Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Defense Contractors Must do More to Conceal Their Attack Surface

The world is entering a new era dominated by the rise of peer competitors like China and Russia, who are increasingly exerting their geo-political influence. After two decades of fighting a counter terrorist focused war where the tools of the US and its allies were far superior, the competitive landscape is changing significantly.  

The world is entering a new era dominated by the rise of peer competitors like China and Russia, who are increasingly exerting their geo-political influence. After two decades of fighting a counter terrorist focused war where the tools of the US and its allies were far superior, the competitive landscape is changing significantly.  

The rise of quantum computing, hypersonic weapons and criminal groups acting on behalf of nation states have changed the calculus and the stakes of twenty-first century warfare. The US and its allies are having to prepare for potential conflicts in Eastern Europe and/or the South China Sea. Both adversaries in such a conflict already possess significant knowledge of US cyber infrastructure and have a consistent history of exploiting these weaknesses.

Meanwhile, the US defense contractor community is charged with building hardware and software that will provide clear strategic and tactical advantages on the battlefield. However, the continuing rise of social engineering tactics as well as risks associated with embedded vulnerabilities in contractor networks makes keeping this technology confidential and out of the hands of adversaries increasingly difficult. 

In fact, threat actors have already demonstrated the ability to infiltrate government networks through supply chain attacks such as Solarwinds that compromised at least nine Federal agencies. The close working relationship between defense contractors and the US government poses a significant risk for data leakage in the event of a data breach. In November of last year, a phishing attack against Electronic Warfare Associates confirmed that defense contractors are actively being targeted by adversaries.

While storing information in a classified environment can ensure greater security, it also impedes collaboration and innovation due to the access constraints it creates for users. 

There are several alternatives that defense contractors can implement to protect secrets from falling into the wrong hands. 

Advertisement. Scroll to continue reading.

One is to use deception technology to share and transmit data, in addition to traditional security controls. Defense contractors should implement a level of obfuscation and non attribution in both their cloud storage and data transfer capabilities.  

In addition, unclassified but sensitive information should be stored in cloud enclaves that do not reflect the name of the defense contractor or government agency with which they are working. For example, when that data is moving to the cloud or between companies extensive IP address obfuscation should be used to unlink information streams from its origin.  

Finally, end-to-end encryption should be an overarching requirement for all defense contractor data, as well as a zero trust security model to prevent unauthorized access to sensitive information.  

Margins are always tight in the defense business, but that is never an excuse not to invest in appropriate cyber defense measures. The defense contractor community must continue to implement state of the art cyber security technology in order to protect our national security and competitive advantage. One cost effective way to do that is by incorporating obfuscation techniques that conceal their attack surface.

Written By

Gordon Lawson is CEO of Conceal, a company that uses Zero Trust isolation technology to defend against sophisticated cyber threats, malware and ransomware at the edge. Previously, he served as president at RangeForce Inc. Gordon has nearly two decades of experience in the security sector with a focus on SaaS optimization and global enterprise business development from global companies including Reversing Labs, Cofense (formerly PhishMe) and Pictometry. As a naval officer, Gordon conducted operational deployments to the Arabian Gulf and Horn of Africa, as well as assignments with the Defense Intelligence Agency, US Marine Corps, and Special Operations Command. He is a graduate of the US Naval Academy and holds an MBA from George Washington University.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

F5 has appointed Cathy Peterman as Chief People Officer.

Sean Murphy has joined F5 as a Field Chief Information Security Officer - North America.

CodeHunter has appointed Stephen McCarney as Chief Strategy Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.