Lockheed Martin, the huge government defense contractor, is a big target for cyber attacks, said company executives, but the company has learned to turn attackers’ wiles against them.

The company has been involved in cyber security since before the term was coined, said Bob Stevens, chairman and chief executive officer, at the company’s media day in Arlington, VA, on June 19.

“Cyber security is not a new conversation for us,” he said. “We’ve been talking about it since satellites spit out rolls of film that had to be picked up by recovery aircraft.”

Stevens said his company’s future in large part depends on protecting its customers’ data, as well as its own.

Other Lockheed Martin executives told Government Security News in interviews on June 19 that the company thinks about Cyber security differently. Rather than say ‘the attacker only has to be right once’ to breach protections and the protector has to ‘be right all the time,’ Anne Mullins chief information security officer at the company said protectors should turn the tables on attackers in a form of Cyber jujitsu.

Gathering as much information on an attacker’s efforts as possible allows more insight into their capabilities and subsequently, development of defenses, she said.  The company developed a “Cyber kill chain” that has seven levels of security that attackers have to scale in order to access to critical information, she said. Every one of those secure levels allows one more chance for an attacker to leave information about themselves and their behavior behind.

That information can be turned back around, or “unpacked,” and used to fortify defenses, she said. “We analyze everything before, during and after an attack,” she said, “gathering information and learning how our adversary operates.”

Charles Croom, vice president of Cyber Security Solutions at Lockheed Martin Information Systems & Global Services said the company has been tracking 30 – 40 persistent Cyber attack campaigns for like characteristics for six to seven years now, cataloguing their weaknesses. “Persistence is a weakness,” he said.

Croom should know. He retired as a U.S. Air Force Lieutenant General, Director of the Defense Information Systems Agency (DISA), and as the Commander of the Joint Task Force for Global Network Operations in September 2008. He also co-chaired a National Security Telecommunications Advisory Committee Task Force on “Strengthening Government and Private Sector Collaboration.”

Croom said the “traditional” Cyber defenses like port security and patches are still needed, but advanced intelligence gathering capabilities are as well. Advanced sensors on networks, as well as situational awareness are also good tools. However he added that having people on board that understand threats and the technology to combat them is the ultimate defense.

Source: http://www.gsnmagazine.com
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com