Cyber attacks pose risks to our organization, our people and the customers and communities we serve. For Raytheon, cybersecurity is an important corporate responsibility concern because reliable, secure data and information flow is vital to every part of a company, and for us, it is central to our ability to support our customers’ missions.
A PERSISTENT THREAT
Cyber threats are a direct challenge to our customers’ missions, as they seek to expose critical data and intellectual capital. Raytheon’s cybersecurity strategy safeguards our customers and employees from possible breaches that can erode trust.
These threats also have the potential to create global security risks by disrupting power grids and critical underlying infrastructure like water, power and fuel supplies. They also can impede or halt government, military and commercial operations.
As the “internet of things” continues to expand, consumers and organizations of every size face the increased likelihood that hackers will access their information and sell it to the highest bidder — or use their connected devices to extend their reach into critical networks.
This complex challenge can’t be solved alone; solutions require multilateral leadership from governments, public companies and private institutions.
Raytheon is emerging as a world leader across every side of cyber. From power plants to unmanned aerial vehicles, from Wall Street to the Pentagon, and from around the world to here at home, our cyber solutions work at the front lines and behind the scenes to help us engineer a safer world.
EVERY SIDE OF CYBER
LATEST TRENDS AND DEVELOPMENTS
Over the last decade, the cyber domain has “jumped the network” to become an information ecosystem that underpins modern life by enabling everything from shopping and driving to manufacturing and power grids.
And on a parallel path, cyber attacks have moved from individuals drawing attention and creating online mischief to complex state-sponsored attacks intended to cause economic, social and political havoc.
Cyber attacks are becoming more frequent — and more disruptive — every year, and 2017 was no exception. Cyber attacks even reached into political elections in the U.S., France, the Ukraine, Norway, the Netherlands, Germany and the U.K. And just a few weeks later, a super-charged variation of the previously discovered Petya ransomware spread across the globe, shutting down critical networks.
CYBER ATTACKS ARE BECOMING MORE FREQUENT — AND MORE DISRUPTIVE — EVERY YEAR, AND 2017 WAS NO EXCEPTION.
Hackers were also responsible for an unrelenting barrage of corporate security breaches, including one at Equifax. And an accomplished attack group used custom-built malware to breach — and possibly take temporary control of — a power company’s systems. In this environment, vigilance is more important than ever. So is transparency, allowing customers and others to protect themselves and their data.
CYBER ATTACKS POSE MULTI-DIMENSIONAL RISKS
It’s clear that cyber attacks today aim to disrupt critical systems and even manipulate the homes we live in, the water we drink, the energy we need, the cars we drive and the medical systems that support our health and well-being. Critical national infrastructure, commercial aircraft and personal health and financial data each face cyber threats. Hacking a gas turbine or nuclear facility could put systems and human safety at risk — or prevent day-to-day activities that require their power. Breaches of health records can compromise quality of care. And a major hack of a “too big to fail” global bank could bring the global financial system to a halt.
“Cybersecurity is becoming more and more of an important issue. It's a matter of national security and the safety of our infrastructure and our warfighters.”
— Thomas A. Kennedy, Chairman and CEO
Many cyber crimes can be traced to the darknet, where hackers can purchase malware and other tools and services. There, criminals can access cyber crime support from technical experts who help criminals launch major attacks. With these tools, hackers can take full advantage of increased connectivity via the IoT, which has expanded the cyber ecosystem and made traditional cyber defense perimeters obsolete. In essence, everyone is inside the network of everyone else.
For example, threats to the IoT interfaces that control machinery and other operational technology put assembly lines, products and even consumers at risk. Companies face additional business risks from attacks to their supply chains and to the systems of business partners and acquired companies, especially as companies outsource major components like the engines that are integrated into new vehicles or aircraft.
And in the consumer sector, the IP addresses of devices like phones, household appliances, thermostats and cars have become threat points, or vectors, that bad actors can use to shut down our homes, invade our privacy, or crawl deeper into the network to reach critical infrastructure or networks.
In the never-ending quest to stay ahead of these attackers, a new approach has emerged that centers on data as it flows on a network. This change of focus from network to data combines technologies that look at threats inside a network, and the ability to understand and influence human behavior.
By understanding how legitimate users behave when they access critical systems and data, insider-focused security and continuous monitoring solutions can detect anomalies, the unauthorized activities of privileged users and determine when information has been accessed inappropriately. This approach goes far beyond simple rules and policies to generate real-time insights and behavioral analytics that recognize context and intent.
GLOBAL CHALLENGE: SAFEGUARDING NATIONS, BUSINESSES AND CITIZENS
Many of today’s sophisticated hackers are employed or supported by foreign nations and are setting their sights on strategic targets that cross national borders. By disrupting the flow of information, global shipments and government services, these attacks threaten the critical resources we rely on and our underlying stability.
As such, they create new potential avenues for global security crises, and also potentially serious economic consequences. According to Juniper Research, cyber crime is projected to cost businesses more than $2 trillion by 2019. This threat makes cybersecurity a global security imperative of the highest magnitude.
CYBERSECURITY NOW GOES WELL BEYOND PROTECTING NETWORKS — IT SAFEGUARDS OUR WAY OF LIFE.
NATIONS AND GOVERNMENTS
Around the world, we’ve entered a new era where governments, commercial businesses and private institutions must evaluate their exposure to risk through a national security lens. We must assume that networks have already been compromised, and that attacks will continue to penetrate perimeters to get inside.
This escalating risk is driving aggressive actions across government and industry to build and improve cyber defenses with better visibility into networks, more tools to defend those networks and an informed workforce capable of recognizing threats.
Within the government sphere, cyber is evolving from an exclusive capability practiced in the intelligence community to a domain of operational options for our military.
The U.S. Department of Defense has taken the lead in elevating this issue, establishing USCYBERCOM, investing in cyber defense capabilities and embedding cyber operators into military units. Cyber has also become a warfighting capability that requires the new expertise to make it scalable and useable by military forces and combatant commanders.
In the business sector, companies face increased exposure from many angles — negligent or malicious insiders, compromised supply chains, the growing attack surface areas represented by the IoT, and the increasing number of sophisticated attackers who see businesses as easy targets. As businesses continue to invest in automation, artificial intelligence and the IoT, these cyber risks will only grow.
Commercial companies also play a critical role both in protecting their own data and in some cases developing new cybersecurity technologies. These technologies help keep valuable data, business information and intellectual property safe and ensure that critical systems are resilient and secure.
Corporate boards recognize that these cyber attacks can cost companies customers in addition to inflicting tremendous harm to brands, reputations and public trust. If intellectual property is lost, the attacks can also materially affect valuation and competitive advantage.
Boards are working to understand enterprise cyber risks, weigh investment options and establish cybersecurity goals, metrics and appropriate funding. This oversight and governance can also help with merger-and-acquisition cyber diligence, board policies for cyber risk, cyber crisis preparedness and cyber business strategy.
Businesses are also hiring cyber experts or outsourcing cyber support services. Cybersecurity service teams like those at Raytheon can be located anywhere. They dedicate the necessary time and skills to proactively hunt for attacks and quickly react when they do happen, thereby helping to ensure that organizations remain operational and secure.
Consumers, as individual users, are among the weakest links in the cyber defense system. At work and at home, users’ email and browsing habits on connected devices expand the attack surface and can give hackers an inside track to personal and financial data. Companies are investing in comprehensive cyber training programs to help protect their employees and their businesses.
Yet despite the amount of new cybersecurity investments, the number of serious breaches continues to rise. The public and private sectors must work with even more urgency to find those threats and learn what tactics, techniques and protocols hackers are using.
Combined, we can stop them sooner, detect them faster and then transfer that knowledge between friendly governments and across the commercial sector to close gaps attackers could exploit.
CYBER THREATS IN AVIATION
Every cybersecurity professional dreads “zero day,” the time when a security breach begins to put information, operations and people at risk. Their never-ending challenge is to stay ahead of hackers and uncover and patch flaws that create new attack risks.
Raytheon’s technologies help us engineer a safer world by protecting intellectual property and personal data while keeping business operations, critical infrastructure and government services intact.
Raytheon has emerged as an industry leader in cybersecurity. We’re playing a major role in protecting defense and civil systems and in bringing these solutions to the commercial sector.
More than a decade ago, we began developing technologies to protect our own systems. Today, we’re providing that expertise to secure customers’ networks — from companies to countries. We’re building cyber protection into products and services across our entire portfolio — from information systems, to weapons, to the systems for engaging and launching them.
Raytheon is unique in the U.S. aerospace, defense and cybersecurity sectors. We are the only company to form a holistic strategy for our interconnected world by focusing our expertise on security of the converged commercial, defense, intelligence and government sectors.
The most important decisions are based on information that above all, must be secure. From hardening defense systems against intruders to protecting critical infrastructure and data, we draw on our decades of experience to offer our customers the most effective shields against cyber threats in any domain.
We’ve put in place an updated strategic plan that addresses areas of the cybersecurity market where we believe we have an opportunity to make the biggest positive impact. Comprehensive offerings range from protection of nations, infrastructure and large enterprises to off-the-shelf software for mid-sized businesses.
Raytheon also extends these services internationally, applying our unique experience integrating and hardening large, safety-critical systems to protect nations from cyber threats. We can also tailor these nation-level cyber defenses to support international agencies, companies and high-consequence missions.
Raytheon introduced Forcepoint in 2016 to transform cybersecurity for the commercial sector, global governments and critical infrastructure. Forcepoint protects enterprises, defense departments and civilian agencies by offering cyber products that lower risk, accelerate digital transformation and reduce cost.
Forcepoint’s product portfolio is focused on the human element with risk adaptive protection solutions that feature data loss prevention, behavior analytics, next-generation firewalls and security for cross-domain and cloud environments.
Raytheon continues to improve Forcepoint products through ongoing research and tests to strengthen them under pressure, leveraging the vast Raytheon networks for real-time testing. Forcepoint also provides stress-tested cyber protection to the commercial market through a technical-transfer process.
This capability makes Forcepoint the only commercial cybersecurity company with a multibillion dollar research and development arm and product test bed.
“We can do something about the cyber challenges we face. We must be proactive, committed and willing to work together. We must re-evaluate our current mindset around cybersecurity, automate the tools and technologies that protect and sustain our systems, and invest in future generations of cyber professionals.”
— Dave C. Wajsgras, President, Raytheon's Intelligence, Information and Services
CYBER WORKFORCE AND RESILIENCY
Raytheon has assembled a group of passionate, inquisitive cyber professionals who love what they do and want to do innovative work that always pushes the boundaries within cyber. We seek talented data researchers, data scientists, security analysts and engineers.
Given the fast evolution of cyber threats, we’re committed to closing new cyber skills gaps. We’re turning to new technologies and approaches like artificial intelligence and self-healing systems that can extend the reach of the expert. We also are engaging firsthand with universities and other organizations to help educate students and grow their interest in becoming cyber professionals.
Raytheon’s success will depend on cultivating future generations of cyber defenders. As software becomes the backbone of every product, platform, appliance and vehicle — and as every company incorporates cyber in their business functions — the demand for expertise will grow exponentially.
Today, the rise of sophisticated threats continues to outpace cybersecurity training and the growth of the talent pipeline. There is a serious need to attract and train curious analysts who understand networks and can effectively protect network perimeters, script and identify endpoints.
We help develop this talent by investing in programs that encourage young people to pursue STEM careers. We also form research partnerships with universities to develop new cyber technologies. These relationships include research internships that expose students to cyber engineering.
A MORE RESILIENT SUPPLY CHAIN
Raytheon's cybersecurity expertise makes us a valuable supply chain partner. We draw on our capabilities to share best practices and alert partners to potential security threats. The collaborative environment we've built enables us to protect and share technical data. We can also quickly alert our supply chain if we detect a threat to a supplier’s network.
Suppliers also agree to notify us if they experience a breach, and we work with them to determine its impact and meet disclosure requirements.
We also collaborate with other large defense industry suppliers in the Exostar Exchange. This secure, automated system gathers demand signals from other manufacturers; exchanges supplier documentation electronically to streamline and simplify that process; and generates advance shipping notices, invoices and other documents.
The Exchange also collects data on cybersecurity performance. Monthly meetings enable us to share forecasts, collect feedback and discuss ways to update the platform to make it more user friendly for suppliers.
RAYTHEON IS WORKING TO BUILD INTERNAL AND EXTERNAL STRATEGIC RELATIONSHIPS TO BOOST CYBERSECURITY AND OVERALL PERFORMANCE.
Raytheon is working to build internal and external strategic relationships to boost cybersecurity and overall performance. Improved collaboration between our Supply Chain, Engineering, Finance, Logistics and Information technology teams will enable us to collect more and better data on the security of the supply chain and economic universe.
We can then share relevant industry information across our diverse supplier community. A new, streamlined Enterprise Supplier Data Management strategy and system enable Raytheon's four lines of business and Forcepoint to manage our suppliers using one platform within a common SAP® business software environment.
CORPORATE RESPONSIBILITY REPORT
This year’s report provides a detailed overview of Raytheon’s corporate responsibility initiatives, highlighting our efforts to enrich the lives of people, strengthen our performance and reduce our environmental footprint.
Click below to download the full report or build your own.