Defending the Cyberdomain
This issue of "Technology Today" is about the cyberdomain and the technologies employed to protect and respond to attacks against information and computing systems. The struggle is ongoing.
Enterprise architecture provides an effective set of tools and techniques for understanding customer needs and identifying applicable technologies. Raytheon's Information Operations Reference Architecture (IORA) provides a framework that can be used by business development and engineering organizations to help improve the quality and productivity of strategic analysis and design for programs
and pursuits in the information operations (IO) domain. The IORA facilitates internal and external communications by establishing a common language for IO, provides a set of custom artifacts to enable strategic analysis, and enhances operational understanding through scenarios and concepts of operations.
U.S. Air Force Cyberoperations
"Warfighters rely upon cyberspace to
command and control forces in the 21st century. Revolutionary technology has presented cybercapabilities, which can provide decisive effects traditionally achieved only through kinetic means … Mastery of cyberspace is essential to America's national security. Controlling cyberspace is the prerequisite to effective operations across all strategic and operational domains — securing freedom from attack and freedom to attack. We will develop and implement plans for maturing and expanding cyberspace operations as an Air Force core competency. We will provide decision makers flexible options to deter, deny, disrupt, deceive, dissuade and defeat adversaries through a variety of destructive and non-destructive, and
lethal and non-lethal means. Finally, we will do this in friendly cooperation with our professional partners and teammates in other MAJCOMs,
Services, COCOMs and U.S. government agencies."
Raytheon High-Speed Guard
The Raytheon High-Speed Guard provides critical technology for sharing data between security domains. As of July 2009, Raytheon deployed 170 systems. Lead engineers for the project continuously support customers by monitoring requirements, technical challenges,
and trends to ensure that customers' information-sharing and information-protection needs are met.
Raytheon's Strategy for Meeting the Cybersecurity Challenge
Pick up a newspaper on almost any day and you get a sense for the magnitude and seriousness of the cyberthreats faced by government and industry around the world. Identity theft, intellectual property theft, spam, and even the disruption of an entire country's Internet service1 are all too common. Raytheon has long recognized the threat and the overriding national security imperative to protect our own intellectual property, as well as the critical defense information that our customers entrust to us. We therefore aim to maintain a worldclass,
industrial-strength cybersecurity program, embodied in our RTN Secure strategy.
Raytheon's Cybercapabilities: Excellence and Acquisitions
Raytheon is a world-class provider of cybercapabilities. In order to maintain a robust presence in this environment of rapidly changing technologies, Raytheon acquired five firms with well-established reputations for excellence in the cyberfield.
The New Re-Engineering
Vulnerability research has historically been a disorganized process, with a collection of custom approaches used by different researchers with inconsistent results. Indeed, consistency is one of the most difficult aspects of vulnerability research — it's a never-ending hunt for the proverbial needle in the haystack, except a particular needle might not even exist. Despite the difficulty of the challenge, Raytheon SI Government Solutions has a track record of proactively identifying vulnerabilities for a variety of customer applications
using an advanced tool set beyond the public state of the art.
Information assurance is defined by the processes and technologies required to manage the risks of storing and sharing
information. Cryptography, a subset of information assurance, includes the technologies deployed to ensure the protection of sensitive information. Cryptographic methods are an esoteric blend of mathematics and computer science. Within the U.S., these methods and techniques are strictly
controlled by the National Security Agency.
Quantum cryptography, more aptly named quantum key distribution, has emerged as a new paradigm for high-speed delivery of encryption key material between two remote parties. Typically, the security integrity of key exchange protocols is rooted in either a trusted third party, such as a trusted courier for symmetric encryption protocols, or the
hypothesized computational complexity of one-way mathematical functions, such as the RSA encryption protocol.
Information Assurance for Communication Systems
Comprehensive Mission Assurance requires secure battlefield communication. Warfighters must be confident that their data meets the three main tenets of information assurance: confidentiality, integrity and availability.
Attack and Defend in Cyberspace and Within Raytheon
"Attack and defend in cyberspace" took on a new meaning within Raytheon last year through the Information Operations Enterprise Initiatives. Raytheon engineers from across the company embarked on a mission to fulfill two major requirements.
Intrusion-Tolerant and Self-Healing Approaches to Cybersecurity
Mission- and safety-critical systems require a very high degree of reliability and availability, typically measured in many nines. Examples of such systems include command and control, fire control, and weapon control systems in the military domain, as well as numerous civilian systems such as air traffic control, power grid controls and power plant controls. Consequences of data corruption or a
shutdown of these systems have the potential to cause significant loss of life, commerce or military objectives.
Ensuring Authorized Access to Computer Information
Raytheon is currently working on two innovative technologies — Location Aware Access Control and Persistent Log on — that will ensure user authentication in a secure computing environment. The technologies will be feasible for commercial use in hospitals, banks, retail and manufacturing, as well as military and civil markets — including command and control, weapons systems and border security.
Raytheon and West Point's IT and IO Center
Raytheon's objective to provide its customers with comprehensive solutions in the area of information assurance and information operations has resulted in the initiation of valuable partnerships with several academic institutions that are pursuing research in these areas. A partnership with United States Military Academy at West Point's Information Technology and Operations Center was a natural
choice for Raytheon, allowing the company to work in information operations with a top-notch research institution that also happens to be part of one of Raytheon's primary customer organizations: the U.S. Army.
Raytheon Partnerships Enhance Cyberdomain Research
Can game theory be applied to help us make smarter decisions in protecting critical infrastructure? Could it also help plan automated responses to deter attacks? Can intelligent software agents watch ad-hoc network nodes to catch untrustworthy behavior? Those are
just a few areas in which Raytheon is sponsoring research at universities and small businesses.
Enabling Information Sharing
Since Sept. 11, 2001, the traditional information security approach of restricting access to information has faced the challenge of balancing need to know with the necessity of sharing information to achieve Mission Assurance. Two demonstrations at the 2008 U.S. Department of Defense Coalition Warrior Interoperability Demonstration established Raytheon's commitment to providing state-of-the-art,
secure, interoperable information sharing. The demonstrations also laid the groundwork for developing new collaboration systems for use in the field by U.S. and coalition partners.
Partnering with George Mason University
Raytheon is working with researchers at George Mason University's Center for Secure Information Systems to improve its ability to develop high-assurance systems. Current research and development activities include automating vulnerability analysis and hardening systems through secure virtualization.