.jpg)
Next-Generation Cyber Collaboration
Written by Patrick Chisholm and Chris Hannas
MIT 2010 Volume: 14 Issue: 2 (March)
In another sign of stepped-up efforts by the defense and technology industries to protect client data and systems from cyberattacks, Lockheed Martin has launched the NexGen Cyber Innovation and Technology Center.
The NexGen Center, which opened in November 2009, brings together leading technology companies to solve customer problems in a real-time environment. Working together as the Lockheed Martin Cyber Security Technology Alliance, the technology partners use the center to collaborate on cybersecurity solutions for threat detection and protection.
In addition to Lockheed Martin, partners in the alliance include APC by Schneider Electric, CA, Cisco, Dell, EMC and its RSA security division, HP, Intel, Juniper Networks, McAfee, Microsoft, NetApp, Symantec and VMware.
“The strategic aspect of this innovation center is that we actually have the companies bringing their talent, their engineers, their software developers to stand side-byside with Lockheed Martin engineers and software developers to address a customer’s problem,” said Charles Croom, vice president of cybersecurity solutions for Lockheed Martin Information Systems and Global Services. “It’s not a demo center; it’s for creating innovative solutions.”
Located in Gaithersburg, Md., not far from Washington, D.C., the NexGen Center encompasses 25,000 square feet with 25 dedicated personnel. It can accommodate up to 400 people, who can be pulled from all aspects of Lockheed Martin’s global operations. The center’s collaboration areas include a green IT data center, cloud computing platforms, telepresence, high-definition videoconferencing, and connectivity to other Lockheed Martin sites around the globe.
Croom, a retired Air Force lieutenant general who previously served as director of the Defense Information Systems Agency, says it’s important for the alliance companies to be able to collaborate in the same physical space. “We recognize that virtual is good, but sometimes a face-to-face meeting to collaborate and to improve collaboration between our commercial partners, and in particular our customers, is indispensable,” he said. “And so we built a place around facilitating innovative collaboration so that we can create solutions to real problems the customer has.”
The alliance allows the companies to strengthen the “ecosystem” of the cyber-world, according to Mischel Kwon, RSA vice president of public sector security solutions, “We see a great synergy between vendors coming together and creating collaborative solutions together to solve some of the problems we’re seeing in the security realm,” she said.
SECURITY ECOSYSTEMS
Lockheed Martin’s experience as the largest IT provider to the federal government means the company faces similar threats to those posed to agencies such as the Department of Defense, Croom noted.
“We receive all levels of attacks here,” he said. Those threats have garnered the attention of local and national officials looking to bolster the nation’s defenses against cyberattacks. President Obama appointed a White House cybersecurity coordinator in December 2009, bringing Howard Schmidt, a former Microsoft security executive, to oversee security efforts at the federal level.
To mark the opening of Lockheed Martin’s new Center, Governor Martin O’Malley of Maryland declared a Cybersecurity Awareness Day to bring attention to the cyber-threats.
“Threats such as identity theft, network viruses, loss of sensitive information and other malicious activity are part of the ever-evolving world of cyber-information and communications,” said O’Malley. “As public servants, our most solemn obligation is to protect the safety of the citizens we serve, and that includes protection from cyber-threats.”
The alliance emphasizes the need for a collaborative effort to face those threats.
“Our adversaries operate in sophisticated criminal ecosystems that enable and enhance their attacks,” said Art Coviello, executive vice president of EMC and president of RSA. “To defend against such organized and purposeful opponents, we need to build effective security ecosystems based on collaboration, knowledge-sharing and industry best practices.”
A 2009 security report from Cisco said there has been an increase in e-mail threats, particularly phishing schemes that use malicious code to target users.
THREE CYBER-GOALS
Goals of cybersecurity can be broken down into three main areas, according to Tom Conway, director of federal business development for McAfee. The first is confidentiality, what he calls “keeping your secrets secret.” The second is to protect the integrity of customer data, particularly when it comes to automated systems. Changing key data in those systems—turning north into south or left into right—could have catastrophic effects, Conway said. The final aim is system availability, battling against denial-of-service attacks that can keep a system from operating.
“There are lots of different malware that try to infect, but really their end goal is trying to steal your information. They also want to change your information so it slows you down or stops you in your tracks, or they want to deny you the ability of sharing your information among yourselves,” said Conway.
One focus of the NexGen Center is to adapt the current model of reacting to threats and intrusions to an approach that is more proactive in preventing those attacks. The alliance partners are working through methods such as data pattern analysis to try to predict what an attacker is going to do.
The center’s cyber-range gives the partners the ability to develop innovative solutions, pushing their leading edge technologies to create new ways to protect their customers. Being able to apply a war-games type of scenario is vital to the center’s mission, Croom said.
“The cyber-range allows us a safe environment to create solutions and be able to friendly attack those solutions to determine how good they are,” he said. “The theory is, better to do practice combat with enemy friendlies and become experienced long before you go to war and have someone really shooting at you.”
Lockheed Martin is also helping to develop a national cyber-range for the Defense Advanced Research Projects Agency (DARPA), a major governmentwide effort to increase the nation’s defenses against electronic attack.
“When you have learning, you have innovation and you create [solutions] faster,” said Croom. “That is what DARPA is trying to do—sophisticated solutions— and Lockheed Martin has seen that well in advance and created our own cyberrange.”
MULTIPLE PROVIDERS
Bringing in leading technology companies to collaborate in one space allows alliance partners at the center to better utilize their combined efforts. Because many of the customers are running similar networks or facing similar threats, the engineers and software developers can work together to streamline the creation of new best-of-breed solutions.
The alliance partners have been strategically chosen not only for their individual expertise, but also to include multiple companies that provide similar capabilities, Croom explained. By working with both Juniper and Cisco, or Symantec and McAfee, for example, the center is able to better replicate a customer’s legacy systems and ensure that a solution can be integrated within those systems. They are able to mimic a customer’s setup at the center without having the customer physically bring their system to the site.
The partnerships also provide a way to keep up with emerging threats that might hamper new computing platforms. When a new IT model such as cloud computing emerges, it becomes especially important for companies to understand how that may bring new cybersecurity threats.
Cloud computing is “a new idea in terms of virtualization that people are running to because of the promises of better economics, better return on the dollar, and yet that presents some security issues that have to be addressed,” said Croom. “So we’re standing with our customers and with experts in cloud computing like EMC, Cisco, VMware and NetApp working that very difficult problem.”
Part of the focus on proactive solutions to cybersecurity threats is to utilize automated processes to help fend off attacks and prevent the loss of customer data. Those processes help predict attacks and allow the system to more quickly respond to the threat itself, using self-healing technology without user input.
McAfee’s Global Threat Intelligence system is vital to the automated protection process, Conway contended. The system both blocks threats locally and sends the information back to McAfee in order to prepare other systems should a similar attack reach their part of the globe.
“If you’ve got protection, you assume if a threat is occurring on the other side of the world it’s just a matter of time—and a short amount of time—until it’s going to hit you,” said Conway. “So once you’ve diagnosed it, apply that protection automatically. Don’t wait for human intervention, because by then it may be too late.”
Cisco devices have a similar ability to send information back to a central location and allow for automated defense. “We would call it a complete self-defending network,” said Dan Kent, director of federal solutions at Cisco. “Or a network that has the ability to defend itself, integrated with componentry of the system itself, plus appliances that are specially built for certain aspects of that security.”
The NexGen Center’s green IT data center was designed to address the center’s needs as well as the needs of its customers. “Going green is extremely important in a data center because it significantly drives down cost,” said Croom. “When you have a Google that has server farms and acres of computer equipment, they consume lots of energy, they generate lots of heat and they require lots of cooling.”
The energy demands and costs to provide that energy end up being higher than the manpower costs, Croom said.
GLOBAL OUTREACH
Along with the benefits of being able to collaborate with partners on the same site, the alliance also maintains the ability to reach out to its talent and customers around the world. The NexGen Center’s telepresence, which features the latest in teleconferencing technology from Cisco, allows partners to globally collaborate faceto- face while addressing real-time technology scenarios or the latest cybersecurity threats.
“So we can virtually demonstrate capabilities and solutions and collaborate, which is the key, with the technical people necessary to put these capabilities and solutions together,” said Croom.
The ability to bring together the alliance of technology companies and to test real-life solutions in its cyber-range is what makes the NexGen Center unlike any other effort to improve cybersecurity, Croom said.
“We’ve identified a location where this team can come together, both physically and virtually, to look at customers’ very difficult problems, something that could not be solved alone by a commercial solution,” said Croom. “Then you enable that center, tie it to a Lockheed Martin cyberrange that allows you to reach out globally, touch additional expertise and also allow a safe environment for you to exercise attacking and defending against solutions that the team is building. That is a very, very powerful notion and I don’t know of anything like that.”
The solutions pioneered at the NexGen Center will not only address the needs of its customers, but also go towards creating solutions the alliance companies can use across their client base. In that way, the technology companies solve current problems for customers at the center while enhancing the portfolio of solutions they can offer for future projects as well. The next step is utilizing the public-rivate partnership to create policies to enhance the nation’s cybersecurity, according to Kent.
“I think that’s critical as we move forward, and I think groups like this— teaming with Lockheed Martin and other partners here—can give the government a decent cross-section of industry to talk with to help deliver policies that can be deployed within federal agencies,” he said. ♦
Cyber Security Challenge Offers Real World Experience
The National Defense University’s iCollege, also known as the Information Resources Management College, was scheduled in March to hold its second Cyber Security Challenge, designed to provide technical management level leaders the opportunity for hands-on experience in network operations. In turn, sponsors say, the experience will yield better informed decisions on how to best defend their networks.
The fi rst version of the event, held last November, consisted of 16 participants, broken into teams of two, representing fi ve different Department of Defense agencies. Led by Air Force Major Steve Mancini, the event gave practicing information technology and information assurance leaders the opportunity to experience real-time network intrusions.
An isolated computer network was constructed for the event. Each team was issued two computers, one designated as an attack machine, the other to be defended. Additionally, several common target computers were set up containing applications that any government or business would have. These included an e-mail server, Web server, fi le server, and other machines to monitor the network activity.
The hands-on portion of the event lasted two hours. The teams competed against each other by attacking opponent machines, as well as the common servers, using tools such as the open-source Backtrack 4.0 Linux CD. Simultaneously, the participants were tasked with defending their machines from opponent attacks.
The overall goal for each team was to complete different tasks, such as capture specifi c fi les, deface an opponent’s or server’s Website, capture e-mail, or knock an opponent offl ine. The team that completed the most tasks was designated the winner.
By experiencing real-time network intrusions, participants said, they gained valuable knowledge in how to defend against them. Both participants and organizers got a unique, hands-on experience in what it means to be hacked or have network intrusions conducted against them.
Early in the event, for example, one of the participants launched an ARP fl ood attack, which led to the entire network going down. It was only reconstituted when one of the organizers discovered the source of the attack and stopped it.
Due to the opportunity the exercise provides for government employees, the March event was slated to have 24 participants from across several federal agencies, and to last four hours instead of two. Additional real world experiences for the participants will be incorporated, including a wireless control system attached to a remotely operated bridge, a more hardened network infrastructure able to withstand low level attacks, and time to lock down and customize their machines prior to kicking off operations. They will also be given more tools for the offensive piece, giving them more choices in their method of attack. For more information about the events, contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it .