Cyber consequences: Attacks are hitting the C-suite

Ask Charles Bouchard what keeps him awake at night and the chief executive officer of Lockheed Martin Canada won't hesitate: “Our ability to protect our cyber systems.”

At a time when access to intellectual property (IP) is raising debate among aerospace OEMs, suppliers, in-service support and MRO (maintenance, repair and overhaul) companies, and governments and militaries, protecting data is a hot topic.

Lockheed Martin has seen enough of its IP stolen in recent years to take the problem seriously. But Bouchard believes many industry executives don't truly understand the challenge or the cost.

“It's one thing to say, we want the IP. The next question is, can you defend it? Can you protect it? That is a problem today,” he told Skies. “Subcontractors . . . need to protect their data because they are connecting to our systems, especially if IP will be passed to them. How are we going to do that? We have gone beyond putting a guard at the front gate and a lock on the door. [And] for some, it's a significant investment.”

Cyber defence is a national imperative, said retired Major-General Robert Wheeler, a 32-year veteran of the United States Air Force and a senior advisor to Avascent Global Advisors.

Whether the threat comes from nations or non-state actors such as terrorist or criminal organizations, cyber experts are seeing an increase in frequency and capability “in this particular type of warfare.”

“They are going after companies that are not prepared to deal with it, to take their IP and create havoc...,” the former deputy chief information officer in the Office of the Secretary of Defense told executives at the Canadian Aerospace Summit in Ottawa Nov. 7.

Modern aircraft, with their vast supply chains and increasingly networked systems, present an attractive “avenue for bad guys to get in.”

In a presentation that highlighted recent attacks in Canada, the U.S. and elsewhere, Wheeler showed how the relentless pursuit of corporate and government data has jeopardized military, commercial and critical infrastructure systems and programs.

The 2011 attack on Defence Research and Development Canada, for example, was not only a costly systems problem to fix, it also raised questions about what government, industry and research data was exfiltrated. Likewise, the 2015 hack of the U.S. Office of Personnel Management was alarming because the benign-sounding agency houses the security clearances, including digital photo and biometric identification, for government, intelligence and military personnel.

“Data is the commodity of the 21st century,” said Wheeler.

While the sheer volume of new data might be a sign that more intellectual property is being created and the economy is growing, corporate breaches are keeping pace, and “the cost of each breach is accelerating” in terms of dollars and lost IP.

Cyber attacks are also starting to impact the C-suite, he noted. The 2013 breach of Target's payment card system cost chief executive officer Gregg Steinhafel his job, and executives with credit reporting agency Equifax have been “publicly flogged” in the wake of the hack of millions of client records in October.

ere may be greater consequences for companies that don't do due diligence, Wheeler suggested, pointing to changes taking shape in the legal regime following the Target attack.

While greater investment in cyber defence is important, “this is not a technology issue,” he said. “This is a leadership issue” that requires a change in organizational culture and executives who understand the challenge and can “walk the talk.” It also requires more employee training, not only in best cyber hygiene practices, but also in how to use networking and cyber tools to be more resilient, agile and quick to respond.

The payoff is a more effective, efficient and competitive company. “[So] many solutions to problems of this world today are in the data,” he said. “If you do this correctly . . . there is an opportunity to be more competitive, more collaborative, to come up with faster ideas in an environment and age when we have to come up with faster ideas.”

https://www.skiesmag.com/news/cyber-consequences-attacks-hitting-c-suite/