Inside Raytheon's Cyber School
At a vault in Virginia, an intense course in cyber defense
Behind heavy bunker doors, inside a room shrouded in metal and shielded with window shades that kill cell-phone signals, a computer hacker is showing a crowd of Raytheon managers how much damage even a teenage novice can do with the right tools and a couple of clicks.
The first click launches a free program that turns arcane computer code into an interface as easy to use as iTunes. The second click scours the network for vulnerable computers. The third looks for weaknesses. And the fourth puts the machine under the hacker's complete control.
“I now own this machine. I can watch every single thing this person is doing,” he says. “I can look at the files. I can copy them to my computer. I don’t need any knowledge whatsoever to attack your computer.”
This was only a demonstration – the intruder was actually 35-year-old Raytheon cybersecurity expert Craig Stevenson, the machine he hacked was his own, and the program he used was built to help ethical hackers find and fix vulnerabilities. Still, the point was clear: the easier hacking gets, the more important it is to get smart about cyber defense
The demonstration at Raytheon’s Cyber Operations and Development Evaluation Center in northern Virginia was part of a class that reflects Raytheon's effort to embed cybersecurity in everything the company does, from proposals to engineering all the way through to field testing. In April, the company announced it would bring its military-grade cybersecurity to a worldwide commercial market through the formation of a new company combining part of Raytheon’s Intelligence, Information and Services business with the firm Websense.
Raytheon aims to ingrain a working knowledge of cybersecurity in each of the company's 61,000 employees, said Steve Rosenblum, the CODE Center's senior director. That's why, on a recent June afternoon, workers including a supply chain expert, information technology staff and managers who oversee proposals to military customers sat side by side, hunched over laptops and punching in lines of code.
The two-day course covered hacking mechanics – computer code, how networks work, common vulnerabilities – as well as basic strategy, such as how hackers use open-source information to identify targets and find secret entrances into their computer systems. Students learned how to tap into unsecured webcam feeds from around the world, and how hackers can unearth sensitive information from PDFs buried deep on the Web.
“It’s more like putting on the hat of a hacker – understanding what happens within the system that we don’t see on the outside,” said Armatha Edwards, who manages business development for Raytheon’s Navy programs.
Teaching a broad range of employees how cybersecurity works pays off in stronger protection for everything the company develops, Rosenblum said.
“Cybersecurity should be everyone’s job," he said. "Everybody has to do their bit, or it’s not going to work."