For industries such as Aerospace and Defense, which must protect not just company information, but US government data related to national security, the delays in detecting and responding to cyber intrusions create major risks. As the cyber adversary evolves into an increasingly more sophisticated entity, it is necessary to reduce these risks and develop strategies that not only prevent cyber adversaries, but prepare companies for when the attacker succeeds. In the event of a breach, companies need to be able to exercise the key element of cyber security, agile responsiveness—the ability to react quickly and fluidly to a cyberattack. Achieving agile responsiveness is dependent upon empowering the fundamental components of cybersecurity, the Chief Information Security Officer (CISO) and cyber team, with the authority to make and implement cyber-related decisions.
—————————————————————————————————————————-
On average, it takes a company 275 days to detect a foreign identity in its network[i]— That is 275 days an attacker can freely access critical information, be it financial data, intellectual property, or operational planning.
—————————————————————————————————————————
Companies perform better against cyber threats when their organizational infrastructure and network are agile, though becoming such is difficult. Enterprise IT networks are highly inter-connected systems, a complicated grid of intersections between, but not limited to, company employees, external contractors, and subsystems (including the breakroom soda machine). When preventative measures fail to protect this system, companies require quick detection and remediation.
Traditional reporting structures do not distinguish between the more administrative Chief Information Officer (CIO) and operational CISO chains-of-command, positioning the CISO next-in-line to the CIO who, in turn, reports to the CEO. Though effective administratively, it restricts in what way and how quickly the CISO can react to cyberattacks. Instead, companies found that separating the two operating lines eliminates the extra tier of governance the CISO must adhere to and grants the CISO the operational authority to direct and execute a real-time cyber team. Otherwise, the cyber team continuously lags behind the threat, crippled by an administrative structure that willingly gives the cyber adversary the upper hand[ii].
With the role of the CISO increasing in importance, Senior Vice President of Dinte Executive Search, Chris Sunday, has noted an “increase of clients modifying the CISO/CIO reporting structure and desiring to understand the cyber talent within and beyond the Aerospace and Defense industry.” The industry appears to be poised for a talent transformation in the role of the CISO, capable of revamping and upgrading both the networks and cyber teams to better position the companies against the current and future threats.
However, an evolution of the top-tier administration alone cannot defend against a constantly changing enemy. While imperative to defending the network, the CISO can only achieve agile responsiveness if there is a robust, round-the-clock cyber team that puts the CISO’s vision into action. Aerospace and Defense companies need to strengthen their agile operational environments by building cyber teams from non-traditional industries such as gaming that require rapid, real-time responses to unseen adversaries. Cyber teams that look beyond traditional computer science talent pools and creatively test their own networks can more readily prepare for an attacker that continuously searches for innovative ways to breach the system.
Successful companies that evolved with the adversary to make their CISO and cyber team just as adaptable and agile as the attacker are better equipped to approach cyberattacks in a manner that preserves data, public image, and capital.
[i] Richard Clarke, interview by Sandy Magnus, Protocol Live: A Cybersecurity Conversation with Richard Clarke, American Institute of Aeronautics and Astronautics, April 13, 2017.
[ii] Ret. US Navy CAPT. Carl Inman, former Director, Intelligence and Information Warfare, US Fleet Forces Command, conversation with author, May 18, 2017.