S T A Y I N G A H E A D O F T H E T H R E A T

C Y B E RS E C U R I T YO V E R V I E W

J O H N H A L L

Cyber Security Analyst

Senior Manager

LARGE DEFENCE CONTRACTOR, HIGHLY TARGETED BY ADVERSARIES

P R O T E C T I N G T H E E N T E R P R I S E

W E N E V E R F O R G E T W H O W E A R E W O R K I N G F O R ™ – B U T N E I T H E R D O E S T H E A D V E R S A R Y

>100,000 Employees

>60,000 Scientists, Engineers And IT

Professionals

Global Operations: 572 Facilities In

Over 63 Countries

6x OC-12 Internet Pipes

~200TB Full Packet Capture Storage

~300 Million Web Requests/Day

~1.2 Million Web Proxy Connections Blocked

per Day

~145,000 Managed Desktops

~1.75 Billion Sensor Events/Day

~30 Million Emails/Day

~800,000 Active Directory Objects

It takes a concerted organizational effort to develop a defensive posture

If tools are your only answer – you asking the wrong question!

Leadership is fundamental,

Strong analyst skills too.

Must demonstrate ongoing performance improvements like anything else

WE HAVE LEARNED MANY HARD LESSONS INCLUDING:

D E V E L O P I N G A S E C U R I T Y M I N D S E T

I T ’ S A M A R A T H O N N O T A S P R I N T

Still the same mechanics : email/web/

some USBs/insiders

Adversary is exploiting the trust

between partners in the supply chain.

THE SUPPLY CHAIN IS A KEY VECTOR

E V O L V I N G C Y B E R E C O S Y S T E M

4

Behavioural analysis so important.

Must look for adversary behaviours

amongst the legitimate traffic

SME/SMB are an integral part of the

national economic infrastructure but

least prepared for the reality.

Companies like LM are constantly

maturing our approach and

expectations for suppliers. Suppliers

that expose us to less risk will have a

benefit over their competition

F35 IN AUSTRALIA C130J IN AUSTRALIA

O N E S U P P L I E R S E X A M P L E

Australian companies have been awarded over $482M USD

in F-35 contracts to date and high tech manufacturing jobs

for Australian industry

Australian industry is expected to gain up to $6.3B USD in

industry opportunities over the life of the JSF program.

Every F-35 built will have some Australian parts and

components.

The F-35 program will sustain high technology

manufacturing jobs across the country for decades to come

To date, there are currently 17 Australian companies with

active F-35 contracts.

C130 has an extensive history in Australia.

– C130A entered service 1958

Currently the Airforce has a ~$290M C130J support contract

with Australian companies through 2030.

– This contract has created a longer tail of SMEs outside

the LM specific supply chain

A local company is producing some $15M worth of carbon-

fibre composite wing flaps per year

S O M E S T A T S F O R L O C K H E E D M A R T I N I N A U S T R A L I A

A T T R I B U T I O N

W H Y M E ?

AUSTRALIA IS PART OF A GLOBAL ECONOMY.

For a corporation: Who only matters to understand Why.

Understanding How is a highly IT based technical skill

Understanding How and Why represent an Intelligence driven approach that helps to apply

limited internal resources to those issues that present the most risk to the corporation.

I think this is true in any scenario with finite resource

Industry and particularly larger industry and state need to work closely. Economically important

to raise the capability and posture of the weakest links.

Small business needs to learn the basics and at least be more informed consumers of the

technology supporting a connected business environment.

OF COURSE THERE IS HOPE… JUST NO SILVER BULLET

T H E T A K E A W A Y

I S T H E R E H O P E ?

“A journey of a thousand miles begins with a single step.”

Lao-tzu, The Way of Lao-tzu

Chinese philosopher (604 BC - 531 BC)

“Opportunities multiply as they are seized.”

Sun Tzu

CYBER THREAT INTELLIGENCEADVANCED THREAT MANAGEMENT

CYBER WORKFORCE AWARENESS

C Y B E RS E C U R I T YS O L U T I O N S

Knowledge Management System (KMS)

of Advanced Indicators

Continuous Collection Allows Constant

Identification of Activities

Extensible Analysis Enables Extraction and

Enrichment of Collected Information

Artifact Retention Provides Evidence for

Prosecution

Detection and Alerts on Covert Malicious

Command & Control Channels

Detection of Advanced File Exploits

On-going, Focused Network Visibility

Custom Exploit Signatures

Notification of Adversarial Tactics,

Techniques, and Procedures Observed at

Internet Points of Presence

iCampaign—Employee Awareness

Training

EXCITE—Accelerates Competency Level

of Cyber Intelligence Analysts through

Courses that Provide an Understanding

of Security Intelligence Concept, Mindset,

Tools and Technologies