by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : February 2013
Full 10 question interview online at: fcw.com/2013Cybersecurity As a former director of the Defense Information Systems Agency, Charles Croom understands the gravity of today's cybersecurity threats. But Croom, now Vice President of Cyber Security Solutions at Lockheed Martin, believes that emerging approaches to cybersecurity, such as intelligence-driven defense, offer federal agencies their best hope yet at protecting mission-critical systems and data. Lockheed Martin on Cybersecurity QFor years, federal cybersecurity efforts have been shaped, at least in part, by the requirements of the Federal Information Security Management Act (FISMA). How do agencies balance the need for compliance with the demands of meeting evolving security threats? AFISMA initially focused on annual written audits. We are rightfully moving away from that to continuous auditing. That is much better in terms of getting real information in somewhat real-time into a situational awareness tool that actually gives the [cybersecurity expert] information on how he's doing. It allows one to get a level of performance that they have never really had before under the older FISMA requirement. I'm a believer in automating and supporting continuous auditing to a set of standards. But I think many of us in this business believe it's insuf cient. It takes care of maybe 80 percent of the work -- it helps you lock the doors and the front windows. But for the most sophisticated threat you need to go beyond compliance. You need to dive into intelligence- driven defense capabilities -- developing what Lockheed Martin calls the Cyber Kill Chain. And you need to hire the right talent, very strong [cybersecurity] intelligence analysts who can create processes that go well beyond just a set of compliance criteria. QGovernment agencies nd themselves dealing with more and more advanced persistent threats. What kind of changes does this require in their cybersecurity posture? AWith advanced persistent threats, we used to believe that the adversary always had the advantage: The defender had to get it right every time, but the adversary just once. But we believe the aggressor has no inherent advantage today. That's because we have now dealt with them for a decade and so we are becoming a lot more familiar with them. Yes, they are growing in sophistication, but their persistence is actually their weakness. Because they are persistent, they exhibit behavior and patterns that allow us to anticipate and predict intrusions. We now [recognize] that they have a series of seven steps that they must take in a sequential pattern before they can steal intellectual property or degrade the network -- and we have built capabilities around each one of these seven steps. We call it the Lockheed Martin Cyber Kill ChainTM. If you stop them at all seven steps, they will have to change their entire mode of attacking you. And this is a game of economics: They want to be fast and ef cient. They don't want to take a lot of time doing this. So we have really put barriers in the Charles Croom, Vice President of Cyber Security Solutions Sponsored Content