On Wednesday, July 29, 2009, Linda Mills, Corporate Vice President and President, Northrop Grumman Information Systems sector, addressed the media in a briefing at the National Press Club in Washington, D.C. Below are her delivered remarks.
Cyber Security Media Briefing
On behalf of Northrop Grumman, thank you for attending our briefing on the company’s cyber-security capabilities.
I’m Linda Mills, President of Northrop Grumman Information Systems. In that role, I’m the Corporation’s lead executive for cyber-security. And I’m here today to discuss our company’s capabilities for securing our vital infrastructure against cyber attacks.
It’s no exaggeration to say that our national security and economic well-being depend on the reliable secure operation of information networks.
We commonly think of threats to these networks in terms of four categories:
- nation states;
- organized crime; and
- nuisance hackers.
These are not, however, neat categories. They blend and sometimes cooperate with each other. But however you look at these adversaries, the more sophisticated they are, the more they hunger for information -- abundant on our networks -- that is lucrative and strategic.
- Banking transactions, credit card records, and major inter-bank transfers;
- Plans, technical specifications, formulas and other intellectual property;
- Control and operation of our critical infrastructure – telecommunications, electricity, gas and oil pipelines, transportation, and water; and finally
- A wealth of military and sensitive information relating to U.S. forces.
To be effective, our networks must be extensively interconnected – at least for the most part. This means multiple entry points and interconnections that increase the networks’ vulnerabilities.
We are, consequently, engaged in a massive, but largely, invisible war to defend our networks – and everything that moves over them.
Attacks on our networks are increasing, in frequency and in complexity.
- The Homeland Security Department reported a 152% increase in cyber attacks against the Federal government between 2006 and 2007.
- A Center for Strategic and International Studies report states that U.S. companies have lost billions of dollars worth of intellectual property to cyber attacks.
- Cyber thieves last year hacked into computers used to process 100 million credit card payments each month, and
- Key details of the Presidential helicopter fleet, Marine One, were discovered to have been downloaded to an IP address in Iran.
As Defense Secretary Robert Gates put it, “The U.S. is under cyber-attack virtually all the time, every day.”
What places these attacks at the level of warfare is their massive scale. The July 4 cyber attack against U.S. government networks is illustrative.
- That attack involved nearly 170,000 zombie computers in 74 countries linked together in what is known as a botnet;
- It consumed between 20 to 40 gigabytes of bandwidth per second; and
- It managed to hit virtually every major Federal agency, including the White House.
As significant as that may sound, it appears to be relatively minor as these attacks go. What would something more substantive do?
Achieving an overall understanding of the operation of U.S. networks, so that we can instantly detect these massive, coordinated attacks, assess and counter them — all while keeping our networks up and running – that must be our aim. The effort required to do so is easily on par with the most demanding challenges we face in conventional warfare.
Fortunately, the Obama Administration “gets it.” The President and his team grasp how much is at stake and realize what ingenuity can accomplish – both ours and our adversaries’. They are translating our generalized sense of alarm into a concrete plan of action.
Within his first few months in office, President Obama has:
- Declared cybersecurity a national priority,
- Performed a 60-day audit of the state of play;
- Declared that “the status quo is no longer acceptable;” and
- Called for stronger partnerships between the public and private sectors, and between US intelligence, the US military and Homeland Security.
The administration challenges us to think in “enterprise-wide” terms – in ways that are “integrated” and “networked.” In short, we are challenged to look across governmental, organizational and political boundaries to tie together a wide range of solutions.
At the same time, the cyber-security problem extends far beyond U.S. borders, since cyber-security threats are global. Surmounting this challenge, therefore, requires a global perspective and effective collaboration with our Allies.
Like the Administration, when it comes to cyber-security, we at Northrop Grumman also “get it.” That is why we have developed the widest possible suite of cyber security capabilities — offering offense, defense and exploitation — to our major military and intelligence customers. And it’s expertise that involves all of Northrop Grumman.
Our unique perspective, born of breadth of experience, was further strengthened by corporate investments in facilities, infrastructure and know-how.
Today I want to briefly describe how we:
- Defend our internal Northrop Grumman networks;
- Support our intelligence and “Dot.Mil” customers; and
- Leverage that experience to enhance the security of the US Critical Infrastructure and the “Dot.Gov” world of civilian agencies such as Treasury, Justice, Homeland Security, and Energy.
Let me start with our internal defenses. Thanks to our extensive relationships with government agencies, Northrop Grumman’s internal networks are targets for attack. More than 1.5 billion cyber transactions a day occur on our network of over 10,000 servers used by some 120,000 employees.
So it’s not surprising that our email systems are common targets of phishing attacks.
Of course, other critical infrastructure industries and government functions across our nation and around the world are facing similar cyber threats – threats that are pervasive, persistent and increasing. To combat the threats we face, Northrop Grumman has built a best in class network defense capability for management of vulnerabilities, intrusion detection and prevention, incident response, and forensics.
On July 20th, we cut the ribbon on a new, state-of Cyber Security Operations Center, or CSOC, in Maryland, a comprehensive cyber threat detection and response center that focuses on protecting Northrop Grumman and translating these “lessons learned” to our customers’ networks and data worldwide. At CSOC, we integrate traditional security monitoring with data collection and analysis – what CSOC leader Tim McKnight calls a “cyber CSI.” This helps identify and mitigate advanced cyber threats in a way that goes far beyond commercial security software.
I invite you to come see this for yourselves.
The lessons we learn from operating CSOC yield best practices that we can then deliver to our customers. CSOC’s success has contributed to Northrop Grumman being selected to develop and manage similar CSOCs or equivalents for Federal Departments and Agencies. And we are working internationally to create similar CSOCs abroad.
As one of the largest contractors supporting the intelligence community, Northrop Grumman plays a significant role as a partner with the Federal government in developing the tools, techniques, and systems used to counter the cyber-security threat facing the military and intelligence communities.
Our deep and on-going involvement with a wide range of programs within this community affords us insight and know-how that, at a minimum, informs our approach to solutions for other Federal customers.
We play a lead role in protecting the Global Information Grid, managing 3 of the 5 top level DoD Community Emergency Response Teams. In this role we are helping to develop the common operating picture, situational awareness and incident response capabilities that will enable the government to better defend against and fight future attacks.
Similarly, in our work as the one of the lead performers for the Comprehensive National Cyber-security Initiative we are developing advanced cyber security capabilities to defend the military’s global information grid as well as other critical missions. The intent is to create a game-changing capability that will not only better protect U.S. military networks, but will keep pace with the ever-changing nature of the threat.
Looking forward, it will be difficult to manage our capabilities without the ability to test their effectiveness. We are contracted to DARPA on a project to develop a National Cyber Range, an environment to test and analyze new concepts and technologies for countering cyber threats. Although the national cyber range won’t be operational for several years, Northrop Grumman has made significant corporate investment to build a large, cyber range which is operational.
On our cyber range we can replicate telecommunications infrastructure, with much of its complexity, or emulate many other types of networks. We can run all manner of attacks against them, monitoring and recording the effects and analyzing the results.
We are expanding Northrop Grumman’s Cyber-space Solutions Center – a significant investment of our shareholders’ capital. This facility is dedicated both to independent R&D on cyber-security projects as well as to carrying out contract work for our customers. Northrop Grumman’s Cyber-space Solutions Center also includes an internet research lab – dubbed by our team an “internet in a bottle” – where we can experiment in a controlled, limited environment.
The work of our Cyber-space Solutions Center is complemented by Northrop Grumman’s exceptional advanced cyber-security research – particularly in areas of modeling, simulation, and visualization – and our expanding relationships with technology industry partners and major research universities.
Complementing these two centers, we have other “centers of excellence” distributed nationwide. These centers can demonstrate cyber security capabilities.
The immensely valuable discoveries we’re making – for ourselves and our customers – at our Cyber Center and our CSOC could not be made any other way. And our work with major research universities and strategic industrial partners is advancing the state of the art in this critical field.
We are also called upon to support our defense customers in the domain of Information Operations — or “IO.” Northrop Grumman is the lead provider of full-spectrum IO and CNO to the 1st Army Information Operations Command at Fort Belvoir, which provides multi-disciplinary IO support to the component and major commands of the U.S. Army.
In this case, we are helping the military to combat actions and decisions of adversaries.
These are, of course, capabilities that would not be appropriate for civil agencies. But what we learn from our work for the defense and intelligence communities better enables us to develop the right cyber security solutions for civilian agencies. After all, the best way to defeat an attacker is to know how to be one.
Many recent reviews have emphasized that defensive capabilities need to be informed by our knowledge of computer network attack and exploitation. This was discussed in Melissa Hathaway’s cyber-security report to the President. It also was the subject of a recent analysis published by the National Research Council, which called for a clear US cyber-security policy, continued development of technologies, and a national debate on legal and ethical issues surrounding cyber warfare.
Obviously the needs, legal strictures, and privacy considerations differ from the defense and intelligence communities to the civilian Departments and agencies. While respecting these differences, Northrop Grumman is able to leverage the significant knowledge gained from the “Dot.Mil” and intelligence communities to secure civil sector agencies against cyber threats. And the fast moving, constantly changing threat requires the comparably swift exchange of relevant information among partners – as much as possible within the applicable legal, privacy and security constraints.
Our current, on-going work for the Departments of State, Treasury, Justice, Homeland Security, and the FBI – key civilian elements of our critical infrastructure – testify to the importance placed by the non-Defense agencies on the cyber threats they face.
That threat can be illustrated with a couple of specific, micro-level, experiments that we conducted in-house. In one experiment, the government tasked our engineers to test the security of a personal computer loaded with the most robust commercial security software available. It took our experts all of 20 minutes to hack their way past the best commercial defense.
In a previous experiment, Northrop Grumman engineers took a similar personal computer, also fully loaded with commercial security software, and simply connected it to the Internet. We tracked the flow of code into and out of the machine to see what happened. Our engineers detected the first “ping” by a potential hacker within four hours. Within a week, a “root kit” — the means to externally control the computer — had been installed into the PC’s system.
And within two weeks, the computer had been taken over by a server in Canada, which was in turn run by another server in Singapore, which was in turn run by another server that could not be traced. Our computer was used by parties unknown to attack a computer in Poland. In short, our computer had been enslaved.
Day-to-day security experiences – paralleled by experiments like these – have convinced government agencies that the security threats they face have moved well beyond the protective capability of commercially available security software. Fortunately, civilian agencies are increasingly adopting a network-wide and enterprise-wide, CSOC approach to security – and Northrop Grumman is there to help.
In just a moment, I will open the floor for questions. Tim McKnight, our Chief Information Security Officer; Dan Allen, who works closely with our intelligence and defense customers; and Al Pisani, who is leading our growing business among civilian agencies are here to help me answer your questions.
Let me wrap up with a few quick observations.
First, as you’ve just heard, our efforts in all these areas put Northrop Grumman at the high-end of the cyber value equation.
Second, effectiveness in cyber-security is a function of broad, deep and long-term experience. This is the kind of years-long depth of experience that Northrop Grumman brings to this effort.
Third, I’d like draw out an implication of Dr. Ron Sugar, our chairman, in his recent open letter to the President. A national effort of the dimensions Dr. Sugar spelled out will require a public-private partnership that attracts the best minds and the best technology in our country, and Northrop Grumman stands ready to be part of it.
Last week, we celebrated the 40th anniversary of the first moon landing. If “landing a man on the moon and returning him safely to the Earth,” – as President Kennedy put it – was the challenge of the ‘60s, the task of providing real, robust security for our information networks will be the challenge for the next decade.
Because the threat we face involves a new kind of warfare—faster, more fluid and more sophisticated than anything we’ve ever faced before – it will require a rising national awareness and a focused national response.
We did it 40 years ago. I know we can do it again.