March 2, 2010

Lockheed Aims To Predict Cyber Attacks

The top information technology provider to the U.S. government is trying to find new ways to better predict and protect against increasingly sophisticated and stealthy cyber attacks, according to Reuters.

Lockheed Martin Corp is opening a second internal intelligence center in Denver this week to complement the one it opened in May 2008 in Gaithersburg, Maryland, north of Washington.

Some analysts and software developers at the Gaithersburg center starred in a video recently that portrays the cyber security problem as a complex chess match between U.S. government and industry on one side, and a host of smart attackers from nation states and criminal groups on the other.

"It is a cat-and mouse game between the two sides," said Eric Hutchins, a Lockheed cyber intelligence analyst. "They're constantly trying to develop new ways of attacking us and we're constantly trying to develop new ways of defending us."

Lockheed officials say that cyber attacks are becoming more sophisticated, persistent, stealthy and targeted which points to greater activity by nation states and more criminal entities rather than a random individual like in the past.

Hitchens said the analysts at Lockheed were processing 1 million "incidents" a day, trying to sort through the "white noise" to identify the highest-risk activities as well as possible patterns and likely targets.  He did not say what percentage of those events could be considered high-risk.

"The threat is increasing so fast and the impact is becoming more important that ... we have to be very creative and innovative and pick up our game," said Curt Aubley, chief technology officer, of Lockheed's NexGen Cyber Innovation and Technology Center (NexGen), a cyber research and development center that opened at the Gaithersburg facility in November.

Lockheed's 25,000 square-foot center features large open spaces for collaboration by the company and its partners and customers, like NASA and other federal agencies.

The building allows live technology exercises and is the anchor for a new live cyber "test range" that allows software resilience in real and simulated environments to be tested.  Officials say the cyber range is set to be complete by the end of 2010.

Boeing Co. made several acquisitions last year in the cyber sector to try and tap in on a field where the federal government will spend $55 billion between 2010 and 2015, according to Market Research Media estimates.

Loren Thompson of the Lexington Institute estimates the government will spend $30 billion over the next five years.  However, that does not include hard-to-estimate classified offensive cyber initiatives.

Thompson stold Reuters that none of the defense companies had a clear lead in the market at this point. 

"Nobody has 20 percent of the market, and at the rate people are piling in, it's possible that no one will ever have 20 percent of the market," he said.

All the traditional defense companies, such as Northrop Grumman Corp., General Dynamics Corp., Raytheon Co., and Science Applications International Corp., are reaching out to commercial customers because of concerns about financial losses and security breaches. 

Aubley called the January attack on Internet search engine Google a "digital commercial Pearl Harbor" that dramatically increased awareness.

Rick Johnson, chief technology officer for Lockheed's Information Systems and Global Services sector, said Lockheed's approach is to try to get ahead of the threats, using a more proactive style that examines behavior patterns and detailed pattern analysis to identify possible cyber "campaigns."

"You can look for patterns that look like they can do harm. You can get ahead of those before they manifest themselves as a known threat," Johnson said.

He said that rather than focusing on specific attacks, analysts are using a "macro view" that can help predict targets before they are hit.

Lockheed said it would not achieve "100 percent prevention," and was working to increase the resilience of networks so that companies and government agencies could still operate even if they were attacked.

"The types of threats, especially in the security space, change every single day. So the ability to quickly adapt is huge," Aubley said, noting that Lockheed was working with customers at the new research center to provide solutions as quickly as a week after new threats emerged.


On the Net: