Lockheed Martin Launches UK Cyber Centre
By Yvonne Headington

11 Dec 11. Lockheed Martin’s UK Security Intelligence Centre (SIC), the first to be located outside the United States, was unveiled on 2nd December by the International Security Minister, Gerald Howarth. “I welcome Lockheed Martin UK’s commitment to the cyber security effort” said the Minister, who was accompanied by Major General Jonathan Shaw, Head of the Defence Cyber Operations Group within the Ministry of Defence.

Highlighting the economic importance of the internet, which accounts for around 6% of gross domestic product, Gerald Howarth drew attention to the UK Cyber Security Strategy. The Strategy, published on 25th November, stresses the importance of co-operation between Government and critical industrial sectors in combating the cyber threat. “Today is further proof of the seriousness with which industry takes cyber security” said Gerald Howarth “and is part of building a real and meaningful partnership with Government.”

BATTLESPACE was given access to the new SIC facility in Farnborough where Giri Sivanesan, Lockheed Martin’s UK Head of Cyber, explained the core principles of the company’s cyber security operations. The role of the SIC is to detect, identify and respond to information security incidents by bringing together three primary capabilities: pervasive sensors, data management and analyst collaboration. The centres provide a place where cyber analysts and experts can work together and share intelligence on all aspects of computer incident response.

Lockheed Martin’s £2.5m investment in UK facilities, employing 20 people (including five analysts), will strengthen the company’s in-house computer network defence. The company recruits personnel with a range of educational backgrounds, from Information Technology to Philosophy. Employees are not required to have any particular experience in cyber disciplines since the company provides full training. Giri Sivanesan explained that good analysts are those with the capacity for logical thought and problem-solving, rather than those with preconceived ideas.

Lockheed Martin cyber intelligence analysts examine attacks at a macro level. Attacks are often linked and each attack yields intelligence which can lead to the discovery of previously unknown attacks. In analysing and defending against attack, Lockheed Martin focuses on people and processes – and not just the technology. The SIC “allows us to understand an attack from start to finish” said Giri Sivanesan.

Chandra McMahon, Lockheed Martin’s Chief Information Security Officer, pointed out that most “vendor driven” security products are adequate for protecting against 80% of cyber attacks. “The other 20%” said Ms McMahon “is high-end and specific”. The company’s cyber security operations are chiefly aimed at countering such high-end Advanced Persistent Threats (APT). A number of major defence contractors are promoting their internal cyber security expertise to customers but Ms McMahon believes that Lockheed Martin’s “intelligence mindset” is a unique selling point. Other organisations are now adopting the “sophisticated methodology” developed by the company.
Lockheed Martin’s methodology is based on the Cyber Kill Chain which is summarised as follows:-
• Reconnaissance: research, identification and selection of targets that typically crawl Internet Web sites looking for email addresses or information on specific technologies.

• Weaponisation: generating a payload. Increasingly, data files such as Microsoft Office documents or Adobe PDF files serve as the weapon delivery device.

• Delivery: transmission of the weapon to the target. The most common delivery methods are via e-mail, web sites, and USB removable media.

• Exploitation: triggering of the attacker’s code. Usually the weapon exploits an application or operating system vulnerability. For example the target might simply be persuaded to open an executable attachment t