affiliate
 
Climate change-risk-management-guidance-report
Climate change-risk-management-guidance-reportClimate change-risk-management-guidance-report
Climate change-risk-management-guidance-reportIRM India Affiliate
 
Modelling Analysis and Design of Self Anchored Suspension Bridge
Modelling Analysis and Design of Self Anchored Suspension BridgeModelling Analysis and Design of Self Anchored Suspension Bridge
Modelling Analysis and Design of Self Anchored Suspension BridgeRohit Grandhi, EIT
 
1st quarter 2016 LinkedIn results
1st quarter 2016 LinkedIn results1st quarter 2016 LinkedIn results
1st quarter 2016 LinkedIn resultsPierluca Santoro
 
La filosofía
La filosofía La filosofía
La filosofía marianoel1978
 
KOHN_finalsymposium
KOHN_finalsymposiumKOHN_finalsymposium
KOHN_finalsymposiumJessalyn Kohn
 
International dance day
International dance dayInternational dance day
International dance dayParamita Chowdhury
 
Goiás peixes investimento
Goiás peixes investimentoGoiás peixes investimento
Goiás peixes investimentoCleuber Carlos Nascimento
 
Freelance web designer singapore
Freelance web designer singaporeFreelance web designer singapore
Freelance web designer singaporeSubraa PD
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsKory Edwards
 
Eyes on the Prize
Eyes on the PrizeEyes on the Prize
Eyes on the PrizeErica Bustamante
 
Tiantian Garment Co., Ltd.
Tiantian Garment Co., Ltd.Tiantian Garment Co., Ltd.
Tiantian Garment Co., Ltd.Gary Deliva
 

More Related Content

What's hot

Driving at Work HSE Guide
Driving at Work HSE GuideDriving at Work HSE Guide
Driving at Work HSE GuideAlan Bassett
 
The Importance of Trust for Developing Tomorrow’s Information Security Leader...
The Importance of Trust for Developing Tomorrow’s Information Security Leader...The Importance of Trust for Developing Tomorrow’s Information Security Leader...
The Importance of Trust for Developing Tomorrow’s Information Security Leader...Ed Yuwono
 
Retention of Crew
Retention of CrewRetention of Crew
Retention of Crewian_maclean
 
HR summit 2013 - Role of HR in Crisis Management & Organizational Sustainability
HR summit 2013 - Role of HR in Crisis Management & Organizational SustainabilityHR summit 2013 - Role of HR in Crisis Management & Organizational Sustainability
HR summit 2013 - Role of HR in Crisis Management & Organizational SustainabilityMarc Ronez
 
Cyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India AffiliateCyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India AffiliateIRM India Affiliate
 
How to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateHow to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateIRM India Affiliate
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinDavid X Martin
 
IOD Convention 2017_Governance, Ethics and Sustainability_Marc Ronez
IOD Convention 2017_Governance, Ethics and Sustainability_Marc RonezIOD Convention 2017_Governance, Ethics and Sustainability_Marc Ronez
IOD Convention 2017_Governance, Ethics and Sustainability_Marc RonezMarc Ronez
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsDavid X Martin
 
Climate change-risk-management-guidance-report
Climate change-risk-management-guidance-reportClimate change-risk-management-guidance-report
Climate change-risk-management-guidance-reportIRM India Affiliate
 

What's hot (12)

Driving at Work HSE Guide
Driving at Work HSE GuideDriving at Work HSE Guide
Driving at Work HSE Guide
 
The Importance of Trust for Developing Tomorrow’s Information Security Leader...
The Importance of Trust for Developing Tomorrow’s Information Security Leader...The Importance of Trust for Developing Tomorrow’s Information Security Leader...
The Importance of Trust for Developing Tomorrow’s Information Security Leader...
 
Retention of Crew
Retention of CrewRetention of Crew
Retention of Crew
 
HR summit 2013 - Role of HR in Crisis Management & Organizational Sustainability
HR summit 2013 - Role of HR in Crisis Management & Organizational SustainabilityHR summit 2013 - Role of HR in Crisis Management & Organizational Sustainability
HR summit 2013 - Role of HR in Crisis Management & Organizational Sustainability
 
Cyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India AffiliateCyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India Affiliate
 
How to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateHow to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia Affiliate
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martin
 
IOD Convention 2017_Governance, Ethics and Sustainability_Marc Ronez
IOD Convention 2017_Governance, Ethics and Sustainability_Marc RonezIOD Convention 2017_Governance, Ethics and Sustainability_Marc Ronez
IOD Convention 2017_Governance, Ethics and Sustainability_Marc Ronez
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-Profits
 
Sms Guidance Pamphlet
Sms Guidance PamphletSms Guidance Pamphlet
Sms Guidance Pamphlet
 
Erm indian-higher-education
Erm indian-higher-educationErm indian-higher-education
Erm indian-higher-education
 
Climate change-risk-management-guidance-report
Climate change-risk-management-guidance-reportClimate change-risk-management-guidance-report
Climate change-risk-management-guidance-report
 

Viewers also liked

Modelling Analysis and Design of Self Anchored Suspension Bridge
Modelling Analysis and Design of Self Anchored Suspension BridgeModelling Analysis and Design of Self Anchored Suspension Bridge
Modelling Analysis and Design of Self Anchored Suspension BridgeRohit Grandhi, EIT
 
1st quarter 2016 LinkedIn results
1st quarter 2016 LinkedIn results1st quarter 2016 LinkedIn results
1st quarter 2016 LinkedIn resultsPierluca Santoro
 
Freelance web designer singapore
Freelance web designer singaporeFreelance web designer singapore
Freelance web designer singaporeSubraa PD
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsKory Edwards
 
Tiantian Garment Co., Ltd.
Tiantian Garment Co., Ltd.Tiantian Garment Co., Ltd.
Tiantian Garment Co., Ltd.Gary Deliva
 
PRUEBAS DE BIENESTAR FETAL
PRUEBAS DE BIENESTAR FETALPRUEBAS DE BIENESTAR FETAL
PRUEBAS DE BIENESTAR FETALAndrea Salazar
 

Viewers also liked (11)

Modelling Analysis and Design of Self Anchored Suspension Bridge
Modelling Analysis and Design of Self Anchored Suspension BridgeModelling Analysis and Design of Self Anchored Suspension Bridge
Modelling Analysis and Design of Self Anchored Suspension Bridge
 
1st quarter 2016 LinkedIn results
1st quarter 2016 LinkedIn results1st quarter 2016 LinkedIn results
1st quarter 2016 LinkedIn results
 
La filosofía
La filosofía La filosofía
La filosofía
 
KOHN_finalsymposium
KOHN_finalsymposiumKOHN_finalsymposium
KOHN_finalsymposium
 
International dance day
International dance dayInternational dance day
International dance day
 
Goiás peixes investimento
Goiás peixes investimentoGoiás peixes investimento
Goiás peixes investimento
 
Freelance web designer singapore
Freelance web designer singaporeFreelance web designer singapore
Freelance web designer singapore
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety Communications
 
Eyes on the Prize
Eyes on the PrizeEyes on the Prize
Eyes on the Prize
 
Tiantian Garment Co., Ltd.
Tiantian Garment Co., Ltd.Tiantian Garment Co., Ltd.
Tiantian Garment Co., Ltd.
 
PRUEBAS DE BIENESTAR FETAL
PRUEBAS DE BIENESTAR FETALPRUEBAS DE BIENESTAR FETAL
PRUEBAS DE BIENESTAR FETAL
 

Similar to UAS Whitepaper John Boesen

Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]Darwin Jayson Mariano
 
People Risk and how HR should manage it.
People Risk and how HR should manage it.People Risk and how HR should manage it.
People Risk and how HR should manage it.chungarisk
 
The Critical Incident Response Maturity Journey
The Critical Incident Response Maturity JourneyThe Critical Incident Response Maturity Journey
The Critical Incident Response Maturity JourneyEMC
 
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10David X Martin
 
Rebuilding financial risk management
Rebuilding financial risk managementRebuilding financial risk management
Rebuilding financial risk managementVincent O'Neil
 
The Role of HR in Preventing Cyber Crime Attacks on Businesses
The Role of HR in Preventing Cyber Crime Attacks on BusinessesThe Role of HR in Preventing Cyber Crime Attacks on Businesses
The Role of HR in Preventing Cyber Crime Attacks on BusinessesRalfHeyer
 
AML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance IndustryAML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance IndustryRachel Hamilton
 
Making the Business Case for Security Investment
Making the Business Case for Security InvestmentMaking the Business Case for Security Investment
Making the Business Case for Security InvestmentRoger Johnston
 
1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docxchristiandean12115
 
Managing Uncertainty - 2011
Managing Uncertainty - 2011Managing Uncertainty - 2011
Managing Uncertainty - 2011RiskShare
 
Crew resource mamagement |Flight schedule management |Airlin
Crew resource mamagement |Flight schedule management |AirlinCrew resource mamagement |Flight schedule management |Airlin
Crew resource mamagement |Flight schedule management |AirlinSushil kumar
 
Human Factors - Driver for Safety Management, Engineering and Risk Governance
Human Factors - Driver for Safety Management, Engineering and Risk GovernanceHuman Factors - Driver for Safety Management, Engineering and Risk Governance
Human Factors - Driver for Safety Management, Engineering and Risk GovernanceThe Windsdor Consulting Group, Inc.
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Group
 
Human Factors as Driver for Safety Management, Engineering, and Risk Governance
Human Factors as Driver for Safety Management, Engineering, and Risk GovernanceHuman Factors as Driver for Safety Management, Engineering, and Risk Governance
Human Factors as Driver for Safety Management, Engineering, and Risk GovernanceThe Windsdor Consulting Group, Inc.
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 

Similar to UAS Whitepaper John Boesen (20)

Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]
 
People Risk and how HR should manage it.
People Risk and how HR should manage it.People Risk and how HR should manage it.
People Risk and how HR should manage it.
 
The Critical Incident Response Maturity Journey
The Critical Incident Response Maturity JourneyThe Critical Incident Response Maturity Journey
The Critical Incident Response Maturity Journey
 
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10
 
Rebuilding financial risk management
Rebuilding financial risk managementRebuilding financial risk management
Rebuilding financial risk management
 
The Role of HR in Preventing Cyber Crime Attacks on Businesses
The Role of HR in Preventing Cyber Crime Attacks on BusinessesThe Role of HR in Preventing Cyber Crime Attacks on Businesses
The Role of HR in Preventing Cyber Crime Attacks on Businesses
 
AML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance IndustryAML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance Industry
 
Making the Business Case for Security Investment
Making the Business Case for Security InvestmentMaking the Business Case for Security Investment
Making the Business Case for Security Investment
 
1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx
 
Managing Uncertainty - 2011
Managing Uncertainty - 2011Managing Uncertainty - 2011
Managing Uncertainty - 2011
 
Hotel security hand book
Hotel security hand bookHotel security hand book
Hotel security hand book
 
MP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatMP_OneSheet_VulnThreat
MP_OneSheet_VulnThreat
 
The management of reputation risk and airline sustainability
The management of reputation risk and airline sustainabilityThe management of reputation risk and airline sustainability
The management of reputation risk and airline sustainability
 
Crew resource mamagement |Flight schedule management |Airlin
Crew resource mamagement |Flight schedule management |AirlinCrew resource mamagement |Flight schedule management |Airlin
Crew resource mamagement |Flight schedule management |Airlin
 
Human Factors - Driver for Safety Management, Engineering and Risk Governance
Human Factors - Driver for Safety Management, Engineering and Risk GovernanceHuman Factors - Driver for Safety Management, Engineering and Risk Governance
Human Factors - Driver for Safety Management, Engineering and Risk Governance
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attack
 
Human Factors as Driver for Safety Management, Engineering, and Risk Governance
Human Factors as Driver for Safety Management, Engineering, and Risk GovernanceHuman Factors as Driver for Safety Management, Engineering, and Risk Governance
Human Factors as Driver for Safety Management, Engineering, and Risk Governance
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 

UAS Whitepaper John Boesen

  • 1. 1 MEASURING AND MITIGATING VULNERABILITIES OF UAS OPERATORS IN CREW RESOURCE MANAGEMENT (CRM) WHAT PERSONALITY WEAKNESSES IN THE HANDWRITING OF UAS OPERATORS INCREASE THE RISK OF INTERNAL CYBER SECURITY BREACHES? By John Boesen, MS, CQE The Handwriting Guy
  • 2. 2
  • 3. 3 Introduction This whitepaper addresses personality weaknesses found in handwriting of UAS operators that could result in internal cyber security breaches in the context of Crew Resource Management (CRM). Integrity is a major aspect of risk management in a Security Needs Definition Matrix (SNDM). The emerging world of unmanned vehicles has pushed into the traditional world of piloted aviation. CRM principles apply to both although CRM is still adapting to unmanned aerial vehicles and systems. Computer networks, open Internet access, portable drives, and mobile devices bring risks of cyber security breaches. Organizational structures of government agencies and civilian companies are adapting by creating Chief Information Security Officers (CISO), who apply resources in the form of countermeasures to mitigate these risks. With the advent of unmanned aircraft systems (UAS) those risks increase the demand for countermeasure resources. UAS carry the next wave of real-world technology, not comic book science fiction. The rate of acceleration is increasing and finding ways to operate safely in the national airspace (NAS) and securely manage and use massive networked databases has become a priority. Responding to pressure from multiple interests, the FAA chose to begin managing UAS operation by implementing a vehicle owner registration policy. Following the brief initial registration period, the number of registered UAS outnumbered manned aircraft in the U.S. Like ocean waves that keep coming, so will issues dealing with UAS. As of the date of this whitepaper, the FAA has no written public policy addressing Cyber Security for UAS in the U.S. national airspace (NAS). Considering the enormity of the fledgling UAS industry, the vulnerabilities it adds for mitigation, and the severity of threats requiring countermeasures, it would be reasonable to add it to the list of U.S. Critical Infrastructure. Crew resource management (CRM) evolved in the manned aircraft industry with rules, training, and licensing to manage flight in the national airspace (NAS). CRM must now include those operating and managing the operation of UAS. People are using technology in places and ways beyond imagination in many cases that were once only dreamed about. It’s becoming hard to tell science fiction from science fact. Value came with innovation. So did vulnerabilities. Threats to an agency, company, or organization from unauthorized access to what the UAS camera sees or what data it collects can compromise classified records, trade secrets, financial and medical records, and other private information important to the military, commercial businesses, and non-profit organizations. UAS operators must be able to concentrate on a display screen to "see" through the eye of the camera mounted on an unmanned aerial vehicle (UAV), also called a drone, and use a smart phone, tablet computer, desktop computer, or console screen to 'pilot' the aircraft in 360 degrees from a fixed or mobile command station.
  • 4. 4 Operators must maintain a balance between focus and awareness of the environment in which the vehicle is flying in the context of the mission; able to sit for extended periods without much physical activity; be detail oriented; loyal/patient; manually dexterous; frank or secretive but not deceptive or manipulative; reticent not talkative; responsive but not withdrawn, expressive, or impulsive; decisive; comfortable following directions, procedures, rules, and regulations; be able to adapt quickly to avoid a midair collision with a manned or unmanned aircraft in controlled or non-controlled airspace. In addition to the personality being analyzed, external variables come into play. Members of an operator's family or the operator can become seriously ill or be threatened with harm by extortionists causing the operator to compromise his/her integrity and act out of self-interest or fear. An operator can pose as an ally but in fact be a spy. Any number of worst case scenarios may be considered. Crew Resource Management (CRM) Among the principles of CRM are teamwork, communication, conflict resolution, critical thinking, decision making, situational awareness, and stress management. CRM is integrated into aviation training to help each crew member model successful behavior of other individuals and crews, a countermeasure to human error. What happens to productivity and morale when a co-worker or supervisor won’t or can’t interact effectively with the team? Who do you know that is silent in brainstorming meetings or nods or shrugs rather than speaking in response to questions? Someone acting out of self-interest or who keeps to themselves can work against achieving common goals of an organization. The screening process of applicants for open positions that includes analyzing samples of their handwriting can better identify those who would be the best fit to get the job done and also match the culture of the company. Keeping out those with all the right credentials and experience, but who bring a hostile, disruptive, or other personality that would reduce productivity or morale or who might intentionally commit a crime against the organization or its personnel, helps build a constructive work environment. It doesn’t end there, however. Once employed, stressful life events can turn a person into one that is more likely to threaten the security and integrity of the organization, should they begin to act out of self-interest or self- preservation to protect loved ones against harm. Collaboration and cooperation depend on frank and honest communication. Transparency is the antithesis of compartmentalization. At the same time a person must be capable of keeping private information confidential, sharing it only on a need to know basis or maintaining strict confidentiality. To build mutual respect you must trust the communication. A perfect world would be free of conflict. Since we aren’t to that point, the team must be able to resolve conflict, which encourages the free flow of ideas and inspires creativity. Being able to fix problems or at least reach the best alternative solution diffuses personality conflicts, softens the hostility of win/lose competitiveness, and keeps people’s attention on the big picture of organizational goals.
  • 5. 5 Decisions must be made. Second-guessing, paying superficial attention to matters, or missing important details delays and corrupts the process and weakens the effectiveness of decisions. The best match to fill an open position would include decisiveness. Bringing indecision into the workplace invites instability. Situational awareness is about seeing the big picture and knowing what’s going on around you. An operator must combine sight through the UAS camera with appropriate reaction time in response to payload sense and avoid data. Focus and awareness are inversely related. As one increases the other decreases. You either zoom in or zoom out, not both. Any distortion of perception can compromise a mission on which everyone must be on the same page. Automation is a fact of life in the UAS world. The vehicles rely on technology for critical control systems, communication, payloads, and navigation. Corruption by hacking, spoofing, or impersonating communication constitutes cyber security breaches. An organization cannot afford a member who brings a disruptive personality into the crew, nor can it afford to take crew integrity for granted. Continuous security checks must be part of CRM. Depending on the missions and workplace environment, stress management must be addressed regularly. Achieving peak crew performance on a consistent basis requires devoting meaningful attention to fatigue, burnout, crew readiness and mission stress, physical and mental health. Focus on hiring the right person rather than not hiring the wrong one. Define the job and assign it to a qualified person. Avoid assigning an unqualified or inadequately trained person to a crew position. Handwriting Analysis Human personality is revealed in the body language of handwriting and hand printing whether by whole letter formation, single stroke or combination of strokes. The analysis of the samples is projective not predictive. The writer projects the personality on the paper or other writing surface. Analysis of writing is an effective tool that can be added into the job applicant screening process and to post-employment employee management. It is never recommended to make human resource decisions based solely on handwriting analysis or any other single method. The screening of applicants for open positions improves the odds of creating and maintaining a positive and productive work environment with strong morale and loyalty. Certain personality traits are best kept out of a UAS command center. Keep in mind that one trait does not define the personality. Finding an undesirable trait in a handwriting sample may be a red flag but not necessarily disqualify a person as the best fit for the job. It does mean that management may have to deal with aspects of the trait at some point in the future and a hiring manager must decide whether this is worth the risk. We expect that bad guys will be bad. We expect good guys to be good but they can turn bad or make varying degrees of mistakes. Post-employment employee management on a periodic basis prevents complacency and reduces the risk of conventional cyber attack. Adding UAS into the mix further complicates cyber security risk analysis and mitigation. Traumatic life changes and outside influences may corrupt the reliability and integrity of what was once determined to be a trustworthy employee. The greater the access to key information or awareness to internal vulnerabilities, or the higher
  • 6. 6 the level in the organization, the greater the risk for a cyber security breach. The following traits may increase the risk of a cyber security breach by a UAS operator. Repression in the writing is reductive to loyalty. It eliminates analytical ability causing the writer to naïvely accept false facts or issues. Resentment, jealousy, depth, and weak character may precipitate criminal vengeance. Vanity, resentment and jealousy are reductive to loyalty and integrity. According to Royce Smith, the following example shows the complexity of analyzing vanity. Vanity can be revealed eight (8) ways: • Overly tall stems of lower case letters “t” and “d” • Overly tall, retraced, and slender loops of lower case letters “b”, “f”, “h”, “k”, and “l” • Overly tall Capital letters • Overly short stems of lower case letters “t” and “d” • Jealousy with ostentation and cool nature (self-interest) • Pride coupled with large upper loops • Pride with imagination • Very large upper and lower loops Personality traits can be identified in multiple ways, so creating a complete personality profile from a large sample in needed to thoroughly assess the extent an individual meets the job requirements and fits the needs of the organization. That’s the advice of Lorraine Owens, MGA, who has authored handwriting books that provide trait descriptions and definitions to assist in understanding the work personality. People who want things they can’t afford or take things that belong to others have a desire to acquire. Weak-willed individuals tend to be undisciplined and prone to being influenced by others even if it means doing something immoral or illegal. People can lie to themselves or others. This leads to several undesirable consequences such as making excuses for poor performance, telling half-truths, intentionally hurting or misleading others, covering up or distorting facts, or avoiding controversy by manipulation or telling half truths. Selfish people put their own interests or well-being first. Others simply cannot stand up to pressure, persuasion, and temptation and can submit to influence not in the best interests of the organization. Conclusion No countermeasure or training method has yet been found that can prevent every mistake or guarantee complete defense against internal or external cyber threats. The best alternative is to be prepared, vigilant, resilient, and proactive. The frequency and intensity of cyber threats and the number of near-miss events between manned and unmanned aircraft are increasing. Flight safety in the national airspace demands effective professional expertise. Measuring and mitigating risks of internal cyber security breaches by UAS operators can be facilitated by adding handwriting analysis to the HR toolkit. Personality profiles created from analyzing handwriting samples can increase the effectiveness of Crew Resource Management both in the pre-employment screening of applicants to open positions and in recurring reviews of current staff.
  • 7. 7 Subject Matter Experts Randall K. Nichols, Lorraine L. Owens, and Royce Smith have played key roles in mentoring the author on his career path and production of this whitepaper. Randall K Nichols, Professor Emeritus – Cybersecurity & Adjunct Faculty UAS- Cybersecurity Programs, Kansas State Polytechnic University, Salina, KS. Author/ Developer: MS / Certificate in Unmanned Aerial Systems (UAS) -Cybersecurity Retired Chair and Program Developer: MS - Cybersecurity –Intelligence and Forensics Retired Chair and Program Director: BS – Cybersecurity and Information Assurance Co-Author/ Developer: MPS – Risk Assessment and Cybersecurity Policy Author/Developer: MS Cyber Surveillance and Warfare Nichols served as Technology Director of Cryptography and Biometrics for the International Computer Security Association (ICSA), President, and Vice President of the American Cryptogram Association (ACA). Nichols is internationally respected, with 47 years of experience in a variety of leadership roles in cryptography, counter-intelligence, INFOSEC, and sensitive computer applications in the engineering, consulting, construction, and chemicals industries. Lorraine L. Owens, Master Certified Graphoanalyst; Life Member of the International Graphoanalysis Society (IGAS) since 1967; B.A. in Psychology; Listed in Who’s Who of American Women (1981-89 Editions); President of Kaleidoscope Industries Corp, Kansas City, Missouri; Past President of Missouri Chapter IGAS (1971 and 1977); Recipient of the President’s Certificate of Merit Award, 1980; IGAS Graphoanalyst of the Year (2004), Seminar speaker to chapters in the United States, Canada, and England; Lectured at Stanford University Graduate School of Business; Member of the National Association of Women Business Owners; Resource for the Young Presidents Organization and the World Business Council; Graphoanalysis experience includes personnel work, expertise in the field of learning disabilities, personal and compatibility reports; work with psychologist at the Kansas State Prison and using Graphotherapy, taught Psychology 103 at the IGAS Annual Congress in Chicago, Illinois; participant in research projects for the IGAS. Author of Different Ways to Describe Traits (1976) out of print, Handwriting Analysis Dictionary (1981, revised 1987), Dual Aspects of Traits (1987), and Trait Combinations (1989). Royce Smith, Certified Graphoanalyst (IGAS); Master Graphologist, International Graphology Association (IGA), UK; U.S. Marine Corps Master Sergeant, retired in 1970 after 24 years; 54 years as a Handwriting Analysis Practitioner; Past member of The American College of Forensic Examiners; Completed courses on Document Examination and Criminal Law.
  • 8. 8 About the Author John M. Boesen is a court qualified expert handwriting analyst and document examiner with over 18 years’ experience and is registered as a handwriting expert with the Kansas State Board of Indigent’s Defense Services, Topeka, Kansas. Mr. Boesen holds a Master of Science Degree in Management from Friends University, Wichita Kansas, is co-author of three National Critical Infrastructure Estimates on Unmanned Aircraft Systems, and is the first person to earn a Graduate Certificate in Cyber Security for Unmanned Aircraft Systems (UAS) from Kansas State Polytechnic University, Salina, Kansas. Mr. Boesen examines handwriting and hand printing on questioned documents for attorneys and individuals, and consults with HR departments and business owners to support hiring and employee management decisions with pre-employment screening and post- employment employee management using personality profiles from analyzing handwriting samples. Mr. Boesen has spoken before audiences at the Bombardier Aerospace Management Association, Kansas Legal Professionals, AOPA, Financial Executives International, and Retired Federal Employees Association in Wichita, Kansas, Brown Mackie College and Salina Area Technical College in Salina, Kansas, and testified in support of strong handwriting standards in K-12 curricula to the Kansas State Board of Education in Topeka, Kansas. Author profile: https://www.linkedin.com/in/john-boesen-ms-cqe-064a2518?trk=hp-identity- name April 2016