By SYDNEY J. FREEDBERG JR.
ROCKVILLE, MD: In a bland component edifice thirty minutes from the Pentagon, a wall-mounted concealment shows, inwards existent time, every suspicious e-mail too LinkedIn asking sent to employees of Lockheed Martin, the world’s largest defence contractor. With 98,000 people worldwide working on exactly about 8,500 programs, the company’s network interacts amongst the network xx billion times a day. That’s to a greater extent than than 230,00 events per second. SOURCE: Defense News Top 100 list
99 per centum of those events — emails, pings, logs, etcetera promotion nauseam — are “mostly meaningless,” Lockheed’s cyber intelligence director, Mike Gordon, told me too a beau journalist this morning. But buried inwards that gigantic haystack are a handful of poison-tipped needles.
Russia, China, North Korea, too other advanced adversaries desire intelligence on the USA too allied weapons that Lockheed Martin makes, from the F-35 fighter too the Littoral Combat Ship to hypersonic missiles too missile defenses. Such nation-state actors create got been attacking Lockheed since at to the lowest degree 2003, Gordon too his colleagues said. How tin bathroom the companionship know which events out of billions require it to accept action?
It’s widely known inwards cybersecurity circles that you lot can’t rely on antivirus too firewalls, since those run past times matching incoming traffic against databases of known malware. Sophisticated adversaries constantly alter their tactics, hence there’s no fixed “signature” to detect. But you lot can’t rely on so-called anomaly detection to warn you lot of an intruder inwards your system, either, since past times the fourth dimension you’re seeing weird activity on your network, the attackers are already inside. Instead, Lockheed protects itself — too its paying clients — past times looking for the feature behaviors of special attackers, a strategy it calls “intelligence-driven defense.”
Lockheed Martin cybersecurity operations center
Intelligence-Driven Defense
Lockheed estimates the really unsafe actors — known every bit Advanced Persistent Threats (APTs) — collectively endeavor hundreds of distinct assail techniques on the companionship every year. Each of those assail campaigns may potentially involve hundreds of private emails, pings, or other detectable events.
The techniques used alter over time. One tendency noticeable over the years, every bit Lockheed itself has buy the farm better-defended, is increasing attacks on its 16,000 suppliers too contractors, seeking an indirect road to the prime number contractor too the authorities itself. There are legal limits on discussing contracts amongst tertiary parties, too subcontractors oftentimes dislike disclosing who their sub-sub-contractors are, lest the prime number contractor determine to cutting out the middleman. But Lockheed too the Pentagon are working to add together clauses to contracts that would give the government, if non Lockheed, total visibility into every component of the furnish chain.
Another tendency is increasing role of social media, notably Facebook too LinkedIn, to get together detailed intelligence almost Lockheed too subcontractor employees too and hence develop exquisitely custom-tailored attacks. Gordon said exactly about hackers pose every bit recruiters, copying existent chore postings off the internet, too ship their targets several innocuous emails to found rapport earlier springing the trap amongst malicious code hidden inwards a link labeled “click to upload your resume” or fifty-fifty inwards a PDF map of where to encounter for an interview.
But those trends volition change. H5N1 smart adversary won’t proceed attacking the same weak points amongst the same malware from the same IP address over too over too over, Gordon too his colleagues explained. That said, the bad guys can’t afford the fourth dimension too coin to reinvent the cycle every fourth dimension they attack. That agency you lot tin bathroom discovery exactly about recurring patterns that allow you lot create a profile of a special attacker, which inwards plough lets you lot discovery attacks you lot mightiness create got missed.
Discovering to a greater extent than attacks, inwards turn, lets you lot accumulate to a greater extent than clues to create a ameliorate profile to discovery to a greater extent than attacks to accumulate to a greater extent than clues. The destination of intelligence-driven defence is a positive feedback loop. That’s much similar its namesake, intelligence-driven operations inwards counterterrorism, where special operators grab a target, hence intelligence analysts tin bathroom ransack his energy cell to discovery his associates, hence the operators tin bathroom grab them too their phones inwards turn.
The framework Lockheed uses for this intelligence-gathering is what it calls the Cyber Kill Chain®. (Yes, Lockheed managed to register that every bit a trademark, fifty-fifty though it’s only sticking ii generic price together). “Kill chain” is military machine jargon for all the steps you lot demand to accept to perform a mission, from gathering reconnaissance to launching a weapon to assessing the damage. All these activities create got to accept house inwards cyberspace besides — they’re exactly intangible — too at each step, the assailant leaves clues the defender tin bathroom notice too performs tasks the defender tin bathroom disrupt.
Lockheed identifies vii distinct steps inwards the kill chain for a successful attack, from reconnaissance to exploitation to concluding “actions on objectives” such every bit copying undercover data. While smart adversaries volition in all likelihood alter their techniques for ane or to a greater extent than of these steps, the odds are depression they’ll alter all vii every time. That agency at to the lowest degree exactly about of the telltales of past times attacks — an IP address, a chip of code — volition exhibit upwards inwards hereafter ones, allowing you lot to select handgrip of them earlier they’re complete, preferably hence early on they’re even hence scanning your organisation for weak points.
Advanced hackers volition alter exactly about of their techniques from ane assail to the next, but non all, allowing cybersecurity analysts to role telltales from ane intrusion to assist them discovery the next. (Lockheed Martin graphic)
Big Data, AI, & Humans
Finding these recurring patterns requires analyzing large amounts of data, the to a greater extent than the better. Lockheed’s sheer size agency it collects too at to the lowest degree temporarily stores a petabyte a day: For reference, that’s plenty to fill upwards the laptop I’m writing this on too 125,000 others similar it.
To bargain amongst these masses of data, Lockheed is investing heavily inwards big information analytics, artificial intelligence, too car learning. The destination is to allow a laid of algorithms monitor a network or weapons organisation long plenty to instruct itself the patterns of normal operation. Then it tin bathroom alarm human operators to the abnormal.
For now, cybersecurity even hence depends on human minds, Gordon too his colleagues said. Lockheed’s really reorganized its global operations hence someone’s ever awake too watching, but no one’s slogging heavy-lidded through a graveyard shift: They immediately create got overlapping shifts run both past times large teams inwards Rockville too Denver too four-man cells inwards U.K. too Australia. The larger centers include non exactly analysts but in-house coders to write novel tools every bit needed, reverse-engineering specialists to accept apart the attacking code, too infrastructure experts who assist run Lockheed’s vast networks, all sitting side past times side to relaxation collaboration.
Those talented humans are inwards high demand, said Doug Booth, the trouble organisation evolution managing director who markets Lockheed’s cybersecurity tools, services, too preparation — much of it developed initially for the company’s self-defense — to exterior clients similar the Pentagon too allied nations. “We create got hundreds of openings” inwards his component of Lockheed alone, Booth said, thousands across the companionship every bit a whole.
“We beak almost all the tools too technologies,” Booth said, “(but) really the most valuable property inwards this cyber fight is a trained warrior.”
Buat lebih berguna, kongsi:
