As the top information technology provider to the U.S. government, Lockheed has long worked to secure data on computer networks run by a range of civilian and military agencies. The company is also trying to expand sales of cybersecurity technology and services to commercial firms, including its suppliers, and foreign governments, Lockheed executives said.
“Suppliers are still a huge problem,” said Charlie Croom, Lockheed’s vice president of cybersecurity solutions, noting the large number of companies that provide products and components for Lockheed, which has annual sales of just under $47 billion.
Croom, the former head of the Pentagon’s Defense Information Systems Agency, said cybersecurity was a crucial area for Lockheed, but said it was difficult to pinpoint exactly how much business it generates because network security is part of nearly everything the company sells and does for the government.
He estimated that 5 to 8 percent of Lockheed’s revenues in the information systems sector were related to cybersecurity. Lockheed generated $9.4 billion sales in that division in 2011.
McMahon said Lockheed had seen “very successful” attacks against a number of the company’s suppliers, and was focusing heavily on helping those companies improve their security.
She said a well-publicized cyber attack on Lockheed’s networks in May 2011 came after the computer systems of two of its suppliers -- RSA, the security division of EMC Corp and another unidentified company -- were compromised.
“The adversary was able to get information from RSA and then they were also able to steal information from another supplier of ours, and they were able to put those two pieces of information together and launch an attack on us,” McMahon said.
She said Lockheed had been tracking the adversary for years before that attack, and was able to prevent any loss of data by using its in-house detection and monitoring capabilities.
One of the lessons the company learned was the importance of sharing data with other companies in the defense sector, and suppliers, to avert similar attacks, McMahon said.