Cybercriminals aren’t a new threat, but how we respond to them has radically changed. As automated self-propagating code attacks progressed to highly coordinated, long-term cyber intrusions, analysts at Lockheed Martin discovered their cyber solution from an unlikely source: U.S. Air Force pilots and counter-IED (improvised explosive device) experts.
Lockheed Martin’s collaborations with the U.S. Air Force in 2006 as well as a 2007 Washington Post series on counter-IED operations inspired analysts to use classic military doctrine, which includes the concept of a kill chain, and apply that to cybersecurity.
“The classic Air Force kill chain is Find, Fix, Track, Target, Engage and Assess. As net defenders, we’ll see some of the Find steps and a lot of the Engage steps, so we tailored our own seven-step process specific to intrusions,” said Eric Hutchins, Lockheed Martin fellow and chief intelligence analyst for the company’s Computer Incident Response Team (CIRT).
CIRT developed an intelligence-driven cyber defense that monitors all phases of a cyberattack to understand the aggressor’s actions before they become harmful. As the attack progresses, so do the levels of visibility and control by the defenders so they can maintain information superiority.
“Traditional cyber defense is like a football team running the same defensive play over and over -– regardless of what the offense is doing,” said Dr. Rohan Amin, the director for Lockheed Martin Global Cyber and Security Solutions. “Intelligence-driven cybersecurity works like a defensive squad that scouts their opponents, knows their playbook and can make midgame adjustments.”