Technology Today - Home
Raytheon's Strategy for Meeting the Cybersecurity Challenge
Pick up a newspaper on almost any day and you get a sense for the magnitude and seriousness of the cyberthreats faced by government and industry around the world. Identity theft, intellectual property theft, spam, and even the disruption of an entire country's Internet service1 are all too common. Raytheon has long recognized the threat and the overriding national security imperative to protect our own intellectual property, as well as the critical defense information that our customers entrust to us. We therefore aim to maintain a world class, industrial-strength cybersecurity program, embodied in our RTN Secure strategy.

Our operational strategy is to focus not only on stopping malicious inbound traffic, but also watching outbound traffic and insider threats. We are collaborating with government and industry partners to ensure the communications between our companies is also secure and our data is protected while in one another's care.

Risk-based Investment Acceleration
RTN Secure is, above all, a risk-based strategy. We continuously evaluate all of the risks we face in order to prioritize our investments against the highest risks and highest payoff. We add to our own evaluation by seeking out expertise from a wide cross section of the security community, including our own information assurance and information operations experts and Internal Audit team, as well as third-party assessment teams. The result is a comprehensive risk assessment that has shaped more than two dozen projects since 2007.

In previous years our investments were network-focused, expanding our ability to monitor our network and take action on detected threats. It was manifested in an increase in monitoring tools and collection points, tools to correlate the information we collect, and manpower with the hard-to-find skills to make sense of the results. We've realized significant return on our investment, and we continue to invest in our network security architecture in response to new threats.

Our primary effort in 2009 was our Workplace Management Initiative, which is designed to extend our security improvements down to the desktop through an initial rollout of the RTN Secure Computer based on the Windows Vista® operating system as a precursor to widespread rollout on Windows 7® beginning in 2010. At its core, the initiative has two goals. The first is to reduce the variability of desktop and laptop operating system images within the company. This will reduce our IT support costs, and more importantly, it will result in a more consistent and predictable environment to defend and monitor. The more variability there is in the network, the more difficult it is to distinguish between malicious and normal activity. The second, closely related, goal is to provide a secure, managed common operating environment for our employees through standardized and strictly enforced desktop security configurations modeled after the Federal Desktop Core Configuration. We have put in place extensive background procedures and capabilities to ensure the more secure desktop still provides our employees the flexibility to get their jobs done safely.

Another multi-year effort that is coming to fruition is our public key infrastructure (PKI) implementation. This is a collaborative effort with the U.S. Department of Defense (DoD), other major defense contractors, and the CertiPath PKI bridge to build a trusted identity and encryption environment. This will allow us to log into DoD Web sites using our own employee credentials and exchange encrypted e-mails and documents with our customers and peers. Internally, PKI will also enable us to move toward two-factor authentication using a USB token, which will be a major step forward in preventing an attacker from using stolen passwords.

In some ways the problem of defending the cyberdomain is no different from the problem of defending our nation's airspace. The U.S. military and our allies must all operate in the same airspace and face the same airborne threats. We've long recognized that victory in this environment can only be achieved if we are all exchanging threat information, coordinating and de-conflicting our efforts, and operating in a common command and control environment.

The cyberdomain is much the same. We are all operating on the same cyberbattlefield and seeing the same threat. By pooling our threat information, reacting in a coordinated manner wherever possible, and operating from a common view of the battlespace, we are more successful collectively than we could ever be individually. Raytheon, therefore, has made collaboration with government, industry, and even our own employees a centerpiece of the RTN Secure strategy.

Our flagship collaboration effort is through the Defense Industrial Base (DIB) Cyber Security Pilot Program. In this cooperative effort between the DoD and more than two dozen cleared defense contractors, DoD serves as a clearinghouse for disseminating threat information received from all participants and adds additional classified threat and background information. Raytheon has significantly raised our security posture through this partnership, and we share threat information we have obtained through our own monitoring and investigative efforts.

We complement our DIB collaboration through membership in the Defense Security Information Exchange (DSIE). This is an industry- only forum chartered under the Department of Homeland Security's Critical Infrastructure Protection program. Where the DIB often operates at the classified strategic level, the DSIE is focused on real-time collaboration between technical analysts. The DSIE is setting new standards for open sharing of sensitive attack information because the charter is set up to isolate the DSIE effort from any business competition between companies. Because of this independence and the speed of the collaboration, we are often able to quickly detect and thwart attacks that span multiple companies.

We have also recognized that we must work with our customers and business partners to create an interoperable, secure collaboration environment for day-to-day business. To that end, Raytheon is a founding member and governance board leader of the Transglobal Secure Collaboration Program. Through TSCP, we develop common procedures and technical standards to securely exchange information across national boundaries and companies.

Raytheon Oakley Systems and Raytheon SI Government Solutions — two recent Raytheon acquisitions — provide us with additional opportunities for enterprisewide collaboration. These new additions to the Raytheon team allow us to tap a new source of products and expertise. Raytheon can also provide these organizations with additional expertise in cybersecurity, as well a large network test bed to ensure that products are rock-solid before they are delivered to our customers.

But for all the collaboration and information-sharing efforts, our most important relationship is the one we establish with our employees through our security awareness campaign. For all our technologies, our people are our last and best line of defense, because alert and educated employees do not fall victim to socially engineered attacks. We know our continuing awareness campaign is working simply by the number of suspicious e-mails our employees report to us and the decreasing number of people who are opening those e-mails.

Operational Acceleration
Operationally, Raytheon is balancing our secure services with a strategy that expands defensive actions to detect, disrupt and deny attackers' communications back out to the network. This strategy is based on the premise that if attackers get into your network but cannot communicate back out, the attack is effectively thwarted. Such a strategy focuses on detecting and blocking the Web sites, covert channels, and IP addresses used by attackers.

A focus on the outbound traffic has the added benefit of decoupling our detection capability from the attack vector. Attack methods change often, but attacker command and control techniques tend to vary much less frequently and are independent of the original attack mechanism. Thus, without losing sight of the need to close new vulnerabilities, we are able to operate at a more consistent operational tempo.

This strategy is made possible by our infrastructure and collaboration investments. It relies heavily on traffic analysis, both automated and manual, to sort through our logs and network routing patterns. It leverages the new network monitoring capability we installed through RTN Secure. To facilitate this strategy we reengineered portions of our network to channel risky traffic to known routes. Along with our Workplace Management Initiative, this greatly improves the signal-to-noise ratio on our network, making traffic analysis much more effective. The strategy also relies on our collaboration efforts. We identify a significant number of command and control channels via our own efforts, and we also leverage the efforts of our collaboration partners.

Industrial-Strength Cybersecurity
Every day in Raytheon we face the challenge of defending against threats in a very large and diverse enterprise. With RTN Secure as a long-term strategy, we are confident we can continue to protect Raytheon's network, our employees' privacy, and our company's and nation's critical information.

Jeff Brown

1Joshua Davis, "Hackers Take Down the Most Wired Country in Europe," Wired Magazine, August 2007.