BLUEDRAGON IN ACTION
Cyber Security Leaks
EVENT DESCRIPTION
Longstanding Cyber Security Leaks About Our Nuclear Weapons Capabilities Posted a Threat to National Security.
The Client
A US National Laboratory in the Nuclear Weapons Complex
The Problem
For over 5-years, a government facility was not able to stop the release of a small number of transmissions per year containing classified information about the US nuclear weapons program. Information that is actively mined by foreign state actors like Russia, China, Iran, and North Korea. Due to the recurring nature of this problem, the government requested that the site commission an independent third-party investigation.
The BlueDragon Mission
Conduct an independent investigation into the causes of the trend of recurring unauthorized transmissions at the site.
A US National Laboratory in the Nuclear Weapons Complex
The Problem
For over 5-years, a government facility was not able to stop the release of a small number of transmissions per year containing classified information about the US nuclear weapons program. Information that is actively mined by foreign state actors like Russia, China, Iran, and North Korea. Due to the recurring nature of this problem, the government requested that the site commission an independent third-party investigation.
The BlueDragon Mission
Conduct an independent investigation into the causes of the trend of recurring unauthorized transmissions at the site.
The BlueDragon Integrated Problem-solving System (IPS) is a 3-phased approach that included the following activities, performed in a seamless manner on one chart:
Critical Thinking: develop evidence-based questions that will form our lines of inquiry.
- Gather and organize performance evidence and applicable standards and procedures onto a BlueDragon chart. This includes timelines, oversight reports, keep performance indicators, corrective action program databases, quarterly trend reports, and any other charts and graphs that provide insights into performance.
- Conduct a Systems Inventory, to establish a holistic approach to the investigation. This includes the identification of the applicable programs that are in place to ensure activities are performed safely and effectively.
- Conduct an Analysis of Defenses, to determine the effectiveness of the administrative requirements, physical barriers and cyber barriers that should have prevented the events.
- Analyze any available data that might shed some light on performance. This could include using any number of Lean 6 Sigma tools, and any other data analysis tools such as fault trees, control charts and human performance evaluation surveys. The goal of our data analysis is to identify non conformances, non-compliance with requirements and any other irregularities where performance does not match standards and expectations, which are actually the manifestation of the problem or event (i.e., the breadcrumbs left behind by the event that we can readily identify). In BlueDragon terms we call these irregularities “symptoms.”
- Using insights gained from the analysis of defenses, the data analysis and the identification of as many symptoms as possible, we generate focused, evidence-based questions to explore what causes those symptoms. These questions will form our lines of inquiry.
Causal Analysis: determine the deep-seated causes and contributing factors.
- Organize and schedule a series of facilitated causal analysis sessions with the organizations subject matter experts.
- Using cause and effect analysis, we reverse engineer our way from the symptoms identified in Phase 1 back to their points of origin (i.e., the deepest-seated causes) by pursuing the lines of inquiry.
- It’s important to understand that bias can creep into the analysis at any point during the investigation, which requires facilitation skills to ensure that does not happen.
- There are three levels of validation of causal factors that take place during the causal analysis. The first level is the validation of each individual answer as they are provided during a session. The second level is the review of the BlueDragon chart conducted by every new group that participates in these sessions. The third level of validation comes from the senior management team, which validates the entire chart.
Corrective Actions to Prevent Recurrence: develop corrective actions that address the deep-seated causes and have a high likelihood of preventing recurrence.
- Issue owners are identified for each of the root causes and contributing factors identified on the blue dragon chart.
- The issue owners are coached by the BlueDragon team on using the “Hierarchy of Hazard Controls” and Lean “Mistake Proofing” to develop an effective set of corrective actions.
- To dramatically increase the likelihood of preventing recurrence, the extent to which the root causes and contributing factors are causing damage in other program areas, or equipment performance, or human performance, must also be evaluated. Therefore actions to conduct “extent of the cause” determinations are also required.
Results
Using our 3-phased approach, the BlueDragon facilitators (with client support) completed their investigation in four weeks. The 4th week was conducted entirely within a Sensitive Compartmented Information Facility (SCIF) due to the sensitive nature of the information. The BlueDragon investigation identified deep–seated latent organizational and programmatic weaknesses, and one of the root causes was attributed to a deep cultural problem that was pervasive across the enterprise.
| CLIENT PROJECTIONS | BLUEDRAGON ACTUAL | |
| RESOURCES | 20-30 SMEs | 6 SMEs |
| DURATION | 3 months | 4 weeks |
| REPORT PREPARATION | 1 month | 8 days |
