Cybersecurity

Corporate Responsibility Report Cybersecurity
Corporate Responsibility Report Cybersecurity

Cybersecurity

Cyber attacks pose risks to our organization, our people and the customers and communities we serve. For Raytheon, cybersecurity is an important corporate responsibility concern because reliable, secure data and information flow is vital to every part of a company, and for us, it is central to our ability to support our customers’ missions.

A PERSISTENT THREAT

Cyber threats are a direct challenge to our customers’ missions, as they seek to expose critical data and intellectual capital. Raytheon’s cybersecurity strategy safeguards our customers and employees from possible breaches that can erode trust.

These threats also have the potential to create global security risks by disrupting power grids and critical underlying infrastructure like water, power and fuel supplies. They also can impede or halt government, military and commercial operations.

As the “internet of things” continues to expand, consumers and organizations of every size face the increased likelihood that hackers will access their information and sell it to the highest bidder — or use their connected devices to extend their reach into critical networks.

This complex challenge can’t be solved alone; solutions require multilateral leadership from governments, public companies and private institutions.

Raytheon is emerging as a world leader across every side of cyber. From power plants to unmanned aerial vehicles, from Wall Street to the Pentagon, and from around the world to here at home, our cyber solutions work at the front lines and behind the scenes to help us engineer a safer world.

EVERY SIDE OF CYBER

LATEST TRENDS AND DEVELOPMENTS

Over the last decade, the cyber domain has “jumped the network” to become an information ecosystem that underpins modern life by enabling everything from shopping and driving to manufacturing and power grids.

And on a parallel path, cyber attacks have moved from individuals drawing attention and creating online mischief to complex state-sponsored attacks intended to cause economic, social and political havoc.

Cyber attacks are becoming more frequent — and more disruptive — every year, and 2017 was no exception. Cyber attacks even reached into political elections in the U.S., France, the Ukraine, Norway, the Netherlands, Germany and the U.K. And just a few weeks later, a super-charged variation of the previously discovered Petya ransomware spread across the globe, shutting down critical networks.

CYBER ATTACKS ARE BECOMING MORE FREQUENT — AND MORE DISRUPTIVE — EVERY YEAR, AND 2017 WAS NO EXCEPTION.

Hackers were also responsible for an unrelenting barrage of corporate security breaches, including one at Equifax. And an accomplished attack group used custom-built malware to breach — and possibly take temporary control of — a power company’s systems. In this environment, vigilance is more important than ever. So is transparency, allowing customers and others to protect themselves and their data.

CYBER ATTACKS POSE MULTI-DIMENSIONAL RISKS

Cyber Attacks Pose Mutli-Dimensional risks

Cyber Attacks Pose Mutli-Dimensional risks

 

It’s clear that cyber attacks today aim to disrupt critical systems and even manipulate the homes we live in, the water we drink, the energy we need, the cars we drive and the medical systems that support our health and well-being. Critical national infrastructure, commercial aircraft and personal health and financial data each face cyber threats. Hacking a gas turbine or nuclear facility could put systems and human safety at risk — or prevent day-to-day activities that require their power. Breaches of health records can compromise quality of care. And a major hack of a “too big to fail” global bank could bring the global financial system to a halt.

Tom Kennedy

“Cybersecurity is becoming more and more of an important issue. It's a matter of national security and the safety of our infrastructure and our warfighters.”

— Thomas A. Kennedy, Chairman and CEO

 

Broken Supply Chain

Many cyber crimes can be traced to the darknet, where hackers can purchase malware and other tools and services. There, criminals can access cyber crime support from technical experts who help criminals launch major attacks. With these tools, hackers can take full advantage of increased connectivity via the IoT, which has expanded the cyber ecosystem and made traditional cyber defense perimeters obsolete. In essence, everyone is inside the network of everyone else.

For example, threats to the IoT interfaces that control machinery and other operational technology put assembly lines, products and even consumers at risk. Companies face additional business risks from attacks to their supply chains and to the systems of business partners and acquired companies, especially as companies outsource major components like the engines that are integrated into new vehicles or aircraft.

And in the consumer sector, the IP addresses of devices like phones, household appliances, thermostats and cars have become threat points, or vectors, that bad actors can use to shut down our homes, invade our privacy, or crawl deeper into the network to reach critical infrastructure or networks.

In the never-ending quest to stay ahead of these attackers, a new approach has emerged that centers on data as it flows on a network. This change of focus from network to data combines technologies that look at threats inside a network, and the ability to understand and influence human behavior.

By understanding how legitimate users behave when they access critical systems and data, insider-focused security and continuous monitoring solutions can detect anomalies, the unauthorized activities of privileged users and determine when information has been accessed inappropriately. This approach goes far beyond simple rules and policies to generate real-time insights and behavioral analytics that recognize context and intent.

GLOBAL CHALLENGE: SAFEGUARDING NATIONS, BUSINESSES AND CITIZENS

Many of today’s sophisticated hackers are employed or supported by foreign nations and are setting their sights on strategic targets that cross national borders. By disrupting the flow of information, global shipments and government services, these attacks threaten the critical resources we rely on and our underlying stability.

As such, they create new potential avenues for global security crises, and also potentially serious economic consequences. According to Juniper Research, cyber crime is projected to cost businesses more than $2 trillion by 2019. This threat makes cybersecurity a global security imperative of the highest magnitude.

CYBERSECURITY NOW GOES WELL BEYOND PROTECTING NETWORKS — IT SAFEGUARDS OUR WAY OF LIFE.

NATIONS AND GOVERNMENTS

Around the world, we’ve entered a new era where governments, commercial businesses and private institutions must evaluate their exposure to risk through a national security lens. We must assume that networks have already been compromised, and that attacks will continue to penetrate perimeters to get inside.

This escalating risk is driving aggressive actions across government and industry to build and improve cyber defenses with better visibility into networks, more tools to defend those networks and an informed workforce capable of recognizing threats.

Within the government sphere, cyber is evolving from an exclusive capability practiced in the intelligence community to a domain of operational options for our military.

The U.S. Department of Defense has taken the lead in elevating this issue, establishing USCYBERCOM, investing in cyber defense capabilities and embedding cyber operators into military units. Cyber has also become a warfighting capability that requires the new expertise to make it scalable and useable by military forces and combatant commanders.

PROTECTING GOVERNMENT ASSETS

Protecting Government Assets

Raytheon is working across government agencies to meet their evolving cybersecurity requirements. For the Department of Defense, we’re meeting the developing needs of the Cyber Mission Force by supporting Rapid Attack Detection, Isolation and Characterization Systems programs that look to the future of cyber as a multifaceted capability.

We’re also applying our expertise in information assurance, system-of-system integration and vulnerability assessments to help the U.S. Department of Homeland Security protect the government domain.

COMMERCIAL ENTERPRISES

In the business sector, companies face increased exposure from many angles — negligent or malicious insiders, compromised supply chains, the growing attack surface areas represented by the IoT, and the increasing number of sophisticated attackers who see businesses as easy targets. As businesses continue to invest in automation, artificial intelligence and the IoT, these cyber risks will only grow.

Commercial companies also play a critical role both in protecting their own data and in some cases developing new cybersecurity technologies. These technologies help keep valuable data, business information and intellectual property safe and ensure that critical systems are resilient and secure.

Corporate boards recognize that these cyber attacks can cost companies customers in addition to inflicting tremendous harm to brands, reputations and public trust. If intellectual property is lost, the attacks can also materially affect valuation and competitive advantage.

Boards are working to understand enterprise cyber risks, weigh investment options and establish cybersecurity goals, metrics and appropriate funding. This oversight and governance can also help with merger-and-acquisition cyber diligence, board policies for cyber risk, cyber crisis preparedness and cyber business strategy.

Businesses are also hiring cyber experts or outsourcing cyber support services. Cybersecurity service teams like those at Raytheon can be located anywhere. They dedicate the necessary time and skills to proactively hunt for attacks and quickly react when they do happen, thereby helping to ensure that organizations remain operational and secure.

A NEW CYBERSECURITY FRAMEWORK

The 2018 Defense Federal Regulation Supplement requirement, focused on cyber hardening to provide protection and resiliency, will require all Department of Defense contracts to fully comply with NIST SP 800-171.

This security framework, issued by the U.S. Department of Commerce, applies to all primes and subcontractors that handle covered defense information. Raytheon is fully prepared to support DFARS.

CONSUMERS

Consumers, as individual users, are among the weakest links in the cyber defense system. At work and at home, users’ email and browsing habits on connected devices expand the attack surface and can give hackers an inside track to personal and financial data. Companies are investing in comprehensive cyber training programs to help protect their employees and their businesses.

Yet despite the amount of new cybersecurity investments, the number of serious breaches continues to rise. The public and private sectors must work with even more urgency to find those threats and learn what tactics, techniques and protocols hackers are using.

Combined, we can stop them sooner, detect them faster and then transfer that knowledge between friendly governments and across the commercial sector to close gaps attackers could exploit.

Consumers

Related Media

CYBER THREATS IN AVIATION

 

RAYTHEON SOLUTIONS

Every cybersecurity professional dreads “zero day,” the time when a security breach begins to put information, operations and people at risk. Their never-ending challenge is to stay ahead of hackers and uncover and patch flaws that create new attack risks.

Raytheon’s technologies help us engineer a safer world by protecting intellectual property and personal data while keeping business operations, critical infrastructure and government services intact.

INDUSTRY LEADERSHIP

Raytheon has emerged as an industry leader in cybersecurity. We’re playing a major role in protecting defense and civil systems and in bringing these solutions to the commercial sector.

More than a decade ago, we began developing technologies to protect our own systems. Today, we’re providing that expertise to secure customers’ networks — from companies to countries. We’re building cyber protection into products and services across our entire portfolio — from information systems, to weapons, to the systems for engaging and launching them.

Raytheon is unique in the U.S. aerospace, defense and cybersecurity sectors. We are the only company to form a holistic strategy for our interconnected world by focusing our expertise on security of the converged commercial, defense, intelligence and government sectors.

Over the past 10 years, we’ve invested heavily in building robust cyber capabilities, including the acquisition of cybersecurity specialty companies, to create a portfolio of unmatched cyber solutions for our customers:

  • Robust vulnerability assessments of networks, systems and platforms/products built on decades of red-teaming experience for the most sophisticated systems.
  • Support to the Intelligence Community and U.S. Cyber Command.
  • Customized Virtual Security Operations Center solutions developed for nation-level defenses; these are tailored for agencies, Fortune 500 companies and high-consequence missions.
  • Hardening and resilience for Department of Defense communities to help ensure new and legacy platforms can operate and succeed in the contested cyber domain.
  • Cybersecurity products tested against the most sophisticated threats.
 

CYBER STRATEGY

The most important decisions are based on information that above all, must be secure. From hardening defense systems against intruders to protecting critical infrastructure and data, we draw on our decades of experience to offer our customers the most effective shields against cyber threats in any domain.

Cyber Strategy

Cyber Strategy

 

We’ve put in place an updated strategic plan that addresses areas of the cybersecurity market where we believe we have an opportunity to make the biggest positive impact. Comprehensive offerings range from protection of nations, infrastructure and large enterprises to off-the-shelf software for mid-sized businesses.

Raytheon also extends these services internationally, applying our unique experience integrating and hardening large, safety-critical systems to protect nations from cyber threats. We can also tailor these nation-level cyber defenses to support international agencies, companies and high-consequence missions.

 

Cyber Solutions

 

FORCEPOINT

Raytheon introduced Forcepoint in 2016 to transform cybersecurity for the commercial sector, global governments and critical infrastructure. Forcepoint protects enterprises, defense departments and civilian agencies by offering cyber products that lower risk, accelerate digital transformation and reduce cost.

Forcepoint’s product portfolio is focused on the human element with risk adaptive protection solutions that feature data loss prevention, behavior analytics, next-generation firewalls and security for cross-domain and cloud environments.

Raytheon continues to improve Forcepoint products through ongoing research and tests to strengthen them under pressure, leveraging the vast Raytheon networks for real-time testing. Forcepoint also provides stress-tested cyber protection to the commercial market through a technical-transfer process.

This capability makes Forcepoint the only commercial cybersecurity company with a multibillion dollar research and development arm and product test bed.

Dave Wajsgras

“We can do something about the cyber challenges we face. We must be proactive, committed and willing to work together. We must re-evaluate our current mindset around cybersecurity, automate the tools and technologies that protect and sustain our systems, and invest in future generations of cyber professionals.”

— Dave C. Wajsgras, President, Raytheon's Intelligence, Information and Services

CYBER WORKFORCE AND RESILIENCY

Raytheon has assembled a group of passionate, inquisitive cyber professionals who love what they do and want to do innovative work that always pushes the boundaries within cyber. We seek talented data researchers, data scientists, security analysts and engineers.

Given the fast evolution of cyber threats, we’re committed to closing new cyber skills gaps. We’re turning to new technologies and approaches like artificial intelligence and self-healing systems that can extend the reach of the expert. We also are engaging firsthand with universities and other organizations to help educate students and grow their interest in becoming cyber professionals.

Employee development is another priority, and we’re ensuring they can operate effectively in the cyber domain as they interact with information technology and critical data. Building our employees’ skills and online behavior helps to protect them and the systems and data we rely upon.

  • Raytheon offers qualified employees the opportunity to advance their educations through the Cyber ELITE — Exceptional Leadership in Technology program. Participants develop cybersecurity skills through a full-time, formal advanced education program with partner universities. Raytheon’s Cyber Advanced Study Program provides a pathway for employees to earn a cyber certificate, master of science or doctoral degree in the fields of engineering or computer science.
  • Raytheon conducts an annual “RTN Secure Week” with tailored videos, intranet blogs and in-person presentations on a variety of cybersecurity topics. This focused program helps employees improve their cybersecurity awareness and usage behaviors — keeping themselves and the networks they use more secure.

Attracting Women to Cybersecurity

Valecia Maclin, Raytheon’s cyber program director, knows how tough it can be for women to gain traction in her field. Women account for just 10 percent of the cyber workforce, and it can be hard to find mentors to share tips and tricks of the trade. Valecia’s own experiences — and her passion for cybersecurity — motivate her to give girls and young women a helping hand. She volunteers at the annual National Collegiate Cyber Defense Championship, a Raytheon-sponsored event that challenges college students from across the country to test their skills at protecting a network against cyber threats.

She also works with educators and nonprofit organizations that help middle- and high-school girls to find opportunities in STEM.

“As a hiring manager, I seek out women,” Valecia said. “They bring with them a different perspective and a diversity of thought that’s critical in defending networks.”

Valecia Maclin
Valecia Maclin

EDUCATION INITIATIVES

Raytheon’s success will depend on cultivating future generations of cyber defenders. As software becomes the backbone of every product, platform, appliance and vehicle — and as every company incorporates cyber in their business functions — the demand for expertise will grow exponentially.

Today, the rise of sophisticated threats continues to outpace cybersecurity training and the growth of the talent pipeline. There is a serious need to attract and train curious analysts who understand networks and can effectively protect network perimeters, script and identify endpoints.

We help develop this talent by investing in programs that encourage young people to pursue STEM careers. We also form research partnerships with universities to develop new cyber technologies. These relationships include research internships that expose students to cyber engineering.

We also fund many other cyber education initiatives, including:

  • The National Collegiate Cyber Defense Competition, where teams of college students compete to protect their networks against external threats.

    The National Collegiate Cyberspace Defense Competition

  • The Cyber Security Challenge, an event series in the U.K. that tests amateur applicants with cyber skills.
  • Raytheon’s Cyber Academy, a global cyber education program for students, first launched in the United Arab Emirates.

    Raytheon’s Cyber Academy

  • An annual global research study, Securing the Future: Closing the Cyber Talent Gap, to identify trends and help to educate the millennial generation about cybersecurity careers.
  • The Raytheon Women’s Cybersecurity Scholarship, administered by the Center for Cyber Safety and Education, to encourage more women to enter this field.

    Raytheon Women’s Cybersecurity Scholarship

  • The National Cyber Security Alliance board and promotion of National Cyber Security Awareness Month to educate young people about cybersecurity careers.
  • Collaboration with Girl Scouts of the USA to deliver a first-of-its-kind nationwide computer science program and cyber challenge with the opportunity to reach nearly half a million girls in grades 6–12.

    Girl Scouts

A MORE RESILIENT SUPPLY CHAIN

Raytheon's cybersecurity expertise makes us a valuable supply chain partner. We draw on our capabilities to share best practices and alert partners to potential security threats. The collaborative environment we've built enables us to protect and share technical data. We can also quickly alert our supply chain if we detect a threat to a supplier’s network.

Suppliers also agree to notify us if they experience a breach, and we work with them to determine its impact and meet disclosure requirements.

We also collaborate with other large defense industry suppliers in the Exostar Exchange. This secure, automated system gathers demand signals from other manufacturers; exchanges supplier documentation electronically to streamline and simplify that process; and generates advance shipping notices, invoices and other documents.

The Exchange also collects data on cybersecurity performance. Monthly meetings enable us to share forecasts, collect feedback and discuss ways to update the platform to make it more user friendly for suppliers. 

RAYTHEON IS WORKING TO BUILD INTERNAL AND EXTERNAL STRATEGIC RELATIONSHIPS TO BOOST CYBERSECURITY AND OVERALL PERFORMANCE.

Raytheon is working to build internal and external strategic relationships to boost cybersecurity and overall performance. Improved collaboration between our Supply Chain, Engineering, Finance, Logistics and Information technology teams will enable us to collect more and better data on the security of the supply chain and economic universe.

We can then share relevant industry information across our diverse supplier community. A new, streamlined Enterprise Supplier Data Management strategy and system enable Raytheon's four lines of business and Forcepoint to manage our suppliers using one platform within a common SAP® business software environment.

 

CORPORATE RESPONSIBILITY REPORT

Corporate Responsibility Report

This year’s report provides a detailed overview of Raytheon’s corporate responsibility initiatives, highlighting our efforts to enrich the lives of people, strengthen our performance and reduce our environmental footprint.

Click below to download the full report or build your own.

Download the Full Report

Build a Custom Report