Missile Defense Overview

In the last 10 years, we've seen significant advances in the technology our adversaries are fielding. Hypersonics are emerging as one of the biggest threats we have.

Tay Fitzgerald

Vice President, Strategic Missile Defense, Raytheon Missiles & Defense

The Evolution of the Missile System

DoD’s entire infrastructure is going to have to evolve to deal with the very rapidly emerging hypersonic as well as cruise missile threats. I think the most important thing for everyone to realize, and I know that the Missile Defense Agency has bought into this, is we're going to have to take both an evolutionary and a revolutionary approach.

Tay Fitzgerald

Vice President, Strategic Missile Defense, Raytheon Missiles & Defense

The Defense Department is knee deep into its review of its missile defense policy. Starting last summer, this first analysis of the current state of missile defense and where the capabilities need to go next should be done in time for the annual national defense strategy that is due out in early 2022.

The last time DoD took a hard look at its ability to defend the nation from missile threats and counter-capabilities was 2017 with a report being released in 2019. Experts say that strategy resulted in few, if any, changes to the current approach to missile defense.

The expectations that this new review will have a bigger impact on the current and future state of missile defense.

Arms Control Today, a non-partisan think tank, reported in June that the Biden administration plans to continue to build a new interceptor to counter long-range ballistic missile attacks.

The other change we can expect from this review, according to Vice Admiral Jon Hill, the director of Missile Defense Agency, is the review is looking at the entire threat space, not just intercontinental ballistic missiles launched from places like North Korea.

Other issues the review may address, according to experts, include protecting U.S. assets from hypersonic and cruise missiles as well as policy issues around acquisition, research and space.

Tay Fitzgerald, the vice president for strategic missile defense at Raytheon Missiles and Defense, said from a technology standpoint, it feels like the current strategy is a generation ago.

“In the last 10 years, we’ve seen significant advances in the technology our adversaries are fielding. Hypersonics are emerging as one of the biggest threats we have. Ballistic missiles, historically our biggest threat, were like throwing a football, they had a pretty predictable arc and were pretty easy to project where it was going to land. Hypersonics, on the other hand, are very, very fast moving and very highly maneuverable. So they’re much harder to detect and track in their course,” Fitzgerald said during the discussion The Future of Missile Defense sponsored by Raytheon Missiles and Defense. “We’ve had excellent discrimination capability. In other words, the ability to tell what a real target is relative to the countermeasure. That is not going to be adequate against the threats we’re seeing today. Addition to hypersonics, we’re seeing cruise missile threats. These are weapons that are able to evade our current sensor capability. We’re also seeing the ability to launch from a bunch of different domains, land, sea, even space so there are potential attacks from a lot of different sources and a lot of different capabilities that we haven’t dealt with before. So I would expect to see significant pivots in this review.”

The push to address hypersonics comes from the fact that near peer adversaries like Russia and China recently demonstrated these weapons. While the threat may not be imminent, DoD must prepare to have countermeasures for them in the next decade.

“We really need global persistent sensing. Whereas now we don’t have a uniform coverage, meaning we need to upgrade the sensors we have and also adding sensing capabilities from space,” Fitzgerald said. “More importantly, it’s not just having that network of sensors across the globe, but making sure they’re interoperable and that we’ve got command control between those sensors. That discussion is happening all the way from the very top echelons of the DoD and all the way down into industry.”

Fitzgerald said DoD’s current radar capabilities are good at detecting attacks from a long range, giving it time to launch countermeasures.

But these sensors are one dimensional and don’t do a good job detecting cruise missiles or possibly hypersonics.

“DoD’s entire infrastructure is going to have to evolve to deal with the very rapidly emerging hypersonic as well as cruise missile threats. I think the most important thing for everyone to realize, and I know that the Missile Defense Agency has bought into this, is we’re going to have to take both an evolutionary and a revolutionary approach,” she said. “Today we have some awesome sensing capability, transportable sensors with very, very good tracking discrimination and detection capability. We also have very capable sensors that are deployed at both land and sea. A great example of an evolutionary capability would be closing the fire control room around more of those sensors, more of those effectors today in a much more rapid manner. At the same time, we need to be have an eye to the future much more revolutionary technologies and part of what we’re doing to enable that is to make sure that we do our designs today is a digital engineering, open systems architecture, modular design. That way we can readily upgrade the hardware that we’re building today, instead of taking the 10-15, or even 20 year cycles to field new weaponry.”

She said Raytheon is investing in high power microwave capabilities so in the future, the hope is that DoD will able to take out all threats with a single shot.

“I think the most important thing is that the threats are changing. The technology and the application of that technology has to change with it, and there has to be some urgency around that change,” Fitzgerald said. “I think if we work in a collaborative manner across industry and with our allies, we can make those changes but they’re going to need to come quickly.”

Listen to the full show:

Agencies and all organizations are facing an ever-increasing number and variety of cyber threats.

While we’ve heard this too many times to remember over the last 20 years, the variety, velocity and volume of cyber attacks require a public-private partnership like no other challenge in the last 50 years.

The most recent White House cyber meeting and new initiatives around cybersecurity epitomize that approach.

But despite the decades of platitudes that cyber is team sport–that cyber will take a whole of government approach and many others–the truth is there still are plenty of questions that need to be answered and challenges overcome.

Information sharing is among the biggest remaining sticky wicket. Even with the Cyber information sharing act of 2015 and several ongoing federally sponsored initiatives, the roles and responsibilities remain confusing at best.

The White House’s cyber executive order attempts to address the roles and responsibilities, but some say may be causing more confusion.

What this all comes down to is the need to continually rethink the public and private sector partnership to defending networks, systems and data.

And when you add both speed and automation to the mix, the complexity of these important challenges become larger.

Steven Hernandez, the chief information security officer at the Department of Education, said despite agency progress over the last decade, there is a new sense of urgency as attackers are motivated in new ways and using a high degree of sophistication to launch their attacks.

“What this is all come together for us at my department is we have this stark realization that the need to innovate and evolve writ large in terms of risk management and cyber is paramount,” Hernandez said on the panel discussion Collaborative Defense sponsored by Raytheon Intelligence and Space. “When we look at that around the risk management side is it’s really about making sure we have near real time visibility to make decisions. We are talking about things like moving to a zero trust architecture. We are talking about things like supply chain security. We are talking about things like better threat intelligence sharing with our private sector partners.”

Kamrin Khaliq, the chief information security officer for the office of the secretary in the Department of Health and Human Services, said his office is rolling out tools like a vulnerability disclosure platform and other approaches to improve the sharing and use of cyber threat data, particularly for public facing websites.

He said the Defense Department has demonstrated the success of VDPs and HHS wants to follow their lead.

“One thing during COVID, we recognized we really needed to engage the private sector as well as the education sector, state and local and territorial organizations so that we can ensure we have that collaboration and give that visibility with respect to COVID related information,” Khaliq said. “That information sharing with respect to coronavirus cases, deaths and other sensitive information that we needed to share that was critical to understanding sharing threat or security information but also actionable information so we could appropriate respond to the threat of the virus at all levels of the government as well.”

The partnership of the public and private sectors that Hernandez and Khaliq talked about is key to staying ahead of the hackers and bringing innovation to cyber defenses.

Jon Check, the senior director for cyber protection solutions at Raytheon Intelligence and Space, said agencies like the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency have taken important steps to put out the joint cyber threat bulletins.

But Check said the more information that agencies and companies can share raises everyone’s threat awareness across the board.

“It’s not about one particular data set, but it gets down to that meta information about those tactics and signatures,” he said. “You can then say ‘here is the meta data, and I may think I’m vulnerable, but based on this information maybe I am.’”

Check added there are policy and technical challenges that still need to be overcome to increase the ability of agencies to act against cyber threat data.

“When you get to collective defense, the biggest thing we have to figure out is how do we truly have a data operations strategy given the mountains of data cloud providers have. That requires a strategy to get insights across that hybrid cloud environment,” he said. “We are taking the steps, but there are still policy and contractual barriers to get to the actions we need to take.”

Learning objectives:

• Addressing cyber challenges
• Information sharing
• Evaluating data

Complimentary Registration

Please register using the form on this page or call (202) 895-5023.

How to access the content: Please note, you may need to re-enter your registration information if you previously registered for this webinar and returned to page after clearing your cookies or using a private browser.

This program is sponsored by      

The Shared Model for Security in the Cloud

The bad actors are outside and inside your network even if you still put your security policies in place and you still purchased cloud security platforms or encryption or different types of trusted applications for your devices. You need to make sure those can be tied together on a on a transaction-by-transaction basis from a data view in order to be successful.

John DeSimone

Vice President, Cybersecurity, Training & Services, Raytheon Intelligence & Space

Options for Securing Data in the Cloud

You want to be able to deploy applications fast and efficient. You want to be able to innovate quicker and get them to the production line at a much increased speed. But once you roll these applications out, they're vulnerable and that's a problem. That is why the security piece must be part of that development production line. It is critical that you are confident that what you produce has got the right security controls.

John DeSimone

Vice President, Cybersecurity, Training & Services, Raytheon Intelligence & Space

Securing data and applications in the cloud is not a turn it on and leave it alone.

In fact, according to Gartner, over the next three years, “at least 95% of cloud security failures will be the customer’s fault.”

The model requires both agencies and commercial cloud providers to understand and clearly identify their responsibilities—both individually and where they overlap.

At the center of this approach are people and the trust relationship. Experts say trust erodes when customers misunderstand the role and responsibilities of the cloud provider.

The challenges for many public and private organizations is making sure they know what’s expected of them around the varying security requirements between infrastructure, platform and software cloud environments.

Agencies need to acknowledge the risks they are accepting and what steps they and their partners are taking to mitigate them.

John DeSimone the vice president for cybersecurity, training and services at Raytheon Intelligence and Space, said when it comes to security in the cloud, agencies and their vendor partners have a acknowledge upfront that shared responsibility.

“There’s the infrastructure piece, which the providers are responsible for securing your data. When it goes into the cloud, it is the agency’s responsibility to make sure it’s secure and available, and you understand where it is, who’s accessing it,” DeSimone said on the discussion Shaping the Future of Secure Cloud sponsored by Raytheon. “That’s not well known to a lot of businesses, especially if you are a young business that is just going into the cloud. When you get into larger enterprises, it becomes more complex because of the systems that that ride in the cloud and out of the cloud. You have to make sure that you, as the as the customer and consumer of the cloud, are ultimately responsible for your data. You need to make sure you understand what the cloud providers are providing for you, and what you need to provide to make sure your data is secure.”

While the cloud providers try to be clear about their security roles and responsibilities with the infrastructure, the confusion usually is around the data.

DeSimone said cloud providers have an incentive to provide, or really sell, more tools to help agencies protect their data.

“I think the issue is they purchased a cloud security platform, which is very good. But it doesn’t solve the entire problem. They think they are protecting their data, and they are to a certain degree, but the more complicated their enterprise becomes, the more vulnerable they are, and the more vectors of attack that open up for them,” he said. “If they don’t really understand that, then they’re vulnerable and bad things happen. I think it’s really along the lines of educating consumers that, ‘hey, you really do own your data, and you absolutely can move things into the cloud, but you’re responsible for your enterprise data protection, which may include on-premise, cloud, mobile devices, laptops or whatever the case may be. Your enterprise users need a holistic approach for securing that information.”

This is why applying concepts like zero trust architecture and identity and access management are so important for agencies to protect their data.

“The bad actors are outside and inside your network even if you still put your security policies in place and you still purchased cloud security platforms or encryption or different types of trusted applications for your devices. You need to make sure those can be tied together on a on a transaction-by-transaction basis from a data view in order to be successful,” DeSimone said. “I think the key is a shared model in the cloud. You have to be the integrator across all your devices, all your data, all your platforms, and you need to make sure you have the appropriate approach to insurance and security.”

Listen to the full show:

Technology's Impact on Attack Vectors

When we think about situational awareness, we view the enterprise as a new battlefield and cybersecurity is going to change what a battlefield will look like over the next 8-to-10 years. Information needs to come in in all aspects of that battlefield to create a large view of the situational awareness so organizations can take action to defend themselves. It’s really about making sure we can pull information across the entire cyberspace, correlate it and then create situational awareness to understand where our defensive postures are secure and where we have vulnerabilities. That is the critical piece going forward.

John DeSimone

Vice President, Cybersecurity, Training & Services, Raytheon Intelligence & Space

Cyber Attack Trends

That growth in both the amount of data, the number of devices and vulnerabilities that go with it makes it much more difficult for cybersecurity people to actually defend their networks. What we are seeing is a combination of both. It is old tactics, techniques and procedures with new devices and new protocols. Now think about the cloud infrastructure, new ways to transmit and new ways to hide. All of that is now happening. What it says to me is we now have to step back and think about how we collaborate between the public and private sectors and how we bring all our capabilities to bear on the problems.

General (Ret) Keith Alexander

Founder and Co-CEO, IronNet Cybersecurity

In 2019, agencies spent almost $17 billion on cybersecurity tools and people. They faced more than 28,000 cybersecurity attacks, and more agencies improved how they manage risk.

But that’s not enough. Traditional approaches need to evolve and agencies, and really all organizations, need to improve their resiliency to not only survive a cyber attack, but come out the other side better for it.

With the broadening attack surface and the move to 5G and other emerging technologies, agencies need to prepare for a host of new attack vectors ranging from next generation extortion through malware to the continued integration of operational technology with information technology to the hidden risks of the supply chain.

Retired Gen. Keith Alexander, the founder and co-CEO of IronNet Cybersecurity, said the number of devices on the network are ever-increasing and the infrastructure continues to expand, especially with 5G coming, and that is both good and troubling.

Alexander said the amount of data, the transmission speeds of that data and the inability of people to keep up with all that is requiring agencies and organizations to change the way they approach cybersecurity.

“Not only are we going to have to add in things like artificial intelligence and machine learning, but we’ve got to think about how we empower people, how we automate the detection of vulnerabilities and the detection of threats in our network. I think that is our future,” Alexander said on the Cyber Resiliency and the Nation’s Critical Infrastructure discussion sponsored by Raytheon. “We will have to confront this before we implement 5G because the number of devices per kilometer is potentially going from 100 to 1 million.”

Alexander said agencies are taking advantage of these automation tools, but the number of vulnerabilities are growing at a faster rate.

John DeSimone, the vice president for cybersecurity, training and services at Raytheon Intelligence and Space, said like many things in technology, cybersecurity is a big data problem.

“When we think about situational awareness, we view the enterprise as a new battlefield and cybersecurity is going to change what a battlefield will look like over the next 8-to-10 years,” DeSimone said. “Information needs to come in in all aspects of that battlefield to create a large view of the situational awareness so organizations can take action to defend themselves. It’s really about making sure we can pull information across the entire cyberspace, correlate it and then create situational awareness to understand where our defensive postures are secure and where we have vulnerabilities. That is the critical piece going forward.”

Alexander added that the situational awareness becomes more important as the power of malware and nation states and other adversaries turn up their attacks.

“That growth in both the amount of data, the number of devices and vulnerabilities that go with it makes it much more difficult for cybersecurity people to actually defend their networks,” Alexander said. “What we are seeing is a combination of both. It is old tactics, techniques and procedures with new devices and new protocols. Now think about the cloud infrastructure, new ways to transmit and new ways to hide. All of that is now happening. What it says to me is we now have to step back and think about how we collaborate between the public and private sectors and how we bring all our capabilities to bear on the problems.”

Listen to the full show:

The Evolution of Government’s Approach to Cybersecurity

The other big thing we are seeing is the real proliferation of weapons grade tools and capabilities. Whereas it used to take well-funded state actors to do some of the things that had been done historically, we are seeing those capabilities get out through the dark web to non-state actors, to every day criminals and hackers, which is really increasing their capabilities and causing us to really up our game.

Wally Coggins

Director, IC Security Coordination Center, Office of the Director of National Intelligence

Threat Intelligence Communication

We are focused on sharing tradecraft. We are trying to produce products now that help your network defenders understand the tradecraft the nation state actors are using and be able to prioritize their mitigations. Network defenders tend to get overwhelmed with so much to do.

Dave Frederick

Deputy Director, Cybersecurity Directorate, National Security Agency

Emerging Technologies and Cybersecurity

We’ve been really focused on how to do you continue to provide electricity or natural gas or whatever your particular piece is in the energy sector while under attack? We have some investments and are doing some research and development on the technology that can do automatic anomaly detection and also accommodation to continuously provide that flow of electricity uninterrupted even while in a degraded environment. That is really the future that we are looking at.

Tim Kocher

Special Advisor, Office of Cybersecurity, Energy Security, and Emergency Response, Department of Energy

Cybersecurity is like a classic 1980s horror film–think Friday the 13^th or Halloween–every time you think you’ve gotten away from the killer, they just keep coming back.

Every locked closet is busted open. Every time you think you’ve won, somehow the bad guy reemerges from the dead.

Unlike in the movies where the hero or heroine always wins, agencies’ cybersecurity horror story never ends.

Adversaries are ramping up the use of cyber attacks to steal intellectual property, manipulate and disrupt data, all in the name of creating strategic and tactical advantages.

The Defense Department, the Intelligence Community and civilian agencies must continue to defend systems and data today as well as prepare for the constant evolution of cyber threats.

The Internet Society says cybersecurity will be the most pressing challenge of the next decade. It says responses to date have been thoroughly insufficient and the costs are escalating. Cyberattacks and cybercrime will shape the Internet and our relationship to it.

And the government will be caught in the middle, the Internet Society says. Citizens will expect agencies to respond to cyber threats, but at the same time they have to find the balance of national security and online freedoms.

But there are things agencies can to do today to prepare them for that scary future. Emerging technologies like artificial intelligence and machines learning, and approaches like zero trust will be critical and beneficial in protecting systems and data over the next decade.

Matthew Eggers, the vice president for Cybersecurity Policy at the U.S. Chamber of Commerce, said the threats, general speaking, have remained the same, and below the threshold of armed conflict.

“How do we deal with those threats that needle away of our economic capabilities and our advantages?” Eggers said. “Our adversaries know that we can’t bring everything to bear because they are operating below certain thresholds.”

Sanjay Gupta, the chief technology officer at the Small Business Administration, said the agency is working internally and externally to combat cyber threats. SBA is helping small firms understand they too are targets of bad actors and what steps they can take to protect themselves.

Then internally, Gupta said federal policies are becoming more flexible to deal with the ever-changing threat landscape.

“They are getting away from being a prescriptive model to a more adaptive model,” he said. “They are becoming more outcomes driven than mandates, if you will. The Trusted Internet Connections initiative is a perfect example of that.”

Listen to the full show

Changes in National Air Space

There’s definitely technology, whether it’s battery technology or the ability to have electric rotors and things like that, coming together with new business concepts that will serve the general public in new and different ways,.

Matt Gilligan

Vice President, Navigation and Modernization Solutions, Raytheon

Expediting Capabilities Securely

At the end of the day, you want to go fast, but because of the criticality of the system you have to do it in a way where it’s secure, safety is a number of concern and you have to do it as efficiently as possible.

Matt Gilligan

Vice President, Navigation and Modernization Solutions, Raytheon

Cyberattacks are increasing in frequency, sophistication and threat. The aviation infrastructure is becoming more and more connected and therefore more vulnerable – from airport passenger systems, to communications to and from the aircraft, to onboard systems. A cyberattack on this critical infrastructure would be extremely destructive.

While the Federal Aviation Administration understands the importance of planning for and preventing against cyber threats at all levels, it’s not just one organization’s responsibility. It takes a holistic approach to secure the nation’s aviation infrastructure.

This challenges will only increase as the use of connected devices grows, as there are new entrants like drones in the national airspace system and the cyber threats continue to evolve.

A March 2019 Transportation Department inspector general report found the FAA has taken some steps to mitigate their cyber risks. For example, auditors say the FAA has completed a cybersecurity strategic plan, coordinated with other federal agencies to identify cyber vulnerabilities and developed a cyber threat model and cyber research and development plan.

Matt Gilligan, the vice president of the navigation, weather and services mission area at Raytheon, said all the new entrants in the air space like drones and urban air taxis change the way the national air space needs to be managed and secured.

“There’s definitely technology, whether it’s battery technology or the ability to have electric rotors and things like that, coming together with new business concepts that will serve the general public in new and different ways,” Gilligan said on Cyber Securing the National Airspace System sponsored by Raytheon. “This is something the agencies are all looking at because there is no question these advancements will happen. What role does industry play? What role does the government play? What’s going to be acceptable for the general public to adopt this? There are a lot of conferences and discussions about what we will do about these new entrants.”

The changing face of the national air space brings both a host of challenges and opportunities for the FAA, the federal government at large and industry.

Gilligan said the current air space system infrastructure is addressing the current needs of airlines, helicopters and other general aviation needs. But as drones, urban air taxis and the like take off, Gilligan said the current technology and processes will be overwhelmed.

“It’s not going to be done by expanding the capacity of the existing systems. It’s going to be new systems that will need to interoperate with the existing systems. How do you get the new and old systems to work together?” he said. “Probably the number one thing in our decades of experience working in the air space, safety is number one. I’d put cyber in that same category, it’s just as much of a safety issue as other traditional things. It’s out do you do that and make sure the system stays safe and is cyber secure.”

Gilligan said the new technology will be a combination of machine-to-machine communication and human oversight to manage all the different pieces and parts that will go into this air space system of the future.

“It’s almost a whole eco-system that has to be in place before these vehicles can fly,” he said. “For them to be able to fly safely, it’s about how will they get to where they want to go, and detect and avoid either other vehicles. What is the infrastructure that needs to make that happen?”

Gilligan said new sensors designed for low-altitude flying need to be in place to enable these new vehicles to fly.

He said the FAA, the companies developing and using these new entrants and service providers like Raytheon, must collaborate to develop the new systems and technologies to make this all work.

The FAA’s current effort to modernize its entire network of 5,000 nodes, the emergence of 5G technology and a new overall architecture to connect these systems will help push this effort forward.

Since many of these changes have to be software-based, Gilligan said one big change that is happening is the use of dev/sec/ops for applications.

“At the end of the day, you want to go fast, but because of the criticality of the system you have to do it in a way where it’s secure, safety is a number of concern and you have to do it as efficiently as possible,” he said. “Our approach to these large critical infrastructure type of things, starts with a vulnerability assessment. When you add these new entrants, there are new interfaces and new players, and all those represent potential new vulnerabilities. The second part of it is, what are the potential threats to this system, and given the vulnerabilities, that drives the solution? In almost every situation, it ends up being a layered defense.”

Listen to the full show:

Staying Cyber Relevant

We are looking at cross-sector solutions with the sector-specific agencies. We are as concerned today, if not more so, about changing tactics techniques and procedures of the adversary. We have not backed off of any of our warnings. In fact, we've started to ensure that especially during the month of October, during Cyber Security Awareness Month, that we are making sure that both individuals and those responsible for the collective are aware of those nation-state actors that we are most concerned about, and also of the protectives measure that they should be taking on a daily basis themselves.

Alexis Wales

Deputy Associate Director, Threat Hunting, Cybersecurity and Infrastructure, Cybersecurity and Infrastructure Security Agency

Threat Intelligence and Success Stories

The Worldwide Threat Assessment talks specifically about what China can do in our infrastructure, and on the top of page six it talks about what Russia can do. So, what we are trying to do is make sure we can detect it. Some of the traditional ways of how people look at the information is very after the fact of something happening, so that's the reactive piece. So, we are now saying that any anomaly; any alarm that's triggered within an operational technology environment, that IS the trigger; that is the cyber threat indicator until such time that we can do the analysis across the board and say that it's not, that that's a normal way.

Karen Evans

Assistant Secretary for the Office of Cybersecurity, Energy Security, and Emergency Response, Department of Energy

The Role of Women in Cybersecurity

It's a must do; retraining across the board. At the end of the day, cyber is a people business. You have a person on the end of that keyboard and it's about understanding the people. And women have very high emotional intelligence. They're fine with expressing emotion and they're fine with others expressing emotion. So, I do think convincing them that they can enter at any point in their career and learn the technology, because they do bring something to the table.

Teresa Shea

Vice President of Cyber Offense and Defense Experts, Raytheon

Cyber threats have changed dramatically over the last several years. But while the landscape has evolved with the advent of the cloud and vast amounts of data being stored there, staying ahead of threats is a major focus for federal agencies and their private sector partners.

Federal News Network organized a panel discussion with industry and government cybersecurity experts to explore the challenges, and opportunities, around this critical issue. Specifically, how a diverse workforce – in what has typically been a male-dominated field – can achieve success against the ongoing cyber threats the country faces.

The panel included representatives with a variety of perspectives from the departments of Energy, Homeland Security and Health and Human Services, as well as the Defense Information Systems Agency and Raytheon.

A common theme among the panelists was staying proactive so agencies are not “analyzing after the fact,” according to Karen Evans, assistant secretary for the office of cybersecurity, energy security and emergency response at the Department of Energy. Evans said she remembers a warning about cyber attacks from the head of the National Security Agency some 10 years ago, and she said threats from adversarial nation states are still some of the biggest challenges.

As devices are more interconnected, the playing field gets more complicated. Agencies rely heavily on their partners in the private sector so that “risk-informed decisions can be made quickly and in an intelligent manner,” according to Alexis Wales, the deputy associate director of threat hunting, cybersecurity and infrastructure at the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security.

DHS continues to look at cross-sector solutions but Wales said bad actors are already in the systems, and the days of securing the perimeter are over. She said DHS focuses on partnerships with those who operate closer to the endpoint to warn about what might be taking place.

The bar to entry from attackers is low, and Teresa Shea, vice president of cyber offense and defense experts at Raytheon, said once bad actors get in they discover what might be valuable to them and what they might be able to sell or use to their advantage.

“Even personal information could be of high value to an adversary,” she said.

The way forward? “Know what’s the most important asset to you and protect that, but you also have to protect your entire network surface,” Shea said.

Listen to the full show:

The Importance of Data Resiliency

Orchestration is not a new approach, but what you would need to have is an architecture in your environment to provide zero trust so you understand at each step the integrity of the data, whether it’s being run on the appropriate servers or whether it’s being run by the appropriate people so you need to have bindings of users to equipment and equipment to data.

John DeSimone

Vice President, Cybersecurity & Special Missions, Raytheon

Moving Toward Zero Trust

As you're rolling out a zero trust approach and an architecture that aligns with that, you can see yourself moving more toward the data side or the enterprise side. You still will need end-point protection, but not to the degree that you have today because you are comfortable with the risk profile at the back end.

John DeSimone

Vice President, Cybersecurity & Special Missions, Raytheon

Data is the lifeblood of any organization.

Research firm IDC predicts the world’s data will grow to 175 zettabytes by 2025 from 33 zettabytes in 2018. That’s a compounded annual growth rate of 61 percent. Just to put some perspective around this number a zettabyte is a trillion gigabytes so 175 zettabytes is 175 million gigabytes.

The expectation of data growth across the federal government is no different. There is more than 247,000 data sets on data.gov. That’s just one measure.

There are zettabytes of data from nearly every agency from the Census Bureau to NOAA to the Agriculture Department is growing every day, especially as the use of Internet of things devices continue to grow.

The dependency on the data to run missions, to serve citizens and to protect the nation depends on security and resiliency.

There’s a lot of discussion about security, but resiliency is a topic that probably doesn’t get enough attention.

Many times when agencies talk resiliency, they are thinking continuity of operations (COOP).

For example, the Office of Management and Budget’s June 2019 data center memo talks about the resiliency of data centers and ensuring agencies know about problems with cooling or power.

But data resiliency for this discussion means something much different. Agencies need to consider an enterprise data management approach that has a command and control approach of sorts. And as agencies move into a hybrid IT environment where some applications and data are in the cloud and some remain on premise, the concept of always having access to your data becomes more important.

John DeSimone, the vice president for Cybersecurity and Special Missions at Raytheon, said agencies have to ask themselves, can their data—not just their systems—survive an attack?

He said data resiliency incorporates continuity of operations and disaster recovery, but it’s more than that.

“It also is a shift toward monitoring, doing the orchestration, understanding the collection, the creation and the classification of our data and being able to watch the flow through your organization,” DeSimone said on the program Every Side of Cyber: Data Protection with Zero Trust. “Much like today were security systems tend to watch network traffic and network flow, we need to move to an environment where we are watching the data flow and understand the impacts that different systems and users have on that data.”

DeSimone said there is a growing understanding across the government about why data resiliency is important, but agencies are inconsistent in applying the tools and techniques.

This concept of taking a more active role in understanding, managing and ensure your data is more than just secure, but resilient too becomes more important as agencies continue to live in a hybrid IT environment where some systems and data will be in the cloud and others will be on-premise.

DeSimone said the cloud makes data resiliency easier in some respects, but it comes down to the need for orchestration, or in military terms, agencies need a command and control perspective.

“Orchestration is the key. Having the tools and being able to encrypt obviously are going to be critical. Being able to classify is going to be critical. But tying data together in a command and control environment and orchestrating it across the enterprise is really the next step,” he said. “Orchestration is not a new approach, but what you would need to have is an architecture in your environment to provide zero trust so you understand at each step the integrity of the data, whether it’s being run on the appropriate servers or whether it’s being run by the appropriate people so you need to have bindings of users to equipment and equipment to data.”

DeSimone said once agencies have a fuller understanding of their data, then they can put tools in place to visualize the information to make better decisions.

Data resiliency is another piece to the zero trust puzzle agencies have to figure out and in to the framework.

DeSimone said agencies should add verification of the data and user at each step as part of creating a resilient and zero trust environment.

“You will use a set of dynamic variables to identify the trust, the user, the time, the work patterns, the type of information they are looking to correlate to say, ‘should this action be taken and is it valid?’ If it is, let it pass, and if not, you can stop it right there,” he said. “You get a higher degree of an ability to protect yourself. That goes back to being able to collect the information from the sensors that are in place today and add an orchestration layer around the data to take use of those, monitor and apply it to how data flows.”

DeSimone said the zero trust approach will help agencies stop “chasing the endpoints,” which is an unwinnable battle, especially with the Internet of Things continuing to grow.

“As you’re rolling out a zero trust approach and an architecture that aligns with that, you can see yourself moving more toward the data side or the enterprise side,” he said. “You still will need end-point protection, but not to the degree that you have today because you are comfortable with the risk profile at the back end.”

When you just look at the federal government, the need for cybersecurity experts, both offensive and defensive, will continue to grow every month, every year.

One way to address this ever-growing need for people with this cyber skillset is to get the next generation of employees interested and excited about cybersecurity.

And that is why competitions such as the National Collegiate Cyber Defense Competition are so important to training and preparing for the cyber threats of today and in the future.

For a second year in a row, a team of students from the University of Virginia won the NCCDC, which is sponsored by Raytheon and a dozens of other public and private sector organizations. And just as important, the cyber defense competition is opening the door a bit wider for how to attract cyber workers of the future.

Take Mariah Kenny, who graduated this spring from the University of Virginia. The competition helped her understand the pace and excitement of protecting networks. She now has a job in the cyber industry.

Roman Bohuk said he came into the competition with a limited knowledge about cybersecurity, and he found the action of defending a network and the stress it brings appealing.

As part of wining the competition, the team received an inside look at the government’s cyber efforts. The students met with the Defense Department’s chief information officer’s office, the Homeland Security Department’s Cyber and Infrastructure Security Agency (CISA), the FBI, the CIA and the Defense Advanced Research Projects Agency (DARPA).

“I think many people think of the government as a monolith organization and think about it very abstractly. But getting to meet the people who do the work on a daily basis and getting to see the challenges they face and places they work and the things that really interest them was really grounding and pretty motivating actually. It was a really valuable experience and personalize what the government does, and showed me what opportunities are available,” said Jack Verrier, another team member.

Jake Smith said by visiting all the agencies he learned just how advanced the government is in defending networks and understanding the current and emerging threats.

Other team members said meeting with the agencies opened their eyes to a career in government.

Sam Spelsberg said the fact that the government experts he met is driven by the mission makes a potential career in government attractive.

“It was really inspiring to put a face to these names and personalize the government was really important. You could see these people working on these specific projects are not just stagnant in what they are doing to maintain the status quo. They are excited about innovation and the next level of technology whatever that may be in their field,” said Caroline Linkous.

Listen to the full show:

PPD-41 outlined some key concepts around defining what a cyber incident and a major cyber incident meant, while also providing guiding principles for incident response.

From that PPD, the Homeland Security Department developed a national cyber incident response plan (NCIR), providing even more details about the activities and the lead agencies for each activity.

But PPD-41 and the NCIR are reactive documents and plans that come after being victimized by a cyber attack. What is missing is how agencies can get ahead of the attack through proactive threat hunting and a more strategic response.

The evolution of cyber tools and capabilities over the last few years, most notably the sharing of threat intelligence, has enabled agencies to do more to get ahead of the cyber threats.

In the 2018 national cybersecurity strategy, the White House specifically called out the use of cyber threat hunting capabilities, saying the government “will be able to assess the security of its data by reviewing contractor risk management practices and adequately testing, hunting, sensoring and responding to incidents on contractor systems. Contracts with federal departments and agencies will be drafted to authorize such activities for the purpose of improving cybersecurity.”

There are several benefits from this proactive stance agencies are starting to take, including reducing damage to the organization and improving the speed to response.

Agencies need to consider several factors as they move more toward this proactive model.

Threat Hunting and Incident Response

To see more is to know more. If you take the threat intelligence data and then you apply it to a forensics process that has visibility on every single aspect of what’s going on an endpoint then you are able to ascertain if those threats do exist inside of your environment. The trick to that is to do that in a timely fashion so that you are looking simultaneously across all of your end points and you are not focused on a narrow lane where you miss those threats that exist on other endpoints or other parts of your network.

Ben Cotton

President, CEO and Founder, Cytech Services

The Use of Data

You might as well as look at those things that are most relevant to how your security operations work, the threats that you want to look for or be alerted on and bring the data down. So if it doesn’t fit into the use case of I can use this data to either detect this threat automatically or it will not be useful from an incident response perspective, then don’t collect it.

Dylan Owen

Senior Manager for Cyber Services, Raytheon

The Cloud Impact

It’s all about diversity of thought, diversity of perspective. One of the areas we see that most often is we’ve been very involved in the National Collegiate Cyber Defense Competition. That’s something we see every year there, not only really great diversity of thought, but also a lack of bias. It’s really great to see the creativity people bring and the lack of bias frees them up to think outside the box.

Mark Orlando

Chief Technology Officer for Cyber Protection Solutions, Raytheon

Listen to the full show: