Lockheed Martin Cybersecurity Blog


    The Security Operations Center: The Keystone of Network Security

    July 29, 2015 10:03 AM by Angie Heise

    After reporting that hackers had stolen more than 500 million financial records worldwide in 2014, the director in the FBI’s Cyber Division issued a warning saying, “You’re going to be hacked. Have a plan.”-Heartland Blog

    In most organizations, the security plan falls within the role of the Security Operations Center (SOC) staff. A SOC is a dedicated facility that provides an environment capable of effectively defending an organization’s Enterprise and efficiently responding to threats and potential incidents.

    Read More »

    Cyber Intel: The Benefits of Threat Intelligence

    July 22, 2015 9:35 AM by Angie Heise

    Arguably one of the most important aspects of cybersecurity is Threat Intelligence. Yet despite its importance, this particular discipline as part of a solid security posture is often underestimated in terms of importance.

    The consulting company, Forrester, defines threat intelligence as the details of the motivations, intent and capabilities of internal and external threat actors. Forrester extends their definition of Threat Intelligence to include specifics on the tactics, techniques and procedures that hackers and Advanced Persistent Threats employ within their attacks. - Threat Intelligence Buyer’s Guide SANS CTI Summit, 10 February 2014.

    Read More »

    Women in Cyber: Key Cyber-related Takeaways and Investing in the Future

    July 13, 2015 4:04 PM by Angie Heise

    Recently, cybersecurity firm Darktrace announced an $18 million investment to hire new information security specialists in an effort to expand globally. According to Upstart Business Journal this investment represents a cash infusion in a woman-led cybersecurity company with a history of hiring female IT specialists. The result of this major infusion, according to the online journal, could “pave the way for a more equally representative industry.”

    Read More »

    Three Pitfalls that Turn Cybersecurity into Cyber-Insecurity

    July 13, 2015 3:59 PM by Angie Heise

    Ever get the feeling that your business-as-usual (BAU) mentality might get you into trouble? If you do and you’re in cybersecurity, you’re not alone. This feeling is not without good cause; organizations are not prepared to deal with severe and frequent cyber-attacks.

    Read More »

    Payment Paradox: Battling Cybercriminals within the Payment System

    May 28, 2015 2:44 PM by by Angie Heise

    The US payment system provides one of the greater challenges within cybersecurity. When most people hear about the payment system within the banking industry, they often have varying degrees of understanding as to what that exactly it is.

    The easiest way to think about the payments industry, however, is to look at it as an operational network of laws, rules and standards. These laws, rules and standards act as a conduit system that unites bank accounts in order to provide monetary exchange from bank deposits. It’s essentially the network that lets you pay your car loan online using a bank app, and receive your pay check online without having to endorse and deposit a physical check.

    Read More »

    Cloud Computing and the Future Cyber Security Workforce Trends

    May 27, 2015 4:24 PM by by Melvin Greer and Kevin L. Jackson

    7 Legal Framework Trends IT Professionals Need to Evaluate

    As a start, these leaders should evaluate IT operations across these seven Business Software Alliance recommended areas:

    1. Ensuring privacy: Buttressing users’ faith that their information will not be used or disclosed in unexpected ways. At the same time, to maximize the benefit of advanced information technology, providers must be free to move data internationally in the most efficient way.

    2. Promoting security: Users must be assured that information technology providers understand and properly manage the risks inherent in storing and running applications in cyberspace. Solution providers must be able to implement cutting-edge cyber security solutions without being required to use specific technologies.

    Read More »

    Understanding the Enemy: The Advanced Persistent Threat

    May 18, 2015 10:45 AM by Angie Heise

    Advanced Persistent Threat (APT), as a term, is perhaps over-used in cybersecurity. Like the Boogie-Man that strikes fear into the minds and hearts of children at night, APTs work just as hard to ensure that CISOs and CIOs never rest easily. But just like the Boogie-Man, the trick to not being afraid of APTs is to understand them. Unfortunately, understanding APTs isn’t as simple as a bed time story.

    The first signs of APTs came from targeted, socially-engineered emails dropping Trojans designed for exfiltration of sensitive information. They were identified by UK and US CIRT organizations in 2005. Although the name "APT" was not used, the attackers met the criteria that determines an APT. The term "advanced persistent threat" is cited as originating from the Air Force in 2006 with Colonel Greg Rattray.

    Read More »

    The Cyber Rabbit Hole: Two Ways Banks Can Better Protect Themselves with Mobile Computing

    April 23, 2015 2:39 PM by Chandra McMahon

    Mobile banking and mobility, in general, in the finance sector is here to stay. Despite its convenience, mobile banking is not necessarily a welcomed capability by many security experts within the finance sector. While mobile computing opens up a world of convenience for consumers, offering banks operational and competitive advantages, mobile computing can also create an easy access route for cyber criminals to breach a company’s intellectual data.

    In an attempt to further benefit from the operational benefits that mobile computing provides, banks are now moving towards the mobile wallet which will let consumers pay with their cell phones. While these payment systems can be secure, from a cyber-perspective they add another layer of possible vulnerability that could lead to a network breach.

    Read More »

    Cybersecurity and Regulations in 2015 and Beyond

    April 14, 2015 2:21 PM by Chandra McMahon

    Cybersecurity is arguably the biggest challenge facing most companies today. We are undergoing a change in IT Security where it seems like every company is subjected to endless cyber-attacks. With the increase in Advanced Persistent Threats to traditionally consumer-oriented organizations, the adoption of cyber regulations within private companies is more prevalent than ever. Although compliance does not in itself guarantee security, it’s a good starting point, especially when combined with best practices and guidelines that regulate the industry.

    Read More »

    Is Compliance Security? 5 Tips for Balancing the Two

    February 26, 2015 5:14 PM by Chandra McMahon

    A necessary but relentless focus on regulatory compliance in the cybersecurity community may be shifting resources away from more complex threats. Although organizations focused on checking the compliance box are more likely to address the foundational solutions necessary in building a cybersecurity framework, this approach can also lead to a false sense of security.

    The Ponemon Institute and Lockheed Martin recently surveyed 678 IT security leaders within the United States. The surveyed respondents were security practitioners familiar with their organizations’ defense against cybersecurity attacks and responsible for directing cybersecurity activities.

    Read More »

    Cybersecurity Retail Pains

    February 12, 2015 4:39 PM by Chandra McMahon

    This blog will examine some of the pain points currently plaguing the retail space, and next week we’ll take a look at some of the possible solutions.

    The retail industry is a strong target for cyber-attacks, which on are on the rise. Unlike attacks on other industries, cyber-attacks on retailers are often aimed at acquiring consumer financial data and not proprietary corporate information. This equates to quick financial gains for a majority of retail cyber attackers. For larger threats, the retail industry poses a potential to cripple a local or even larger economy, especially as we head into the holiday shopping season.

    Quick financial gains lure hackers to small businesses or medium to large organizations, and they are in some ways easier to attack than a corporation. Retail organizations are commonly focused on accessibility and friendliness, not on information security and risk management. This environment is ripe with cyber-attacks and IT security vulnerabilities.

    Read More »

    Cyber IoT: Two Ways to Protect your IP from IoT

    January 26, 2015 10:29 AM by Chandra McMahon

    Each year, the Internet of Things (IoT) makes strides towards transforming industries. IoT, or as it’s sometimes known as the Internet of Everything (IoE), are physical devices that placed on the Internet by installing wireless sensors on them. You see a lot of IoT in the consumer world, most commonly in home devices such as alarm systems, thermostats and electrical sockets to control lights remotely. Most of these devices are accessed by apps on your mobile device.

    Within the last couple of years, IoT has slowly started to enter other markets. Sectors like healthcare and manufacturing are quickly learning about their potential value, particularly when combining IoT with business process management (BPM) programs. At face value, the benefits of this integration seem limitless. Real-time data analytics, immediate social and mobile capabilities to otherwise static and often hard to reach devices, and the ability to pair business-facing operations like inventory control and automated supply-chain capabilities with real-time consumer demand, creates a list of desired capabilities that is almost too appealing for any C level executive to resist.

    Read More »

    2015: The State of Cyber Challenges Ahead

    January 14, 2015 4:31 PM by Chandra McMahon

    In the last two years, IT security breaches have hit the White House, the State Department, the top federal intelligence agency, the largest American bank, the top hospital operator, energy companies, retailers and even the Postal Service. With the New Year upon us it seems fitting to take a moment and assess the state of the cyber challenges ahead and potential strategies to surmount them. I turned to Lockheed Martin’s Senior Fellow and Chief Strategist, Melvin Greer (M) to discuss the high level statistics every CISO should be considering.

    Read More »

    Cyber Acronym: Questions to Address with BYOD and BYOA

    January 7, 2015 10:15 AM by Chandra McMahon

    The “consumerization” of business technology is a relatively recent trend that continues to pick-up speed. Defined as the introduction of consumer technology within the corporate environment and for the use of work activities, the consumerization of business technology is best reflected in policies such as Bring Your Own Device (BYOD), which have become prevalent in most corporate environments.

    As this trend continues to grow, the need to plan and deal with BYOD from the level of Chief Information Security Officer (CISO) and even Chief Information Officer (CIO) has been augmented to include home or personalized applications. Now, Bring Your Own Application (BYOA) is becoming a focal point in the IT security planning of many organizations.

    These trends are natural. In many ways, our place of work is much like our home. We personalize our office spaces and socialize with our colleagues, and in recent years the corporate infrastructure has been changing to reflect this consumerization. BYOD and BYOA have become natural parts of the consumerization ecosystem, from the introduction of social media within organizations to improve collaboration to the migration toward cloud for business services—including an emphasis on accessible and consumer-like product and service tracking.

    At the end of the day, all of these services and all of this consumer integration are focused around one greater need—the ability to provide end-users with mobility. Tech-agnostic computing, or the ability to work from any device at any time, is here today and not going away any time soon. So how should organizations react?

    If your company is going to permit BYOD and BYOA, and allow teams of employees to integrate their own personal applications with corporate data, it becomes important to set expectations, produce procedures and rules, and explain those policies and regulations to your employees. This approach to protecting your enterprise must start with answering some basic questions:

    - How do we detect when people are conducting nefarious activities?

    - Do we have the proper monitoring currently on our network?

    - Do I have the controls in place?

    - Do my employees have proper authentication and application protection around BYOD?

    These questions are important to answer before addressing the Mobile Device Management policies of your organization. Whether you have smartphones, tablets, or laptops in the workplace, you have an organized approach toward deploying, securing, monitoring, integrating and managing these mobile devices.

    It’s also critical to answer these and other questions when addressing information management policies around the use and protection of intellectual property. This includes examining application security and control.

    When these policies and procedures are established, it then becomes important to address user and device authentication. At this point, you begin to ask additional questions: How will a user authenticate on premise versus remotely? Can we track when they’re local versus remote? How will mobility impact the security?

    Finally, data loss prevention becomes a crucial element in determining if sensitive data is on a mobile device. Once that capability is determined, you can begin to explore how to continue to protect it.

    Mobility and the disruptive technologies fueling this trend, such as BYOD and BYOA, can be daunting from a CISO and CIO level. We know it’s here to stay. We also know that new mobile technologies continue to proliferate at alarming rates. Answering these seemingly basic “block and tackle” questions first can give your company a solid footing that will enable you to weather any BYOD or mobility-related storm.

    Drilling Down: How to Secure the Oil & Gas Industry (Part 3 of 3)

    December 2, 2014 11:38 AM by Chandra McMahon

    Last week, we looked at the second of three oil and gas deep dives when we examined the role that operational technology and information technology play within this sector.

    Specifically, we addressed the challenges in protecting IP in oil and gas since accessibility of data is such a crucial element within this industry. IP provides the competitive advantage that sets each company apart from others in a highly integrated industry. It also helps oil and gas companies better understand the current environment to deliver better future results.

    The challenge with IP in the oil and gas sector is determining how to best keep the IP safe, yet accessible to those that need it. Industrial Defender and Lockheed Martin, its parent company, have approached this challenge by successfully combining the IT and OT landscapes. The result is a robust solution towards IT and OT security that includes people (e.g. training), the processes (e.g. policy and procedures) and the technology to address modern security challenges.

    However, there’s more that the oil and gas industry can do to improve their cyber maturity and cyber capabilities.  One suggestion is to examine whether oil and gas companies can take an approach towards oil and gas that in some ways mirrors their Health, Safety and Environment (HSE) policies. To better explain what I mean, let’s take a brief look at HSE.

    The oil and gas industry always carries the dangers associated with dealing with a combustible element in extreme and often remote conditions. Add to those dangers the often unpredictable nature of sociopolitical events with the often inclement weather of drilling locations, and the very nature of finding, transporting and refining oil and natural gas becomes daunting.

    Losing money by drilling into a dry well, while damaging to the revenue stream, appears less drastic when compared to the damages incurred on any one of the major disasters that occurred over the last 30 years. If something goes wrong in this industry it puts lives, local habitats and even global economies at risk.

    That’s one of the key reasons why this industry has led the implementation of HSE as an organizational pillar that is universal in this sector. Few industries triage and escalate prospective HSE near misses for the purpose of predicting incidents with the same thoroughness as oil and gas companies. Fewer private sector companies promote the value of such seemingly innocuous acts as holding the handrails when climbing or descending stairs, or making sure to start each presentation with a safety slide describing the precautions or actions attendees must know about in the event of an emergency.

    In oil and gas, cyber attacks have the risk of slowing, if not outright stopping, production. But because they also have the potential to become critical safety issues, cyber security should be addressed within this industry in a similar way as HSE. The ability to record, monitor, track and forecast cyber incidents and IT near-misses, regardless of how benign or innocuous sounding they are, should be tracked universally within this industry.

    Only then can oil and gas companies begin to forecast their potential security issues and gaps, mitigating cyber attacks that do occur, and stopping others well before they can do any damage.

    Drilling Down: How to Secure the Oil & Gas Industry (Part 2 of 3)

    November 20, 2014 12:06 PM by Chandra McMahon

    On May 29, 2009, the President of the United States gave a speech on securing our nation's
    cyber infrastructure. Despite the fact that we were in the height the great recession at the time, the importance for cyber security prompted immediate attention and awareness by the Executive office.

    When recounting, then recent attacks that led to the need to address cyber security, President Obama remarked, “In one brazen act last year, thieves used stolen credit card information to steal millions of dollars from 130 ATM machines in 49 cities around the world -- and they did it in just 30 minutes. A single employee of an American company was convicted of stealing intellectual property reportedly worth $400 million. It's been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.”

    Read More »

    Drilling Down: How to Secure the Oil & Gas Industry (Part 1 of 3)

    November 6, 2014 3:38 PM by Chandra McMahon

    Cybersecurity is a gigantic topic. It’s more than just technology. It’s a careful mixture between art and science. Understanding the mechanics behind protecting, identifying and thwarting attacks, although crucial to the science of cybersecurity, represents only one side of the coin. Knowing your enemy, understanding the sociopolitical nuances of your environment, and predicting where you’re most likely to get attacked, that’s art.

    Enveloping these two sides of the coin is your knowledge of your industry; not just the cogs you make and sell, but where you sell them, how you make them and how they’re used. All these input go into creating a sound cybersecurity infrastructure. These next several blogs are dedicated to understanding the industry aspect of cybersecurity, starting with a look at the oil and gas sector.

    Read More »

    Three Ways to Make a Difference in Cyber Security

    October 31, 2014 10:53 AM by Chandra McMahon

    We are wrapping up October, which is National Cyber Security Awareness Month, so today I want to share the ways citizens can help to support and build greater cyber resiliency.  

    The purpose of National Cyber Security Awareness Month is to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cyber security.  According to the Department of Homeland Security, Cyber Awareness Month aims to increase the resiliency of the nation in the event of a cyber incident.

    The role of citizens is growing by leaps and bounds as it relates to thwarting and potentially curbing cyber attacks.  In my mind, this role can be bolstered by the following three actions.

    Read More »

    Securing the Air: An Approach to Hybrid Cloud Security

    September 24, 2014 11:34 AM by Chandra McMahon

    A hybrid cloud is a consolidation of a private cloud and a public cloud. The reason for their growing popularity stems from their ability to offer multiple deployment models at once. Gartner predicts that globally, almost half of all large enterprises will have deployed hybrid clouds by the end of 2017.  That means we are in a defining moment wherein companies will begin planning to move away from private into hybrid clouds.

    The challenge, though, is how to interconnect multiple clouds to work as a seamless whole. You don’t want a cloud for e-mail, another one for content management and development, and yet another for collaboration; especially if the clouds lack the capability to interact with one another. More importantly, the complexity between hybrid clouds introduces a new paradigm of cybersecurity vulnerabilities. But with a careful implementation of standards concerning how to perform governance and implement IT systems to protect data, securing the hybrid cloud becomes possible.

    Read More »

    Crystal Ball: The Virtues of Outcome-Based Cyber Security

    September 18, 2014 2:02 PM by Chandra McMahon

    Recently, Hold Security, a firm in Milwaukee, announced that a Russian crime ring had stolen 1.2 billion user credentials and 500 million e-mail addresses from 420,000 websites.  According to an article by the New York Times, if true, the cyber-heist would be the largest in history.

    Hold Security did not name the victims of the attack, citing nondisclosure agreements with victim companies.

    In the face of attacks like this, it would be nice if Chief Information Security Officers (CISOs) had a crystal ball to keep their networks safe. But that's not really necessary. Attacks like this are as defendable as they are inevitable with the use of emerging tools including threat intelligence and outcome-based cybersecurity.

    Read More »

    The Growing Minority: Women in IT & Cyberspace (Part II)

    September 10, 2014 3:02 PM by Chandra McMahon

    Last week, we took a look at the current landscape of minorities in cybersecurity and IT with a particular emphasis on women in those fields. Both personally and professionally, I feel that diversity is an important aspect of an effective cybersecurity approach, and can help fill the gap managers have to meet the demands for more talented cyber-professionals in today’s IT environment.

    A couple of years ago, Frost and Sullivan released a study that shows that information security discipline is not evolving fast enough:

    “…women represent just 11% of this profession [IT Security]. Placed in the context of women in the general workforce and women in professional and managerial roles—where women are at near parity with men in both of these measurements in developed countries—this 11% is alarming.

    Furthermore, this low percent of women in the information security profession has been stagnant despite double-digit annual increases in this profession. In 2012 alone, the global information security workforce grew by 306,000 and is on pace to increase by another 332,000 in 2013.”

    Read More »

    The Growing Minority: Women in IT & Cyberspace

    August 27, 2014 1:54 PM by Chandra McMahon

    One emotion few of my peers experience is the feeling of walking into a room and being the only woman - and it didn't matter whether I was visiting a Security Operations Center (SOC), attending a Chief Information Security Forum or meeting with Information Security leaders in various industries.  Meeting after meeting and at all levels, I have concluded that the low numbers of women and minorities working within cybersecurity and across the IT discipline is a concern from a personal standpoint and a business risk that I feel few recognize.

    The cybersecurity industry continues to grow at an incredible rate. A recent study by the organization Women in Cybersecurity found that security professionals worldwide are expected to increase to nearly 4.2 million by 2015. Although women hold 56 percent of all professional jobs in the U.S. workforce, only 25% of all IT jobs are held by women.

    Read More »

    Checkmate: Planning for the Future of Cyber Security (Part II)

    August 13, 2014 11:25 AM by Chandra McMahon

    Last week, we talked about how cyber security is like Chess. In order to be effective, you have to prepare and anticipate your opponent’s moves and styles of attack before they happen. Today we will look at the other side of the cyber coin: attackers. What future capabilities do we think they will have, and what can we do to start preparing for them?

    There are about three major capabilities that future Advanced Persistent Threats (APT) and attackers will have:

    Read More »

    Checkmate: Planning for the Future of Cyber Security

    August 6, 2014 1:34 PM by Chandra McMahon

    Cyber security is like Chess. You have to prepare and anticipate your opponent’s moves and styles of attack before they happen. The more moves and scenarios you can plan for in the future, the stronger your security will be, and the greater your chance of success.

    Like Chess, effective cyber security is also about making assumptions on present trends and looking back at the past to anticipate the future. But unlike Chess, your tools and technologies constantly evolve for you and those seeking to harm your networks. In 20 years, a pawn will still be a pawn, but continuous monitoring or incident response will look and feel completely different. In some possible scenarios, they may not even exist anymore.

    Read More »

    Neighborhood Watch: Protecting Your IP with the Cyber Ecosystem

    July 16, 2014 4:36 PM by Chandra McMahon

    Whenever your kids go outside to play, it’s a great feeling to know that they are safe. Here at Lockheed Martin, we feel the same about your intellectual property (IP). Most enterprises work very hard to maintain the safety and integrity of their intellectual property. IP is the heart of every company. IP is the very data that makes each one of our organizations unique and valuable entities.

    Even though most enterprises work hard to make sure their IP is protected, without careful consideration of the cyber ecosystem, this protection might only be halfway effective. Identifying threats is hard enough within the cyber walls of your corporate enterprise, but as you well know, your IP and your company’s data moves outside those walls all the time. Where it goes, who it interfaces with and what it interfaces with – that is what we mean by the cyber ecosystem.

    Read More »

    Risky Business: The role of Risk Management in Cyber Security

    July 10, 2014 12:06 PM by Chandra McMahon

    One of the most common terms in any large organization is Risk Management. Risk Management has grown from a vertical role shared by multiple organizational executives into a separate horizontal practice in which a series of professionals can often dedicate entire careers. But what exactly is Risk Management? What is IT Risk Management? What is a Risk Management Framework? And why is it a vital component of an effective cyber security platform? For me, Risk Management is a rigorous business discipline that if applied and communicated correctly can ensure a business continues to achieve a strategy for profitable growth. It’s also the language of executives and one that cyber security executives should be extremely well versed in.

    Originating as a business discipline, Risk Management is the process of understanding what could possibly impact your company in a negative way, and having an action plan for each possible threat. Risk Management is about mapping and understanding the likelihood of these financial threats to your organization in a manner that looks at probability and severity.

    Read More »

    Responding to Incident Response: What is it and why do so many organizations have it?

    June 25, 2014 2:41 PM by Chandra McMahon

    Imagine this scenario. You’re awoken late at night by phone call. You answer, but before you can say “hello” you hear a familiar voice, “We’re so sorry to call you this late but...we’ve detected a system-wide breach in our network.” I’m willing to bet most CISOs (Chief Information Security Officers) think about that happening in some way, shape, or form before going to bed at night. I know I have. And can you blame us? Just a couple of months ago a report from the Government Accountability Office on Information Security showed that the number of cyber incidents reported by all Federal Agencies rose this past year by over 10,000 incidents. That’s about a 35 percent increase in one year!

    A system-wide breach can cost an organization millions of dollars in reparations and infrastructure-loss. Just as critical, a large breach can cost an organization even more in reputation. All too common, however, managers feel that simply having incident response (IR) services are enough to keep their organization from suffering a major attack.

    Read More »

    Proactive Protection: Lockheed Martin’s Blog Dedicated to Cyber Security

    June 13, 2014 9:04 AM by Chandra McMahon

    Welcome to the new cyber blog!  Every Monday, you can rely on this blog to give you detailed analysis and reporting about cyber security programs at Lockheed Martin. More than just news and more than just opinion, the blog is a thought-provoking examination of multiple levels of cyber security. And we'd welcome your feedback and suggestions as we forge ahead with this new endeavor.

    For a little information about your host, for more than 25 years, I've been at the forefront of the information technology industry. Recently, as Lockheed Martin’s Chief Information Security Officer, I was responsible for information security strategy, policy, security engineering, operations and cyber threat detection and response. Currently, I lead Lockheed Martin's unique cyber security capabilities and associated portfolio of information technology solutions including Cloud, Big Data and Mobility for our commercial clients.

    Few areas of technology change as aggressively or have as much impact as cyber security. Managing the risk of IT within an organization, therefore, often relies on a solid understanding of what cyber security is in the first place. How has it changed? And more importantly, where is it headed?

    Read More »
Angie Heise

Angela L. (Angie) Heise is Vice President of Commercial Markets for Lockheed Martin. She is responsible for delivery of a portfolio of cybersecurity and information technology solutions and services for financial, utility, oil and gas, health and life sciences, and chemical customers.