To Harden Networks, Cybersecurity Must Be 'Baked In' From Start

5/21/2013
By Yasmin Tadjdeh

As cyberthreats rise, and military budgets decline, the acquisition community needs to "bake in" computer security from the start, said members of industry.
Too often, cybersecurity is an afterthought for weapon systems designers, said Mike Papay, vice president and chief information security officer for Northrop Grumman. Adding software patches, or software after a system is fielded is an expensive proposition. Network security should be an integral part of the system during the early stages of development. In the long run, that can save companies and the government money, he added.
"Cyber-hardened systems and platforms allow us to deliver on mission requirements … [and] provide affordability," Papay said May 21 at the National Press Club in Washington, D.C.
The acquisition community needs to place more emphasis on integrating cybersecurity software during the beginning of a development program, he said.
"This is one of those ideas that the acquisition community is just coming to grips with now. They realize that this is important… [But] a lot of people want to focus on the capabilities of the system and not necessarily on security. Well, they don't realize that if you don't pay attention at least to the embedded cybersecurity piece of it then you don’t get any of the capabilities," said Papay.
The government cannot wait until a system is completed to install network security software, said Randy Belote, vice president of strategic communications for Northrop Grumman.
"We promote embedding cyberprotection in … systems while they are in development phase. Clearly, it is the most affordable approach to combat the threat," said Belote. "If we build in cyberprotections after the system or platform is designed or fielded, it is simply too late."
In a time of tight budgets, cybersecurity cannot be an afterthought, said Pat Antkowiak, vice president and general manager of Northrop Grumman's advanced concepts and technologies division.
Already, Northrop Grumman has designed some of its products with cybersecurity software installed during the early phases of development. The Navy's Consolidated Afloat Networks and Enterprise Services program, an initiative intended to improve interoperability across the fleet, is one example, company officials said. The Air Force's Air and Space Operations Center is another.
Designing systems with open architectures is also another way to save money down the line when modifications or upgrades are needed, said Greg Schmidt, vice president and general manager of Northrop Grumman's training solutions division.
As for how much such initiatives could save a company or the government over the long run, Papay could not give a specific number.
Photo Credit: Thinkstock

Topics: Cyber, Cybersecurity, Infotech, Infotech, Architecture

Comments (0)

Name *

Email *

Comment *

Please enter the text displayed in the image.

Characters *

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

I have read the legal notice.

Find an Article VIEW ALL ARTICLES