EVER INCREASING THREAT OF CYBER ATTACK DEMANDS PROACTIVE DEFENCE
By Giri Sivanesan, Lockheed Martin UK’s Head of Cyber.

The spectre of cyber attack is no longer something that is only likely to affect Governments or big business. There is an increasing realisation that unscrupulous cyber attackers, armed with simply a computer and keyboard, could cause suffering to millions. The challenge for the defenders of the cyber realm is to stay one step ahead. Lockheed Martin UK’s Head of Cyber, Giri Sivanesan, explains how the Corporation is building its defences, both for its own benefit and for customers in the public and private sectors.

It seems the word Cyber is never far from the news these days. Recent, high profile cyber related news stories linked to some of the biggest companies in the world have shown that in this era of ever increasing connectivity and communication protection of data of all types is crucial.

The threats today are many and varied and the adversaries range from criminal gangs through hacktivists to state sponsored cyber attacks. The risks to business and government include:

• Loss of data and the subsequent impact on public perception
• Denial of service and the effect on business continuity
• Espionage and the loss of intellectual property and potentially state secrets
• Criminal activity for financial gain

A well designed cyber attack can go unnoticed for some time and the potential damage that can be inflicted on the victim is huge. Not only is there the actual physical loss of data or service provision but there is also the subsequent impact on the victim’s credibility with its customers and service users. A recent loss of data at a leading consumer goods manufacturer is estimated to have cost the company over $150 million already and is still rising; they have lost customers, customer confidence has fallen and they face further legal claims from the customers whose details were leaked.

Once, cyber adversaries operated in isolation, identifying and attacking their victims using their own attack methodologies but there is growing evidence that the various groups are now communicating and co-operating. Additionally, it is not unusual to see attack methods developed for a particular purpose or domain start to be used by other groups in other domains when their effectiveness in the original domain starts to decline or has served its purpose.

The threat is ever evolving, driven by the dichotomy of improved security within software and security awareness within the online community, forcing the adversaries to be ever more imaginative in their attack technique development. As our online connectivity increases, we can expect that the newer functionality, such as smart meters, become more attractive to the adversaries because their lack of exposure to the online threats may leave them vulnerable to exploitation.

Traditional cyber defence is based on reacting to attacks, dealing with the after effects and ensuring the attack method is unable to be used again. Nine years ago, Lockheed Martin was in this reactive mode of defence but we quickly realised that this approach was ultimately doomed to failure. No matter how good the defences, the attackers are always one step ahead. As a result, we realised that we needed to work smarter, seize the initiative and get ahead of the attackers. Our development of an intelligence-based approach to computer network defence was born out of this realisation and its evolution over the past nine years has put us at the forefront of defence against the advanced persistent threats attacking our networks.

Having identified the constituent parts of cyber attacks we developed the Cyber Kill Chain methodology. Application of this methodology forces adversaries to be successful all along the kill chain in order to launch an attack, whereas the defender only has to be successful at one stage in the process to thwart the attack. When supported by