Joseph White

Dr. Leland

PPOL 8622

June 16, 2015

Data Breach Causality Research Project

Research Project IntroductionIn the spring of 2015, the United States Office of Personnel Management made a horrible discovery. The Office of Personnel Management’s private and secured database had been cyber attacked and data breached. The OPM announced to the media that they had lost the private and personal data of over 4,200,000 people. These people that were affected were all current or former employees of the federal government. Every federal agency was affected, including the Federal Bureau of Investigation and the Central Intelligence Agency.

The mass majority of data that was stolen pertained to background information for the recruiting and hiring of new employees. It was announced that social security numbers, home addresses, alias names, phone numbers, and medical information were all taken by an unknown source.

Even people attempting to apply for the federal government as applicants had their social security numbers stolen. 21,500,000 individuals had their social security numbers extracted from OPM databases.

Because of this damaging incident, the reputation of the federal government’s cyber security network was destroyed for the present time being. The OPM began an interagency investigation into the circumstances of the incident, and future actions to prevent the same incident from happening twice.

The largest impact and image shattering point of this incident, was that this data breach opened Americans’ eyes to the fact that the federal government was not as all knowing and in control as they project themselves to be. Citizens now began to question cyber security in general, and what measures are being taken to secure their accounts and private personal information.

This project titled “Data Breach Causality Research Project” is important, interesting, and necessary for several reasons. First, in order to defend against an enemy or threat, a person or group must first understand the threat. By interviewing the key stakeholders and executives of the Office of Personnel Management, key facts, opinions, trends, and research data can be extracted and analyzed for increased clarity on the topic of cyber security. This project is interesting, because technology is constantly changing every year, and it is becoming a larger part of the American citizen’s everyday life. People are becoming incredibly dependent technology, to the point that they cannot communicate, eat, or work without technical assistance. This project is necessary, because the American citizen deserves answers from their government officials as to why and how the data breach incident occurred. Also, the American citizen deserves to be as protected as possible from cyber security threats and future attacks.

By utilizing qualitative research techniques such as deep dive interviews and focus groups, the UNCC MPA research team hopes to gather significant evidence and data to assist the cyber security and public administration community in their advancement of government data protection and public policy. The topic area of cyber security is very large, vague, and complex. By stepping up to the task at hand, and reaching out to assist the federal Office of Personnel Management, the UNCC MPA research team hopes to lead and guide other local, state, and federal government organizations, with their obtained and processed research findings.

Literature ReviewResearch Topic:

I would like to perform a research design on the executive branch of the United States federal government’s knowledge base surrounding cyber threats and possible attacks, and whether they have appropriate plans and resources in place to reduce, deny, mitigate, and investigate potential future threats.

Research Question:

Is the “likelihood of a cyber-breach” to the “executive branch of the United States federal government”, related to the “current status of upgrades” to its computer technology?

Research Question Variables:

Model study subject-Federal Office of Personnel

DV-Likelihood of a cyber-breach

-Likelihood defined as (Daily, Weekly, Monthly, Yearly, rarely, never)

-Cyber-breach defined as (the intentional or unintentional release of secure information to an untrusted environment.)

EV-Current status of upgrades to technology

-Current status defined as last privacy software/hardware upgrade to infrastructure (upgrade 2015, upgrade 2014, upgrade 2013, etc)

CV-Training

CV-Awareness

CV-Inside job

CV-Unknown technology

Unit of Analysis-Amount of software/hardware/malware patches per year

Current Articles Analyzed on Topic:

Lynne Rudasill, Jessica Moyer, (2004) "Cyber security, cyber attack, and the development of ‐ ‐governmental response: the librarian's view", New Library World, Vol. 105 Iss: 7/8, pp.248 - 255

Harris, Shane, (2008) “China’s Cyber-Militia CHINESE HACKERS POSE A CLEAR AND PRESENT DANGER TO U.S. GOVERNMENT AND PRIVATE-SECTOR COMPUTER NETWORKS AND MAY BE RESPONSIBLE FOR TWO MAJOR U.S. POWER BLACKOUTS. Read on http://www.triprosec.net/pdf/china_cyber_militia.pdf, June 16, 2015

Groves, Shanna. Information Management Journal37.3 (May/Jun 2003): 34-40. Read on http://search.proquest.com/docview/227745315/abstract/EC2AE941DAE4238PQ/1?accountid=14605, June 16, 2015

Choo, Kim-Kwang Raymond. Computers & Security, Volume 30, Issue 8, November 2011, Pages 719–731, Read on http://ac.els-cdn.com/S0167404811001040/1-s2.0-S0167404811001040-main.pdf?_tid=c108f522-1441-11e5-9356-00000aab0f6b&acdnat=1434471014_3509d52eee7dceceb08ef7226b4e18f4, June 16, 2015

https://www.us-cert.gov/sites/default/files/publications/cyberspace_strategy.pdf

Studies show:

After reviewing several scholarly articles, I have noticed a trend that cyber-attacks are increasing by the year. These attacks have been linked to several possible reasons including: advanced software tools, lack of upgrades to infrastructure, lack of budget priority, lack of training, lack of awareness, advancement in criminal intelligence.

Strengths:

These articles all discuss the various reasons to why cyber-attacks are becoming a bigger threat on a global scale. Researchers have linked society’s dependence on technology for it positive lifestyle as a main reason that criminals attack technical infrastructure. The researchers also give several great examples of when cyber-attacks have caused serious problems to the American government and private sector. Researchers discussed two electrical power outages that were traced to cyber-attacks foreign countries. Researchers also discuss the threat to information privacy for businesses and government personal records, while also giving direct examples.

Weaknesses:

These articles tend to speak in generalities, which cover a lot of ground, but fail to touch on grass root causes. I would like to see more researchers give specific cases, from start to finish,

that detail the who, what, where, when, why, and how of the incident. I would then like to see the researchers show a before and after of the incident, after the cyber security concepts were operationalized and applied to the problem. Overall, I would like to see the topic discussed in greater detail. It is difficult for me to create a correlation and test a hypothesis without specific data pertaining to data breaches. If I was able to find the amount of data breaches to an agency, and the amount of computer software/hardware upgrades they patched in a given year, or how often a software/hardware patch upgrade is generated, I could determine if there is relevance to data breach.

Why this is important to study:

This topic is important to study and obtain more information about because our global society is becoming more technical dependent by the day. The greater importance to a person’s daily lifestyle an issue becomes, the more knowledge needs to be gained about the issue. Technology presents numerous opportunities for people to advance themselves in this world through several means including: health, wealth, business, education, work, pleasure, and travel. Because of these amazing opportunities, lies the potential for risk and threats to our way of existence. Proper security measures and governmental policy should be put in place to safeguard our technological advancements. Scholarly studies need to be performed to test the strength of our operations, and determine connections between critical events and potential causes that lead to their development. It is smarter to stay ahead of the game, and learn about potential threats and reasons for negative actions, before any of these possibilities become disturbing realities.

Research MeasurementAs stated early in this report, this research project’s unit of analysis will be the numeric amount of software/hardware/malware patches per year, implemented by the United States federal government. A patch can be defined as an upgrade or version increase to a computer, software program, or anti-malware service. By adding up all the upgrades to the federal government technical network, researchers may be able to quantify the results into a trend analysis.

Trend analysis reports may be able to show correlations to the rise of cyber-attacks on the federal government, if patches have been occurring at a lowering trend. Also, time frames of vulnerability may be able to be created, which may show times of the year that data breaches are more likely to occur.

In addition to trend analysis, basic parameters can be created about technical patches. The minimum and maximum ranges of patches per year can be established. An average of patches over a half decade can be determined, as well as a standard deviation and mode.

By quantitatively ranking and qualitatively stratifying the amount of patches and the many different areas of the patches, evidence may be created to show that certain agencies receive more cyber defense attention and increased technical budgets over other areas of the federal government.

Fieldwork PlanPlan of entry into environment:

During time period beginning on September 7, 2015 and concluding on September 26, 2015, I would like to enter the United States of America’s Federal Office of Personnel Management located at 1900 E. Street NW, Washington DC, 20415, as a research consultant with the purpose of interviewing procurement managers, risk managers, and cyber security managers on the topic of cyber security. I would like to discuss the recent events surrounding the data breach of government employees’ personal information, which started in July of 2014, and was disclosed to the public in June of 2015.

I want to examine the correlation between data breach incidents at the OPM and their status of software and hardware upgrades. Is there a connection between an increase in cyber-attacks and a lowered level of technical security? Or is there another causal variable that is affecting the rise in attacks on the OPM and other various government agencies? My unit of analysis for this research study will be “the amount of software/hardware/anti-malware patches per year.

By developing relationships with managers within the OPM departments listed above, I believe that I can initiate interview sessions that will allow me to gain a better understanding of what the OPM is doing to protect their employees’ assets and personal information. I can also see

the exact steps and procedures that the OPM is following and creating to combat this critical threat.

This fieldwork study should last no shorter than the three weeks currently planned, but may need to be spread out longer, in order to accommodate schedules and vacations. In addition to schedule accommodation, several of the fieldwork interview questions may be difficult to answer without reaching out to other lines of business and organizational personnel. This may account for longer response times, and a longer stay by the research team.

The research team shall stay off campus and organizational grounds, by lodging at the State Plaza Hotel, located at 2117 E. St NW, Washington DC, 20037. The team shall attend the agency during normal business hours, and be given access to a standard office. The research team shall bring their own laptops, cellphones, and office supplies. Access to a bathroom, copy machine, and drinking fountain shall be requested by the team, once entry has been granted.

Interviews shall be conducted with management resources as scheduled, and walkthroughs shall be determined based on research need and on a need to know basis. All members of the research team shall have a thorough criminal and travel history check performed on them, 2 weeks prior to the September 7, 2015 initiation date, by an independent company of the OPM’s choosing.

Cover letter:Dear Office of Personnel Management Staff,

My name is Joseph White, and I am a current graduate student at the University of North Carolina at Charlotte. I have taken a strong interest into cyber security and the impacts that cyber-attacks have played on the United States government sector over the past several years.

Given the recent events at your agency over the past months, I would like to travel to Washington DC, and work with your management team to discuss, analyze, and conceptualize the policies, procedures, and actions that are necessary to investigate and reduce cyber-attacks on your agency. I have a professional background in law enforcement, information technology, and project management. I have worked internally for Charlotte-Mecklenburg Police Department, Wells Fargo Bank, and Bank of America. I currently hold a bachelor’s degree in Criminal Justice from Kent State University and will graduate with a Master of Public Administration Degree from UNCC in August of 2015.

I would like to conduct my research during the month of September 2015. Over the course of three weeks, I believe that I can achieve a potent understanding of your methods, implementations, and risk reduction practices that are deployed to keep our nation safe and secure. By utilizing a triangular research approach, implementing both qualitative and quantitative methods, I want to analyze whether a connection exists between the amount of data breaches on your agency, and your current status of software/hardware upgrades. This research may help identify reasoning behind potential improvements to nationwide emergency management plans and prevent future cyber-attacks.

The time commitment of your internal staff will be minimal, with face to face interviews being conducted during times convenient to you, over the course of typical workday. My research team will bring our own equipment, and will stay at a local hotel. All of our research obtained can be subject for review by your interviewees and staff. I believe that reciprocity can be achieved during this study, by showing stakeholders the final research conclusion, which may clarify their understanding of the due diligence that is being completed in order to protect the nation’s employees’ from cyber-attacks.

Obviously, this is a very complicated request to explain in an introductory letter, so I would love to speak with you further over the telephone. My university telephone number is 980-288-2890 and my email is jwhit223@uncc.edu. I available throughout the week. Please feel free to contact me at your convenience, and we can continue on the path to a potential research breakthrough!

Thank you for your time,

Joseph White

Informed Consent for

Data Breach Causality Research Project

Project PurposeYou are invited to participate in a research study during the time period of September 2015, conducted by the University of North Carolina at Charlotte-Master of Public Administration Program. This amazing research study will attempt to draw correlations and connections between the rising amount of cyber-attack data breaches, and how often computer hardware/software upgrades are completed each year.

By successfully drawing conclusions of cause and effect, the United States government sector may be able to decrease the amount of cyber-attacks, by implementing various new measures. In the worst possible scenario, additional information, opinions, and beliefs from high level government officials can be gathered and submitted to the general body of knowledge surrounding cyber security defense and emergency management.

Researcher(s)The researcher is Joseph White, W/M, 9/27/1985, 436 Beaumont Avenue, Charlotte, NC, 28202. The researcher has 8 years of combined experience in law enforcement, computer science, and public administration. Joseph is a former award winning law enforcement agent, a certified project manager, and a current corporate financial cyber security project manager. Joseph has high intellect in regards to communications and research. Research methods that he has crafted, utilized, and applied are interviewing, interrogations, case study creation, data analysis, and project management. Joseph will pass any background check, reference check, travel check, and lie detector test available.

Joseph White may elect to bring a research team with him to conduct the study. The reasoning behind this decision is to reduce interview bias, gain a better perspective, increase research productivity and accountability. Joseph also understands that the more minds involved in a research study, increases the potential for more creativity and enhanced results.

The additional researchers shall be identified, labeled, and referenced at a later date. A research plan with an increased granular description may create a business need for more researchers to create value to the overall project. These researchers will subject to the same stringent process that Joseph White will be, in order to gain acceptance to this research project.

Overall Description of ParticipationIf you volunteer to participate in this study, you will be asked to meet with research consultants from the University of North Carolina at Charlotte, to discuss topics and issues pertaining to cyber security and data breaches. Discussions will occur in a one on one, face to face, office interview. The interviews will last longer than two hours, but not longer than three hours. Participants will have the opportunity to eat, drink, and use the restroom.

Interviews will be completed in a formal setting, with formal attire. Participants may be asked to elaborate on their statements, opinions, and beliefs. Anonymity and privacy may be granted at the participant’s request. All data will be gathers on paper, then transferred to computer hardware, and finally transferred to a data storage stick.

Participation shall occur during normal business hours, during pre-scheduled times, of the participant’s choosing. Meetings may be canceled without notice, however, a rescheduled meeting will have to be completed by Friday of the same work week.

Length of ParticipationYour participation will take approximately 6 total hours of face to face interviews with voluntary attendance of introductory and final conclusions presentations by the research team.

Risks and Benefits of ParticipationThe project may involve risks that are not currently known.

Compensation/Payment/IncentivesYou will be included in a drawing for three, $5 Food Lion gift cards at the completion of participation.

Possible Injury StatementIf you are hurt during this study, we will make sure you get the medical treatment you need for your injuries. However, the university will not pay for the medical treatment or repay you for those expenses.

Volunteer StatementYou are a volunteer. The decision to participate in this study is completely up to you. If you decide to be in the study, you may stop at any time. You will not be treated any differently if you decide not to participate in the study or if you stop once you have started.

Confidentiality StatementAny identifiable information collected as part of this study will remain confidential to the extent possible and will only be disclosed with your permission or as required by law.

Statement of Fair Treatment and RespectUNC Charlotte wants to make sure that you are treated in a fair and respectful manner. Contact the university’s Research Compliance Office (704-687-1871) if you have questions about how you are treated as a study participant. If you have any questions about the actual project or study, please contact Joseph White (704-288-2890, jwhit223@uncc.edu).

Approval DateThis form was approved for use on June 17, 2015 for use for one year.

I have read the information in this consent form. I have had the chance to ask questions about this study, and those questions have been answered to my satisfaction. I am at least 18 years of age, and I agree to participate in this research project. I understand that I will receive a copy of this form after it has been signed by me and the principal investigator of this research study.

______________________________________ _______________________Participant Name (PRINT) DATE

___________________________________________________Participant Signature

______________________________________ _______________________Researcher Signature DATE

Initial Meetings with Gatekeepers

I believe that the introductory discussions with the gatekeeper and acceptance of this research project will be a multi-step process. As listed in the chart below, the introduction, explanation, feedback, rework, and acceptance of the project will take several weeks, prior to the start of the project.

The best first step to any project, is to develop a social or business need for the work to be completed and funded. For my project, the social and business need is the safety and security of personal and business data. By studying and developing measures and actions around cyber security and data breaches, a larger and stronger knowledge base can be form to better protect our governmental agencies from attacks from criminals. Communication is a key foundational block to any academic subject expansion or business partnership. Through performance of qualitative interviews and quantitative analysis, a clearer understanding of governmental cyber security may lead to smarter executive decisions and reduce the potential of risks in the future.

The second step to the start of a project is the research model and directional intent need to be discussed with the client gatekeeper and the management staff. They will undoubtedly request a rework and write up of the initial plan to better suit their privacy, abilities, interests, and schedules.

Strategically, I would send one person to meet with the gatekeeper. I would perform a background and demographic check on the gatekeeper in order to get the best possible synergy between the two attendees. Whether it be a similarity such as: gender, race, ex-military, ethnicity, regional inhabitant, age range, or political views, by having a common connection, there is potential to reduce anxiety and distrust.

I would create a clearly defined scope statement surrounding the project, with the direction, intent, costs, time allocation, personnel usage, and end result clearly discussed. It would be proper to send this document to the gatekeepers, along with a shortened PowerPoint deck to help explain the small print.

I would send the best possible representative with the work, in a professional attire, with a small gift from the University of North Carolina at Charlotte campus. First impressions are absolutely dire during this relationship construction.

With the completion of a successful initial meeting, I would ask for any client changes to the initial research model. This will allow the client and research team to improve their relationship and promote the client’s investment in the project. It is very important to have quick turnaround time on the changes to the model, in order to lock down a confirmation from the gatekeeper’s team. Any delay in time could potential cause the gatekeeper to lose interest or focus on other matters.

A final meeting with the gatekeepers should be competed a few days after the initial meeting in order to close the deal, and begin the research project. This can be a risky and stressful time for the client and gatekeeper, so it is important for the research representative to remain calm,

understanding, positive, and supportive to the needs and questions that gatekeeper may present.

With the idealistic assumption of an acceptance into the organization by the gatekeeper, it will take at least a week to process background checks, secure equipment, secure human resources, and travel to the client site. Extra time should be allotted for in regards to mistakes, accidents, preparation, and environmental conformity.

After gatekeeper acceptance, create a high level timeline and schedule for both sides to reference. By staying on the same page, people can properly prepare for meetings, interviews, and work up sessions. It also allows the gatekeepers to see that the research team has put time, thought, and effort into the project and the client’s needs. As listed below, a high level project schedule can be created in Microsoft Excel or Microsoft Project, with times, dates, places, and personnel documented for review.

Task Number Tasks 17-Aug 24-Aug 31-Aug 7-Sep 14-Sep 21-Sep

2 Initial Meeting with GK Thursday

4 Final Meeting with GK Monday5 Acceptance/Decline by GK Wednesday

6 UNCC prep for project/tripThursday/

Friday7 Travel to Washington DC Monday

11 1st round of Meetings begin Tuesday12 Interview with CSO By Friday13 Interview with RMO By Friday

15Compile/Analysis Research Data

Saturday/Sunday

16 2nd round of Meetings begin Monday17 Followup Interview with CSO By Friday18 Followup Interview with RMO By Friday

20Compile/Analysis Research Data

Saturday/Sunday

25 Travel back to UNCC Saturday

19

21

22

23

24

UNCC Research Project Schedule

1

3

8

9

10

14

Monday

By Thursday

Friday

Rework Model based on GK feedback

Thursday/Sunday

Site Seeing /Hotel/ Equipment testing

Tuesday/Thursday

Final Presentation to OPM management

Develop Research Model and Purpose Points

Introductions/Presentation to OPM management

Monday/Thursday

Friday

Monday

By Friday

By Friday

Monday

Set up qaulitative meetings with Managers

Interview with Procurement Offi cer

Followup Interview with Procurement Offi cer

Request Access for a tour of premissis Meeting with GK over potential findingsCreate Documentation surrounding Research Discoveries

DATA BREACH CAUSALITY RESEARCH PROJECT TIMETABLE

Detailed Plan of Data Collection1. Qualitative Analysis Tactic (In depth Interview Session)

My plan of action for data collection will consist of detailed qualitative interviews of several management resources surrounding the cyber security efforts of the United States Federal Office of Personnel Management. As listed above in the project schedule, my research team will conduct separate interview sessions with the Chief Security Officer, the Chief Risk Officer, the Chief Procurement Officer, Senior Network Administrator, Senior Database Administrator, and the Compound Property Manager. These positions possess an extensive amount of information regarding the knowledge base, efforts, preparations, investigations, upgrades, purchases, recruitment, and management of cyber security methods within the Office of Personnel Management.

The main purpose of these qualitative interviews is to obtain an internal first person account and opinion of the topic of cyber security, as well as, any quantifiable data that can be developed from these descriptive conversations with executives. Questions shall be developed to gain knowledge around the amount of data breaches and cyber-attacks that happen to a federal agency like the Federal Office of Personnel Management. Information pertaining to the amount of attacks, the severity of attacks, the location of attacks, the timeframe of attacks, and any quantitative factor to study shall be extracted from the qualitative interview techniques of this project. Interviews shall discuss upgrades to technology, changes in procedures and management, and possible issues that may increase the potential of a cyber-attack.

Each executive will be interviewed twice, over the course of two weeks. This will allow the researchers to analyze the interviewee’s remarks and thought processes, outside of the interview process. The separation period will allow researchers to form new and better questioning, to can clarify areas of vagueness, doubt, confusion, and interest.

Each interview session should be conducted in the management resource’s office, in order to make them feel comfortable. Food and beverages should be made readily available, with access to restrooms and smoke breaks granted. Sessions should last longer than one hour, but no more than three hours, due to potential interview fatigue.

Interview questions shall be open ended, and should allow the interviewee the opportunity to take the conversation in the direction that they best feel can elaborate and illustrate their point. Interviewee responses should be noted and documented word for word, in order to properly analyze comments, questions, conclusions, and recommendations.

Interview times should be schedule to fit the hectic schedules of the executives been interviewed. Whether interview times occur first thing in the morning, or one hour before close of business, the researcher should be punctual to the needs of the client.

During the course of the interview, no use of technology by the interviewee or distractions should be permitted by the researcher. No telephone calls, emails, music, or other actions should break the concentration of the researcher and executive. The purpose of this measure is to prevent threats to break an interviewee’s frame of thought and direction of conversation.

Special thought should be made and studied by the researcher into psychological aspects of an interview. People lie and deceive intentionally and unintentionally. Deceptive cues and human mannerisms should be studied and mastered by interviewers in order combat naïve and coy answers. Difficult questions can be hard to answer for a variety of reasons, so the interviewer should be aware of potential issues prior to the interview. Avoidance of difficult topics and questions should not be tolerated, and questions maintain a focus on the cyber security issues at hand.

Researchers should remain unbiased and follow the wishes of the interviewee. This is not a law enforcement investigation, so researchers should not push issues or escalate questioning to attempt to make a case or story. Interviewees should be allowed to drive the interview at times, and a level of equality should constantly be maintained during the questioning.

Requested Executives to interview (7 total)

1. Chief Security Officer

-This executive is necessary to interview due to their experience in the developing field of cyber security, and their hands on responsibilities surrounding policy and procedures.

-Questions should be asked in regards to the worst scenario that they have experienced, and the worst case scenario that the agency has planned for.

-The executives opinion on what actions should be taken to reduce cyber-attacks should be examined in detail, and countered to solidify their argument.

TIME LIMIT: 2-3 hour interview session, twice over the course of two weeks

2. Chief Risk Officer

-This executive is necessary to interview due to their industry experience with potential threats and risks in general. This executive can give a perspective to the severity of cyber threat in comparison to other threats.

-This executive may be able to give quantifiable data to help secure an understanding around the costs of risk, the ROI, and the balance of risk versus reward.

-The executive opinion of the Chief Risk Officer may be crucial in regards to present techniques and methods that are being utilized to prevent cyber threats. The executive may be able to expand the researcher’s knowledge base of risk management and introduce additional organizational positions and resources into the scenario to study in the future.

TIME LIMIT: 2-3 hour interview session, twice over the course of two weeks

3. Chief Procurement Officer

-This executive will be necessary to interview due to their responsibilities surrounding the purchases and upgrades to new versions and models of technology. This person will be able to discuss in depth the factors that go into upgrades, changes, and timing involving cyber security.

-This executive may also be able to garnish quantitative data surrounding the increases and decreases in pricing and overhead costs. The initial investment into a service may not be worth the assurance of the protection.

-This executive may be able to discuss the various collaborations and partnerships that the agency has with other industries and groups in order to get the best return on investment.

TIME LIMIT: 2-3 hour interview session, twice over the course of two weeks

4. Senior Systems Architect

-This executive may be able to provide valuable data in regards to how the Office of Personnel Management developed their hardware and software infrastructure. This executive would be the point person for all technical questions about how the internal server nodes connect to the external internet. This executive should be able to explain the network blueprints to researchers and may be able to detect loose ends within the technical processes.

TIME LIMIT: 2-3 hour interview session, twice over the course of two weeks

5. Senior Database Developer

-This specialist may be able to elaborate on the construction and day to day operations of the databases that store the government employees’ personal information. The developer may be able to provide hard numeric amounts in regards to bytes of data, storage locations, age of equipment, and protective measures, and upload/download procedures.

-Generally, whenever maintenance is completed on servers, web pages, hard drives, and other technical services, the development team is the core group of employees that executives the deliverables. By speaking with the senior lead on the team, researchers may be able to uncover clues to potential risks and patterns that lead to data breaches.

TIME LIMIT: 2-3 hour interview session, twice over the course of two weeks

6. Senior Network Administrator

-This crucial member of the organization is responsible for the monitoring of network activities and who has access to certain folders and databases. This executive could provide a list of possible threats and trends, or provide clarity in to the location of various users. By performing qualitative analysis on this executive’s interview, a link to stratifying the data into quantitative categories may be easier to perform in the final review.

TIME LIMIT: 2-3 hour interview session, twice over the course of two weeks

7. Compound Property Manager

-This final member of the interview group is responsible for monitoring the physical security mechanisms that provide protection to the organization’s compound. This includes: door locks, key cards, security guards, finger print scanners, blue prints, server room locations, and property control locations.

This executive might provide intelligence surrounding the physical target hardening procedures involved in securing hardware and end user activities. This executive may have knowledge in regards to visitor statistics, delivery processes, and equipment disposition procedures.

TIME LIMIT: 2-3 hour interview session, twice over the course of two weeks

2. Qualitative Analysis Tactic (Focus Group)

On Friday, September 18, 2015, researchers will request the seven listed executives from the previous section to take time out of their day to conduct a one hour focus group meeting with all executives attending.

The purpose of this focus group will be to determine if any of the executives differ in their opinions and beliefs about general cyber security tactics and the possible causes and actions taken during the incident that occurred in the Spring of 2015.

Researchers feel that the potential of collaboration and brainstorming during this focus group could really help the overall outcome of the project. Researchers would like to determine if there are any mutual or differing opinions and advice from the executive group. Often times, executives do not know all of the facts and information during single interviews. By performing this focus group, researchers can determine if executives’ overall perspective of the Spring 2015 data breach is matching or divided.

Joseph White will moderate the focus group conversation, while other researchers sit in the background and document the executives’ answers and thoughts. The overall approach to this meeting will be to let the group members speak for as long as they each want to, in response to individual questions asked by Joseph White. Executives and agree or disagree with other meeting members’ opinions, however, they must follow their stance with a logical and reasoned narrative.

The narrator will strive to discourage dominant speakers from swaying the other group members, and will encourage meek and short winded executives to speak up and elaborate on their thoughts. A positive and ideal outcome of this focus group will be to see that advice the executives can provide to the research team, and to see what the wisest and most agreed upon opinion is of the seven executives invited.

Focus Group Attendance:

Chief Risk Officer Chief Security Officer Chief Procurement Officer Senior Systems Architect Senior Database Developer Senior Network Administrator Compound Property Manager

Exit dissemination During the final interview week of September 21, 2015, conclusions shall be drawn by the research team and discussed with the gatekeeper and management staff prior to a formal write up. Conclusions may be positive, negative, or both. Anonymity and privacy shall be granted to the Office of Personnel Management, should they request the treatment. A proper document shall be drafted by researchers that specifically details the planning, execution, determinations, and overall experience of the research study. An electronic and paper copy shall be delivered, presented, and discussed with the OPM management team during the final week of the study.

Thank you cards and small mementos from UNCC shall be given to the interview participants, for their successful participations in the stringent interview process. Researchers shall secure all of the obtained research data onto an electronic data stick, which shall be secured by an unnamed person, on a need to know basis. All paper notes shall be electronically scanned on computers, and saved to the data stick. Following this step, the paperwork shall be shredded on the premises of the OPM, and all computer files shall be recycled from the desktop computer.

Researchers may be subjected to an exit interview by the client organization, to obtain knowledge on better ways to conduct future interview and training sessions. Researchers shall present all applicable opinions and advice to improve the process for future researchers and organizational employees. This procedure shall be left in the responsibility of the client agency to carry out, document, and save.

The final contact information to be provided to the Federal Office of Personnel Management shall be as follows:

Joseph White/Dr. Suzanne Leland

Master of Public Administration Program Office

9201 University City Blvd,

Charlotte, NC, 28233

704-687-5937

http://mpa.uncc.edu/

Research Project FindingsThe ideal findings for this research project would be show a negative correlation between technical upgrades/patches, and the amount of data breaches successfully conducted on the federal government’s network. It is obvious that there are numerous control variables and possibilities that may affect the correlation, however, it will show the United States government officials and citizens that more time, funding, personnel, and effort needs to be leveraged to technical upgrades across the national government’s aging infrastructure.

In addition to hypothesis information, it would be a fascinating experience to investigate and research the criminal event and crime scene that disclosed over four million personal bios of government employees. By interviewing the Office of Personnel Management’s top executives, researchers can really understand what happened, and not what is published by the clueless media and writers. It could be possible that the facts reports are not completely accurate. It could be possible that the situation was not as bad as displayed, or the situation could be way worse and still going through damage control. Any research study that establishes additional clarity to a unique and innovative government issue is viewed as a successful study.

Furthermore, by conducting this research, it will give the research team from UNCC additional training and exposure to data breach policy, procedure, action planning, and disaster recovery. With the relative originality of cyber security and data breaches, there are not enough educated professionals in the United States to properly investigate and defend against further attacks. By traveling to Washington D.C. and working shoulder to shoulder with technical executives, an enormous amount of knowledge can be transferred to a younger generation. Unfortunately, business continuity processes and disaster recovery plans can only be tested properly when a malicious event occurs. Since malicious events do not occur every day, extra research and a thorough break down must conducted when something actually happens. Due to the unfortunate events that occurred in the Spring of 2015, it only makes sense to have an enthusiastic research team from UNCC tackle this hot topic and growing issue.

Finally, by conducting qualitative analysis such as focus groups, it may be possible to uncover executive opinions and disagreements that the Office of Personnel Management may not know they have. It is entirely possible that the right questions may not have been asked, or that certain executives may not have thought of every detail until months later. These types of issues and events occur all the time. By conducting the focus group, researchers can gauge responses and see where the vast strength of opinion is, and what may be viewed as an outlier or questionable.

The most desired result to gather in this research study is clarity and openness of communications. Sometimes, by discussing and venting about negative events and issues, it sheds light on the roadway. With this added knowledge, future organizations may not fall into the same pitfalls as the OPM, and that is the underlying hope and appeal of this project as a whole.

Research Project Funding SourcesThe ideal funding source for this project would be through financial assistance from the United State of America federal government. By performing initial research, the UNCC research team has discovered a funding grant from grants.gov. Grant.gov is a federally backed organization that funds further research in a variety of topics and interests including: healthcare, science, technology, sociology, and governmental studies. The federal organization’s webpage attachment is listed below:

http://www.grants.gov/web/grants/search-grants.html

The grant title of interest is labeled “Secure and Trustworthy Cyberspace” and the grant is funded by the National Science Foundation. The grant funding opportunity code is 15-575. The grant was created on June 2, 2015 and allocates over 68,300,000.00 dollars for researchers to advance cyber security initiatives within the federal government. The highest amount of funding that can be awarded to a research team is 3,000,000.00 dollars, which will be more than enough to cover a research team of four for five or more weeks of work, travel, and research.

Joseph White will apply for the research grant on August 1, 2015 and make several calls to the grant.gov support center at 1-800-518-4726. Joseph White will also generate emails to send to support@grant.gov. By showing strong interest and following up with phone calls and emails, the research team may have a strong chance of obtaining 100% funding for this project. Due to the lack of experience managing grant funding, Joseph White will consult various senior professors within the UNCC Master of Public Administration Program Office.

A running budget will be determined, and every expense will be documented and deducted from the overall budget. Receipts will be gathered and stored for tax reporting and audit purposes.