Lockheed seeks to predict cybersecurity threats
Lockheed, also the Pentagon's biggest contractor, is opening a second internal security intelligence center in Denver this week to complement the one it opened in May 2008 in Gaithersburg, Maryland, north of Washington.
Some analysts and software developers at the Gaithersburg center starred in a video Lockheed recently posted on YouTube, (here), which portrays the cyber security problem as a complex chess match between U.S. government and industry on one side, and a host of smart attackers from nation states and criminal groups on the other.
"It is a cat-and mouse game between the two sides," said Eric Hutchins, a Lockheed cyber intelligence analyst. "They're constantly trying to develop new ways of attacking us and we're constantly trying to develop new ways of defending us."
Cyber attacks are becoming more sophisticated, persistent, stealthy and targeted, Lockheed officials say, which points to greater activity by nation states and more criminal entities rather than the random, individual activities of the past.
Hitchens said Lockheed's analysts were processing 1 million "incidents" a day, trying to sort through the "white noise" to identify the highest-risk activities as well as possible patterns and likely targets. He declined to say what percentage of those events could be considered high-risk.
"The threat is increasing so fast and the impact is becoming more important that ... we have to be very creative and innovative and pick up our game," said Curt Aubley, chief technology officer, of Lockheed's NexGen Cyber Innovation and Technology Center (NexGen), a cyber research and development center that opened at the Gaithersburg facility in November.
The 25,000-square-foot center, built by Lockheed and a long list of corporate partners for nearly $17 million, features large open spaces for collaborative work by Lockheed, its partners and customers like NASA and other federal agencies.
It allows live technology exercises and is the anchor for a new live cyber "test range" that allows testing of software resilience in real and simulated environments. The cyber range is due to be completed by the end of the year, officials said.
Lockheed's increasing openness about its cybersecurity activities comes against the backdrop of heated competition with other companies like Northrop Grumman Corp, General Dynamics Corp, Raytheon Co, and Science Applications International Corp, for a share of the growing but fragmented market for cybersecurity and defense.
Boeing Co last year also made several acquisitions in the cyber sector to muscle in on a field where Market Research Media recently estimated the federal government will spend $55 billion between 2010 and 2015.
Loren Thompson, of the Virginia-based Lexington Institute, sees spending by the civil and defense parts of the federal government as somewhat lower, around $30 billion over the next five years, but said that does not include hard-to-estimate classified offensive cyber initiatives.
At this point, Thompson said none of the defense companies had a clear lead in the market. "Nobody has 20 percent of the market, and at the rate people are piling in, it's possible that no one will ever have 20 percent of the market," he said.
All of the traditional defense companies are also reaching out to commercial customers, given increasing concerns about financial losses and security breaches, especially after news in January that Google Inc, the world's top Internet search engine, had been targeted by cyber attacks from China.
Aubley called the Google attack a "digital commercial Pearl Harbor" that dramatically increased awareness.
Lockheed's approach is to try to get ahead of the threats, using a more proactive style that examines behavior patterns and detailed pattern analysis to identify possible cyber "campaigns," said Rick Johnson, chief technology officer for Lockheed's Information Systems and Global Services sector.
"You can look for patterns that look like they can do harm. You can get ahead of those before they manifest themselves as a known threat," Johnson said.
Rather than just focusing on any specific attack, analysts are using a "macro view" that can help predict targets before they are hit, Johnson said.
At the same time, Lockheed recognized that it would not achieve "100 percent prevention," and was working to increase the resilience of networks so that companies and government agencies could still operate even if they were attacked.
"The types of threats, especially in the security space, change every single day. So the ability to quickly adapt is huge," Aubley said, noting that Lockheed was working with customers at the new research center to provide solutions as quickly as a week after new threats emerged.