Cybersecurity: Challenges and Opportunites
It is a battle that is being fought every second of every day. A battle in which the attackers are unseen and often undetected and the victims unaware and often unwilling to publicly acknowledge their defenses have been breached.
This is the ongoing conflict between cyberwarfare and its alter ego cybersecurity, and global aerospace and defense companies are looking carefully at the battleground to determine where they can play a role. But cybersecurity is in its infancy as a discipline and a market, and cyberwarfare is cloaked in secrecy. This special issue of Aviation Week &amp;amp;amp;amp; Space Technology takes a closer look.
The major aerospace and defense players are already being forced to develop the capability to defend their own networks. And because the threats faced by industry and government are similar, the same advanced tools are needed by their customers. They are cooperating with commercial providers and innovators to bridge the gap between off-the-shelf computer security products and the advanced defenses that government agencies require.
Industry primes are already staking their ground as suppliers of end-to-end cybersecurity products and services for their existing aerospace and defense customers and looking to see if their research resources and integration skills can find application in adjacent markets such as power grids and health care.
The focus on cybersecurity is a result of growing public, policy-maker and boardroom awareness of the threat posed to the reputation of individuals and brands, the delivery of services and the protection of intellectual property. “Demand is growing with awareness, and awareness comes because the alarm bell is ringing,” says Carlos Solari, CSC vice president of cyber-technology and services. His company is a major provider of outsourced information- technology (IT) services that is beefing up its cybersecurity capability.
Most companies refuse to acknowledge cyber-attacks for fear of losing customer and shareholder trust. That changed when Google accused China of orchestrating a massive cyber-campaign against it and other companies. “I give great credit to Google for speaking candidly and getting the issue into the public consciousness,” Solari says. “For those in the know, the sophistication of the threat level is quite scary.”
The convergence of voice, video and data on common protocols and communications is increasing our dependence on IT and alarming security experts, he says, because threats can then transfer from one medium to another. “These threats have sophistication and motivation, they can be pervasive, persistent and stealthy, they can stealth data, deny services and harm reputations.”
The threat has taken grip, because in the rush to become connected, security took a back seat to access. “The first computers were not connected. Then in the mid-1980s we started connecting them without any thought of security,” says Charlie Croom, Lockheed Martin vice president of cybersecurity.
Now there is a range of threats from lone hackers, through organized crime to nation states that find online espionage faster and cheaper than using spies. They operate with little fear of reprisals. “It’s the Wild West,” he says.
Cybersecurity standards will be key, but protecting the industry’s supply chain means more than just sharing best practices with subcontractors. The industry depends heavily on commercial hardware and software and faces an insidious threat from vulnerabilities embedded in those products. Today, commercial systems are tested only to verify their intended functionality. Now effort is being applied to developing ways of exercising hardware and software to uncover their unintended behavior, says Steve Hawkins, Raytheon vice president of information security solutions.
As the threat grows more sophisticated, so do the defenses, and the defenders. Industry has welcomed the creation of U.S. Cyber Command, but is still waiting for Congress to approve its nominated commander, Army Lt. Gen. Keith Alexander, director of the National Security Agency.
“Cyber Command will focus real force structure on cybersecurity,” says John Osterholz, BAE Systems vice president of cyberwarfare and cyber security.
By Graham Warwick – Aviation Week – Washington