In the summer of 2022, I became highly intrigued by the cyber world and took it upon myself to deeply investigate the various niches that exist within the field. After conducting extensive research, I made the bold decision to create my own use case, which is focused on the cyber worlds within the Israel Defense Forces.
What is the problem? - Companies and organizations always need to protect their information from hackers and cyber-attacks.
When is the problem created? - In our era, the problem is 24/7.
- The IDF uses external cyber services for each unit, avoiding placing all of the IDF's data in one location, making it difficult for hackers to reach it in one attack.
- IDF Medical Corps uses an external cyber-security platform to control & maintain serviceman data. A new feature was added to deal with data leaks, displaying leaked data (of soldiers) in a visual order from high importance to low, so the Corps can respond & take essential action under military law.
- The Medical Corps holds sensitive data on each soldier, such as personal info, medical visits, psych/psychiatric treatments, mental conditions, medications, surgeries/transplants, blood tests, routine tests, and disease info.
- Data leaks may lead to security incidents such as damage to Israel's security, extortion, threats, and identity theft.
- Commanders' and soldiers' data in classified units must remain confidential for security. Leaking such data can lead to tragic consequences, such as exposure and extortion, in addition to other security incidents.
- Security Classification is a certificate the Israel Defense Forces (IDF) issued to each soldier. This certificate evaluates the suitability of the soldier for a designated position or for a certain type of position that involves exposure to confidential materials or data. Security Classification is rated on a scale of 4 to 1, with 4 being the highest security classification.
- Each soldier and commander has a username and password to see their medical file, the username is their military personal number and the password is for them to choose.
- The cyber company updated the Medical Corps that the medical file data of about 6 soldiers and commanders from different units were leaked and offered for sale on the Darknet. the team responsible for data leaks from the Medical Corps entered the platform and clicked on the new feature to view the leaked data file.
- The feature shows the most important data on a table from left to right, and in descending order from the most to the less important information item about soldiers and commanders in cases of medical data leaks about soldiers on the network.
- The data is displayed in this order from left to right:
Military role | Security classification | Unit | Military ID + Password
*The security classification is presented in descending color as follows: 4-red which is the most classified, 3-orange, 2-yellow, and 1-green.
- The left item is key - the soldier's role. Knowing the role is critical to understanding the soldier's responsibilities - especially those of high importance. This is the most important info in the table.
- The second piece of info that will show up in the table is the security classification number for the soldier. This is important because the soldier has important, confidential, and strategic info about their role in the IDF. High-security classification is important for Israel and enemy countries. Being a soldier in a secret unit can also give you a high classification. So, for example, if there are two soldiers from the same base, a driver and a security officer, the security officer will be higher on the table because they handle more security info. The security classification is related to the soldier's role, which is why it comes after their role in the table.
- The third item is the soldier׳s unit. The Medical Corps would need to know which unit to contact quickly and inform the soldier and his commanders as part of the military protocol for information leakage.
- Lastly, the ID(username) and password will be displayed in the same column, their importance being less in cases of information leakage.
*I didn’t add a military rank column because it is less important in the case than the items I mentioned above. For better understanding, there may be a soldier who serves as a driver in a classified unit and is in the rank of sergeant who knows about more classified things than an officer in the education corps.
*There is damage even when details of the simplest soldier are leaked, this will be a badge of shame for the IDF for failing to keep the data of its soldiers.
I created this case study that may be suitable for armies worldwide in cases of data leaks of soldiers. The feature you read about is designed for the cyber units in the armies, so they can act quickly and correctly according to military protocols. Cyber units should prevent destructive incidents that may occur due to data leaks of soldiers on the Internet, and protect their soldiers from any harm.
Detailed Use Case
Title- The goal we are looking for as the Medical Corps is to see the most critical soldiers whose medical info was leaked. the display needed to be in descending order, with columns that display the most important info from left to right so that we could reach the most critical soldiers first.
Actors- The Medical Corps Cyber Team (the users), the cyber-security platform.
- The soldiers/team in charge of the cyber platform should receive a phone call and email from the cyber company, informing them of the soldier's details that have been leaked.
- The team has to click on the new feature that will display the new feature, aka the table.
User story-As a Med Corps soldier responsible for cyber leaks, I'll open the company's platform on my computer after receiving an email update and a phone call. Then I'll press the new feature button to see the data table in descending order, from the highest and most important info to the lowest. This will allow me to reach the most critical soldiers with the most important info according to the military protocol in case of a leak. Success is my Definition of Done.
Post-conditions -As a Medical Corps soldier responsible for cyber leaks, I need to quickly contact affected soldiers and relevant parties. To do so, I'll click the data row of affected soldiers in the table, which will display contact info from left to right in this order of priority:
- Name + Last name, phone number, and military email of the soldier.
- Name + Last name, phone number, and military email of his/hers commander.
- Name + Last name, phone number, and military email related to the commander of the unit.
- The unit’s phone number and military email.
Abbreviated Product Requirements Document
Shay Cohen Ambalo
Feature shown as table, most critical details in descending order. Most important info in columns from left to right, left side is the most important.
- View details of critical soldiers leaked & contact them to prevent security incidents.
- Create hierarchy to display soldiers' details per Medical Corps data.
- Displaying contact data to facilitate military protocol for Medical Corps.
- As a soldier from the Medical Corps responsible for cyber leaks I first need to see the most critical soldiers whose medical data was leaked to reach them as soon as possible and operate according to the military protocol.
- As a soldier from the Medical Corps responsible for cyber leaks, I need to see the contact info of those soldiers and anyone important and relevant to inform about the leak related to those soldiers.
The responsibility of the development team is:
- That the feature button and table will work properly.
- That when the user clicks on a particular row in the table, the relevant contact data will be displayed.
- The product team and the dev team will be responsible for creating the data hierarchy on the table.
- I learned that it is fun for me to perform such tasks! The challenge gave me the drive to work on this mission with fun and enjoyment.
- I have learned that I can always be creative.
- I learned how to display tables.
- I learned how important research is, even for such a "small" feature.
- I learned how networking can help me at certain moments.
- I learned a lot about the importance of setting priorities.
- I learned some new things about IDF.
- I learned about the importance of cyber companies in our world.
- To collect data on the IDF I used my memory of the time I served in the army. In addition, I spoke with soldiers and officers who serve in the army.
- To write the use case I used my notebook from the course “Introduction to User Experience” that I learned in college.