Protect and Defend

What private companies can learn from
how the military fends off cyberattacks

To understand how cybersecurity experts help protect the government’s most valuable intelligence and defense secrets, just look at the way shipbuilders design Navy vessels.

They use a technique called “containerizing” to help the ship survive an attack that pierces the hull. A series of hatches and compartments prevents water from flooding the entire ship—a few compartments may fill with water, but the vessel will stay afloat.

Cybersecurity experts use that same technique to protect the U.S. military and civilian computer networks. If hackers find a way to infiltrate a network, the multiple layers of defense will still protect the data that’s most important.

“Even in a hermetically sealed system, people have to come in and out,” said Mark Orlando, Chief Technology Officer of cyber services for Raytheon, a defense and cybersecurity company. “So, it’s a matter of understanding risk and risk tolerance, understanding not only the machines but the human point.”

With nation-state hackers aggressively attacking private companies as if they were military targets, the same people who defend the government’s networks are taking the “containerizing” approach to commercial security.

Increasingly, those same contractors who protect government agencies believe that cybersecurity in the corporate world has national security implications as well. Critical infrastructure like utility companies and hospitals provide services of national importance. The financial industry keeps our economic engines running. Corporations employ millions of people and must be kept operating.

As the war against cybercrime escalates, corporations are turning to firms with deep experience in protecting our nation’s most sensitive data to battle increasingly sophisticated attacks. What follows is an examination of how seasoned defense contractors assess corporate cybersecurity vulnerabilities—and employ cutting edge solutions specific to each touchpoint to defend against threats, no matter where they arise.

Touchpoint: 01

Core Data

Defense contractors learn to segregate and protect data at multiple security levels. High-assurance gateways scrub data moving between different levels.

Today, data is the core value of enterprises. Access to data enables the business to grow. “A 20-year-old in Silicon Valley wants to put everything on the cloud and make it available to everybody,” said George Kamis, chief technology officer of Global Governments at Forcepoint, a cybersecurity company majority-owned by Raytheon. But working with the Department of Defense has taught Kamis the value of segregating data and protecting it at multiple security levels.

The government keeps troves of data that are unclassified. Other, more sensitive data resides on a secret network. Even more sensitive data is protected by a top secret network, with limited access. Enterprises can do the same, employing high-assurance gateways that inspect data transferred between different domains. High-assurance gateways strip out or transform suspect data before allowing it to pass either in or out of secure domains.

“The government uses a combination of firewalls and guards within their networks.

If we apply the same idea to the commercial industry, say a power plant, the main business processes can be achieved using a standard firewall. But you still need to interact with the plant’s control systems, which are much more sensitive. For that, you should use a gateway, where we can do more fine-grain inspection of the data coming in and out,”

said George Kamis | Federal Chief Technology Officer at Forcepoint™.

Touchpoint: 02

The Network

It’s impossible to secure every entry point to large complex networks, but analyzing and illuminating how people access data can provide clues about their intent—in time to stop bad actors.

Unlike Defense Department networks, where the premium is on confidentiality, commercial networks must prioritize speed and availability. But speed is a challenge when the network has tens of thousands of users and an overwhelming number of vulnerabilities. Fortunately, that scale also creates enough data to yield valuable insights if analyzed properly. For example, usage patterns reveal consistent characteristics, which means uncharacteristic usage can serve as red flag markers.

“If you sat down at my laptop and I gave you my username and password, analytics would be able to tell, based on the things that you access, that it wasn’t me accessing my system.

Someone who is unfamiliar with my machine will access files and go into that data in a very different way than me–this computer lives in my backpack and travels everywhere with me. For you, it would be a new place that you had to learn your way around, and analytics would see that,”

said Richard Ford | Chief Scientist at Forcepoint™.

That familiarity is within the realm of analytics to detect. Behavioral analytics developed by Defense Department contractors allow cybersecurity analysts to understand which actions are consistent with correct usage patterns and which could signal malicious threats.

Touchpoint: 03

Mobile Workforce

In the defense and intelligence sectors, even mobility is segregated to prevent network penetration. Virtual Private Networks (VPNs)—which are like private paths—secure data transactions over the internet and provide visibility into which data is going where.

In the national security world, apps exist in environments that can be spun-up and sealed off. Access to apps is allowed only to the people who need it, and those people have access only to the apps—nothing deeper in the network. When access to more sensitive data is necessary, Virtual Private Networks (VPNs) secure data transactions over the internet. VPNs also provide visibility into which data is going where, and checkpoints for stopping or limiting the flow of data.

Smaller enterprises could benefit from the sorts of managed services that defense contractors have developed for DoD clients.

“Our automated threat intelligence platforms ingest over 100 intelligence feeds.

We then use statistical analysis, machine learning and AI to sort the most critical indicators to the top,”

said Michael Daly | Chief Technology Officer of Cybersecurity and Special Missions at Raytheon.

In other words, the platform sees threats long before businesses do.

Touchpoint: 04


Dynamic environments and self-healing systems—developed for the military—are radical approaches that could create more secure clouds.

Most enterprises trust a public cloud provider to secure at least some of their critical data and systems, but those services are usually not sufficient for highly sensitive information. In part to create more secure critical infrastructure platforms, Raytheon built a project for the U.S. Army called Morphinator, an environment that changes system characteristics and applications over time.

“Let’s say an adversary had penetrated and mapped your network and knew you were running, say, an Apache server of some type to deliver web content,” said Michael Daly, chief technology officer of Cybersecurity and Special Missions at Raytheon. “We built an environment that still delivered the same content, but on a Microsoft server—and it keeps switching, still delivering the same functionality but shifting the nature of that platform and vulnerabilities and naming and addressing schemes.”

Creating that dynamic environment makes it harder for adversaries to pin down data. Continually reconstituting the environment creates opportunities to filter out bad content that might have been inserted by threat actors.

In another military setting, during the Defense Advanced Research Projects Agency (DARPA) Cyber Grand Challenge, Raytheon and Forcepoint created an environment that would automatically analyze its own code, identify flaws and create patches for it.

“What it does is learns from network traffic coming in and says, ‘Oh, hey that looks like a type of attack that could affect this system.’ Then it develops a patch and prevents the attack in real time.

We’re now developing self-healing products to bring into the commercial realm,”

said Michael Daly | Chief Technology Officer of Cybersecurity and Special Missions at Raytheon.

Touchpoint: 05

Supply Chain

Enterprises should require security certification from suppliers like the government does. But failing that, data segmentation and limited network availability can secure data.

The U.S. Government established a requirement that by December 31, 2017, all main- and sub-contractors must meet a stringent checklist of 166 cybersecurity requirements for IT systems. Enterprises, though, can’t always dictate what level of security their suppliers may use.

Supply chain security then becomes a matter of applying segmentation to data. “Do you allow vendors unfettered access to your network? I hope the answer to that is no,” said Mark Orlando.

But segmentation is more than just creating zones. The Defense Department spends years studying how a device communicates into the network and how the network communicates back. “It’s about monitoring and really understanding your network first,” Orlando said. Then anomalies can be detected by watching network traffic and log analysis.

Touchpoint: 06


There’s no way to individually safeguard all the IoT devices some companies use. Defense contractors rely instead on analytics that monitor the system’s expected behavior.

Sensors and other devices in the Internet of Things are like small computers. Keeping them updated—and patched—is a challenge most enterprises fail. The U.S. military can’t fail that challenge. Instead of focusing on each individual vulnerability in the IoT, defense contractors focus on how devices are accessing a network—or other devices. Is the system providing the service expected to the user, or has the system shifted to provide service that’s beyond what makes sense for that sensor?

The same should work in private enterprise.

“If I’m monitoring an insulin pump, there’s only a couple of entities that pump should communicate with, and there should be certain patterns of behavior.

Maybe it’s programmed to send a message out every fifteen minutes about sugar levels. If it starts beaconing out once every minute, that’s a behavior pattern that doesn’t make sense and we can take action. I can’t get ahead of every possible attack factor but I can watch behaviors and know what I can expect out of the system,”

said Michael Daly | Chief Technology Officer of Cybersecurity and Special Missions at Raytheon.

There are many technological insights the private sector can gain from the military, but there are other important influences, too. Many people who work for or in the military are inspired by the mission—they’re on the front lines, physically and virtually, of our country’s efforts to protect and defend what’s most important.

For defense contractors, that sense of mission can transform cybersecurity from another business role to a task infused with a higher meaning. And when the stakes are as high as they are today, and as the cyber battlefield expands even further, that distinction can make all the difference.