The cyber threat is too big, diverse and fast moving for “silver bullets” or “Lone Rangers,” J.B. “Gib” Godwin, Northrop Grumman’s vice president for cybersecurity and systems integration for the company’s information systems sector, told attendees at the American Institute of Engineers Cybersecurity Conference East yesterday.
“There are no silver bullets with the cyber threat because there is no single source,” he told conference visitors. “It is indeed the wild west out there … but the bad guys are not out in the open wearing black hats. The cyber threat is a really a range of threats including everything from teenage hackers … to superpowers … and everything in between.”
To counter threats that are evolving fast, increasingly sophisticated and perpetrated by a global force ranging from teenagers to state actors, there needs to be a move away from a paradigm that is defensive, reactive, fragmented, network focused, add on and improvised, Godwin said.
In the new paradigm, forces would “control the spectrum and use it to advance the mission.” By tearing down stovepipes between services, networks and disciplines; uniting and drawing upon the full range of kinetic, nonkinetic and intelligence resources; upgrading training; and fully integrating cyber assurance into the procurement process, Godwin said cyber-assurance efforts could become predictive, holistic, coordinated and mission focused.
“It’s about cooperating, collaborating and coordinating across the electromagnetic spectrum: from air to land to sea to cyberspace,” he said.
Godwin focused on the imperative of mission assurance, pointing out that because it was so focused on the network, cyber assurance in the old paradigm often compromised the mission.
“To seal off and stop an attack, we shut down the firewall, repaired the damage and eventually reopened it, leaving our warfighters flying, sailing, and rolling blind during shutdown,” he said.
The new cyber-assurance paradigm “prioritizes the mission” through “dynamic defense” that deploys redundant systems and migrates the command, control and communications functions to different pathways to ensure C3 functions are secured 24/7 and forces can operate through a threat.
Godwin highlighted Northrop Grumman initiatives aimed at advancing the new cyber-assurance paradigm, particularly its investments in a emulated closed-range system to identify and design approaches to get out in front of the threat.
“In state-of-the-art laboratories, we’re creating scenarios that define our vulnerabilities, emulate enemy attacks and develop responses … or maybe I should say ‘pre-sponses,'” he said.