Lockheed Martin Cyber Weekly


    Neighborhood Watch: Protecting Your IP with the Cyber Ecosystem

    July 16, 2014 4:36 PM by Chandra McMahon

    Whenever your kids go outside to play, it’s a great feeling to know that they are safe. Here at Lockheed Martin, we feel the same about your intellectual property (IP). Most enterprises work very hard to maintain the safety and integrity of their intellectual property. IP is the heart of every company. IP is the very data that makes each one of our organizations unique and valuable entities.

    Even though most enterprises work hard to make sure their IP is protected, without careful consideration of the cyber ecosystem, this protection might only be halfway effective. Identifying threats is hard enough within the cyber walls of your corporate enterprise, but as you well know, your IP and your company’s data moves outside those walls all the time. Where it goes, who it interfaces with and what it interfaces with – that is what we mean by the cyber ecosystem.

    According to a March 2011 whitepaper by the Department of Homeland Security, a ‘cyber ecosystem’ is defined by the interaction of a “variety of diverse participants – private firms, non-profits, governments, individuals, processes, and cyber devices (computers, software, and communications technologies) – that interact for multiple purposes…” with your organization’s intellectual property.

    At Lockheed Martin, we like to simplify the definition so that it’s clear to see all the moving parts. On one side of the spectrum there’s your corporate enterprise network that enables your business.  Companies also produce products and services – and those products and services need to be cyber-enabled and cyber-protected. Then, on the other side there are the organizations that you do business with, such as partners, suppliers, vendors, etc. These organizations have their own internal and external supply partners that could at one point have contact with your IP or proprietary data. That is a threat.  Then, there is also the public at large and various other conduits that at some point or another have or could come in contact with your IP as well. In totality, this represents the cyber ecosystem.

    One classic example of the cyber ecosystem and the perils of this environment are benefit providers. These organizations work hard to ensure your personal and confidential medical information is secure. But when they release records to small clinics or authorized users, what’s to maintain the integrity of this security?

    If a benefits provider sends your confidential information to a small doctor’s office, their level of cyber security may be far less stringent than at the source of the records - the IT core of the benefit provider.

    Lockheed Martin’s approach toward cyber security is to understand the ecosystem and design security to provide the level of protection needed based on the data, whether it’s within your network or half-way across the world.

    Great chief information security officers seek to fully understand their company’s ecosystem and then use a wide array of legal, process, and systems tools to understand their company’s responsibilities and enable the cyber protections needed based on the data that is flowing through the ecosystem. 

    Protecting your data wherever it goes is the key to a robust cyber ecosystem -- because if you’re like me, you don’t want to have to worry about your IP when it goes outside to play.

    Join the conversation on Twitter

    Risky Business: The role of Risk Management in Cyber Security

    July 10, 2014 12:06 PM by Chandra McMahon

    One of the most common terms in any large organization is Risk Management. Risk Management has grown from a vertical role shared by multiple organizational executives into a separate horizontal practice in which a series of professionals can often dedicate entire careers. But what exactly is Risk Management? What is IT Risk Management? What is a Risk Management Framework? And why is it a vital component of an effective cyber security platform? For me, Risk Management is a rigorous business discipline that if applied and communicated correctly can ensure a business continues to achieve a strategy for profitable growth. It’s also the language of executives and one that cyber security executives should be extremely well versed in.

    Originating as a business discipline, Risk Management is the process of understanding what could possibly impact your company in a negative way, and having an action plan for each possible threat. Risk Management is about mapping and understanding the likelihood of these financial threats to your organization in a manner that looks at probability and severity.

    Read More »

    Responding to Incident Response: What is it and why do so many organizations have it?

    June 25, 2014 2:41 PM by Chandra McMahon

    Imagine this scenario. You’re awoken late at night by phone call. You answer, but before you can say “hello” you hear a familiar voice, “We’re so sorry to call you this late but...we’ve detected a system-wide breach in our network.” I’m willing to bet most CISOs (Chief Information Security Officers) think about that happening in some way, shape, or form before going to bed at night. I know I have. And can you blame us? Just a couple of months ago a report from the Government Accountability Office on Information Security showed that the number of cyber incidents reported by all Federal Agencies rose this past year by over 10,000 incidents. That’s about a 35 percent increase in one year!

    A system-wide breach can cost an organization millions of dollars in reparations and infrastructure-loss. Just as critical, a large breach can cost an organization even more in reputation. All too common, however, managers feel that simply having incident response (IR) services are enough to keep their organization from suffering a major attack.

    Read More »

    Proactive Protection: Lockheed Martin’s Blog Dedicated to Cyber Security

    June 13, 2014 9:04 AM by Chandra McMahon

    Welcome to the new cyber blog!  Every Monday, you can rely on this blog to give you detailed analysis and reporting about cyber security programs at Lockheed Martin. More than just news and more than just opinion, the blog is a thought-provoking examination of multiple levels of cyber security. And we'd welcome your feedback and suggestions as we forge ahead with this new endeavor.

    For a little information about your host, for more than 25 years, I've been at the forefront of the information technology industry. Recently, as Lockheed Martin’s Chief Information Security Officer, I was responsible for information security strategy, policy, security engineering, operations and cyber threat detection and response. Currently, I lead Lockheed Martin's unique cyber security capabilities and associated portfolio of information technology solutions including Cloud, Big Data and Mobility for our commercial clients.

    Few areas of technology change as aggressively or have as much impact as cyber security. Managing the risk of IT within an organization, therefore, often relies on a solid understanding of what cyber security is in the first place. How has it changed? And more importantly, where is it headed?

    Read More »