Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Defense Contractors Must do More to Conceal Their Attack Surface

The world is entering a new era dominated by the rise of peer competitors like China and Russia, who are increasingly exerting their geo-political influence. After two decades of fighting a counter terrorist focused war where the tools of the US and its allies were far superior, the competitive landscape is changing significantly.  

The world is entering a new era dominated by the rise of peer competitors like China and Russia, who are increasingly exerting their geo-political influence. After two decades of fighting a counter terrorist focused war where the tools of the US and its allies were far superior, the competitive landscape is changing significantly.  

The rise of quantum computing, hypersonic weapons and criminal groups acting on behalf of nation states have changed the calculus and the stakes of twenty-first century warfare. The US and its allies are having to prepare for potential conflicts in Eastern Europe and/or the South China Sea. Both adversaries in such a conflict already possess significant knowledge of US cyber infrastructure and have a consistent history of exploiting these weaknesses.

Meanwhile, the US defense contractor community is charged with building hardware and software that will provide clear strategic and tactical advantages on the battlefield. However, the continuing rise of social engineering tactics as well as risks associated with embedded vulnerabilities in contractor networks makes keeping this technology confidential and out of the hands of adversaries increasingly difficult. 

In fact, threat actors have already demonstrated the ability to infiltrate government networks through supply chain attacks such as Solarwinds that compromised at least nine Federal agencies. The close working relationship between defense contractors and the US government poses a significant risk for data leakage in the event of a data breach. In November of last year, a phishing attack against Electronic Warfare Associates confirmed that defense contractors are actively being targeted by adversaries.

While storing information in a classified environment can ensure greater security, it also impedes collaboration and innovation due to the access constraints it creates for users. 

There are several alternatives that defense contractors can implement to protect secrets from falling into the wrong hands. 

One is to use deception technology to share and transmit data, in addition to traditional security controls. Defense contractors should implement a level of obfuscation and non attribution in both their cloud storage and data transfer capabilities.  

In addition, unclassified but sensitive information should be stored in cloud enclaves that do not reflect the name of the defense contractor or government agency with which they are working. For example, when that data is moving to the cloud or between companies extensive IP address obfuscation should be used to unlink information streams from its origin.  

Advertisement. Scroll to continue reading.

Finally, end-to-end encryption should be an overarching requirement for all defense contractor data, as well as a zero trust security model to prevent unauthorized access to sensitive information.  

Margins are always tight in the defense business, but that is never an excuse not to invest in appropriate cyber defense measures. The defense contractor community must continue to implement state of the art cyber security technology in order to protect our national security and competitive advantage. One cost effective way to do that is by incorporating obfuscation techniques that conceal their attack surface.

Written By

Gordon Lawson is CEO of Conceal, a company that uses Zero Trust isolation technology to defend against sophisticated cyber threats, malware and ransomware at the edge. Previously, he served as president at RangeForce Inc. Gordon has nearly two decades of experience in the security sector with a focus on SaaS optimization and global enterprise business development from global companies including Reversing Labs, Cofense (formerly PhishMe) and Pictometry. As a naval officer, Gordon conducted operational deployments to the Arabian Gulf and Horn of Africa, as well as assignments with the Defense Intelligence Agency, US Marine Corps, and Special Operations Command. He is a graduate of the US Naval Academy and holds an MBA from George Washington University.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.