ICS Cyber Convergence

On May 29, 2009, the President of the United States gave a speech on securing our nation's cyber infrastructure. Despite the fact that we were in the height the great recession at the time, the importance for cyber security prompted immediate attention and awareness by the Executive office. 

When recounting, then recent attacks that led to the need to address cyber security, President Obama remarked, “In one brazen act last year, thieves used stolen credit card information to steal millions of dollars from 130 ATM machines in 49 cities around the world -- and they did it in just 30 minutes. A single employee of an American company was convicted of stealing intellectual property reportedly worth $400 million. It's been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.”

One trillion dollars! Wow. Even if a fraction of that figure is accurate, the loss is still shocking. In reading the speech over, the one area of cyber security that the President’s points did not address is the vulnerabilities that cyber-attacks exploit, specifically within our Energy and Utilities space

Recently, I discussed how a virus in 2012 impacted two of the largest oil companies in the world.  This week, I want to dive deeper into the oil and gas sector to discuss how the integration of Information Technology (IT) and Operational Technology (OT) present one of the largest vulnerabilities for this sector.

Operational Technology is hardware and software that a company uses to monitor or control an environment. OT commonly detects, measures, and in some cases executes a change, or event, within a given physical area. Most commonly associated with physical access devices or within manufacturing, OT has increasing become integrated within the IT backbone of many organizations. This integration is most commonly associated with the introduction of network devices for remote access, and the integration of ‘off-the-shelf’ or common technologies.

By making OT live on a network, organizations are placing that intellectual property (IP) in a place that could be discoverable during a successful attack. In the oil and gas industry, OT is a conduit for much of the Intellectual Property produced. From volume, velocity and variety readings to geophysical equations, the data that flows throughout every part of an upstream, midstream, and downstream company is as varied as it is sacred to the present and future health of each organization.

The real potential danger in merging these two types of technology comes with adding off-the-shelf technology, such as desktop machines running common operating systems, with OT. In technology, we often classify IT and off-the-shelf tech as designed with confidentiality, integrity and availability (CIA) at its core. This means that IT prioritizes the protection of data before making it accessible. OT is the opposite. OT was built with Accessibility at its core, followed closely by Integrity and finally Confidentiality (AIC).   

With these two technologies seemingly at odds, you can start to understand how something as seemingly trivial as patching a desktop connected to an OT device could have negative results on the OT device itself.

The challenge in protecting IP in oil and gas is the accessibility of data crucial to the complete operation of the industry. To enhance exploration and production, for example, IP is being used not only to find new sources of oil and gas, but to reduce the non-productive time (NPT) of assets by predictive maintenance of critical components such as ESPs (electric submersible pumps). IP is even being used to help reduce the Health, Safety and Environment incidents within drilling and production, and provide end-to-end views of hydrocarbon reservoirs and advanced pattern detection.

In refining and manufacturing, IP is used to reduce the NPT of assets through the predictive maintenance of critical components such as rotary equipment. IP can also include the data used to improve asset performance management through real-time metrics across different subsystems.

IP provides the competitive advantage that sets each company part from the other in a highly-integrated industry. It also helps oil and gas companies better understand the current environment to deliver better future results.

The challenge with IP in the oil and gas sector is determining how to best keep the IP safe, yet accessible to those that need it. Industrial Defender and Lockheed Martin, its parent company, have approached this challenge by successfully combining the IT and OT landscapes. The result is a robust solution towards IT and OT security that includes people (e.g. training), the processes (e.g. policy and procedures) and the technology to address modern security challenges.


Download Chandra's Oil & Gas Industry Threat Briefing

Oil_and_Gas_Industry_Threat_Briefing_thumb  
Download Briefing
Read more

Cyber security leaders discuss intelligent defense at API conference

Of course anyone with the expertise and courage to pursue a career securing the oil industry is intelligent, but intelligence became the theme of the 9th annual American Petroleum Institute (API) Cybersecurity Conference in Houston last week.  Whether upstream, midstream or downstream, oil & gas companies heard from experts that a new era in cybersecurity is here. Perimeter defenses and firewalls no longer provide protection from APTs and the range of adversaries who target their companies’ most valuable assets and operations.

Navy_tweet

Retired Vice Admiral Michael McConnell, former NSA Director (1992-1996) kicked off the conference with a fascinating string of stories that wove tales from grandchildren to covert intelligence operations. His storytelling was engaging and his message was clear: Intelligence is a critical element of cyber-defense in an era of nation-state and advanced adversaries.

Taking a methodical approach to securing process control networks requires owner/operators to address their critical assets first and be honest about potential blind spots. Hackers only need to be right some of the time, systems defenders need to be right all of the time.

Admiral McConnell was followed by our own Chandra McMahon, former Lockheed Martin CISO and current head of the division that acquired Industrial Defender earlier this year. Chandra outlined the four foundational elements of Lockheed’s Cybersecurity program that has helped protect the United States’ largest defense contractor in the wake of a high profile attack in 2011. She walked the audience of 700+ through the components that need to be addressed:

  1. External threat intelligence
  2. Supply chain risk
  3. Insider threat management
  4. Process control network security (PCN)

Beyond exploring the elements of a growing threat landscape the keynote assured the audience "there is hope" and Lockheed Martin is proof of that.

Cyber_Kill_ChainIntelligence Driven Defense
and the Cyber Kill Chain

New Call-to-action

 

Read more

Understanding the art and science of securing your environment

Cybersecurity is a gigantic topic. It’s more than just technology. It’s a careful mixture between art and science. Understanding the mechanics behind protecting, identifying and thwarting attacks, although crucial to the science of cybersecurity, represents only one side of the coin. Knowing your enemy, understanding the sociopolitical nuances of your environment, and predicting where you’re most likely to get attacked, that’s art.

Enveloping these two sides of the coin is your knowledge of your industry; not just the cogs you make and sell, but where you sell them, how you make them and how they’re used. All these input go into creating a sound cybersecurity infrastructure.

These next several blogs are dedicated to understanding the industry aspect of cybersecurity, starting with a look at the oil and gas sector.

It’s a hot topic, these days, especially with the sociopolitical landscape in much of the world’s oil reserves. Whether it’s the terrorist organization known as the Islamic State of Syria and Iraq (ISIS) in Iraq, or the Ebola outbreak in West Africa, the unrest in much of the oil producing regions of the world is palpable. Yet our need and demand for hydrocarbons, and petrochemicals, remains unyielding.

The U.S. Energy Information Administration projects that world energy consumption will increase 56% by 2040. Much of that demand increase is driven by developing economies and by the geometric demand predicted predominately in China.

To meet this demand, oil and gas companies must do two things:

  1. Produce more from the conventional fields or use techniques to unlock newly discovered reserves and extrapolate new reserves from previously known deposits.
  2. Maintain Operational Excellence to minimize unplanned downtime, costly mistakes, and production disruption from cyber and physical threats.

Admittedly, I am not a geophysicist or geologist so I can’t provide any direction with finding oil. On the cybersecurity, front, however, I can say that the landscape looks perilous.

Depending upon who you talk to, the statistic on cyber-attacks varies on how much cyber-attacks are increasing per year. According to a recent Symantec study there was a 91 percent increase in targeted attack campaigns in 2013, which includes a 62 percent increase in the number of breaches.

A different report by IBM stated a more conservative estimate that in the United States, alone, there was an estimated 1.5 million monitored cyber-attacks in 2013. That equates to roughly a 12 percent year to year increase in security events.

Regardless of the numbers, one common trend in cybersecurity is clear, the number of attacks are going up at alarming rates. Over the past 30 years the oil and gas sector has been a victim of several attacks. One of the most famous, the Saudi Aramco attack of 2012, was aimed at stopping oil and gas production in Saudi Arabia, the biggest exporter in the Organization of the Petroleum Exporting Countries.

This attack targeted 30,000 computers and paralyzed the organization for months. However, an important lesson from the attack was the Business Continuity Planning (BCP) takeaways resulting from its aftermath. Could your organization run on paper, if it had to? Could your organization access thousands of new hard drives if it needed to replace all of its computer systems? What procedure would your employees follow and how would they know what to do?

As devastating as the attack was on Saudi Aramco, in some respects it was fortunate. The cyber-attack focused on damaging 32-bit machines leaving the 64-bit servers intact. The attack on RasGas Company Ltd. just two weeks later, included a variant of the Aramco virus augmented to infect 64-bit machines as well, making that devastation more severe.

The main takeaway from these attacks is how fast the attacks can occur, and how much faster attackers learn from their mistakes.

Next week we’ll dive further into the oil and gas sector including a look at how the integration of information and operational technologies plays a role in the cybersecurity infrastructure of this sector.


How can the Oil & Gas industry translate their disciplined approach to health, safety, and the environment (HSE) to cybersecurity?

wp-cybersecurity-oil-gasFind out how an integrated and intelligent approach to energy industry cybersecurity can help your organization move towards a more stringent application of cybersecurity.

Download the whitepaper Cybersecurity in the Oil and Gas Industry

New Call-to-Action

 

 

Read more

We are wrapping up October, which is National Cyber Security Awareness Month, so today I want to share the ways citizens can help to support and build greater cyber resiliency.  

The purpose of National Cyber Security Awareness Month is to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cyber security.  According to the Department of Homeland Security, Cyber Awareness Month aims to increase the resiliency of the nation in the event of a cyber incident.

The role of citizens is growing by leaps and bounds as it relates to thwarting and potentially curbing cyber attacks. In my mind, this role can be bolstered by the following three actions:

1. Get involved

Cyber security is about crime prevention and crime remediation. As a society, we all benefit from crime prevention when we get involved and support an effort or an organization that fights crime. Cyber security is no different. There are several groups that can benefit from our time and involvement.
Websites like Stay Safe Online, which are operated by the National Cyber Security Alliance aim to “educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting the technology individual’s use, the networks they connect to, and our shared digital assets.”

2. Become vigilant

A large portion of cyber attacks that comprise stolen intellectual property come from digital espionage. It’s not always the hacker that finds the vulnerability, but rather the co-worker or disgruntled employee that steals the company’s secrets or compromises sensitive data.
An industry that’s currently experiencing the pronounced need for cyber-vigilance is the healthcare sector. Recently a report by Reuters stated that medical records are of more value to hackers and cyber criminals than even credit cards. By being vigilant about your own data, protection and the people around you, you can prevent unnecessary  data loss.

3. Be informed

Take a more prominent role in preventing cyber security is to simply learn more about it. Keep abreast of the latest attacks and learn the statistics. For more information about the number of cyber security attacks and the studies concerning cyber security. You can learn more at Stay Safe Online.

How can you turn awareness into meaningful actions?

Read our post on how to leverage cyber security awareness to open up a dialogue about measuring risk and implementing action plans for industrial control systems environments. >

Read more

Fact: Being compliant is not being secure and being secure is not being compliant. Can electric utilities blend compliance and security objectives to leverage the same tools, people and time?

Compliance keeps you compliant. Security keeps you safe.”

Mark Weatherford of the Chertoff Group was very emphatic on this point in this month’s EnergyCentral webcast saying, “Compliance is not security. We should all have that tattooed somewhere on our body.”

Regulations and industry standards can only get you so far. They tell you “what to do” not “how to do it” and some may argue they’re not dynamic enough to adjust to the constantly changing threat. An example of compliant but not secure? Target. Target had just passed their PCI audit before announcing their breach in 2013.

So in the face of this reality, the goal for North American Electric Utilities is to find a way to leverage NERC CIP compliance to increase cyber security awareness within the industry while still managing their compliance programs – and it’s not without its challenges.

Challenges of compliance:

  • Understanding the standards
  • Reconciling regulation revisions in the least disruptive way to operations
  • Documentation in an ever-changing environment
  • Applying security programs within compliance guidelines
  • Implementing vendors that deliver on their promise
  • Becoming so absorbed in regulatory compliance that you stop focusing on security.

Organizations historically place more importance on compliance because of the very tangible consequences of non-compliance leaving IT managers within the ICS looking for ways to leverage resources to implement more stingent security measures within the context of compliance guidleines.

Sam Sciacca, Senior Director of IEEE-SA, expounded on where NERC CIP touches on cyber security, "Technology and compartmentalization can be very effective in locking out external threats but unintentional events are much harder to prevent and require procedural controls in addition to technology."

Challenges of cyber security:

  • Configuration Errors:
    – Devices are more multifunctional and more complex
    – Many “hands” touching the same device (SCADA, protection, local control/operation)
    – Firmware and configuration software updates 
    – Centralized configuration management is not universal
  • Procedural Errors:
    – Failure to review configuration and programming changes (field tweaks) 
    – Making configuration changes from the wrong starting point (file-wise) 
    – Failure to notify other operational elements when configuration and/or maintenance activities being undertaken

Register to watch the webcast for a deep-dive discussion with industry experts on:

  1. How are compliance challenges affecting ICS resource allocation today
  2. How is NERC CIP addressing the unique cyber security concerns of industrial control systems
  3. How a top U.S. utility is tackling the above challenges while keeping an eye on operational integrity across their complete supply chain to:
    • Automate and improve efficiency in providing evidence
    • Improve evidence with real-time monitoring details and on-demand queries
    • Create quality reports that won’t be questioned by the auditors
    • Produce a synched evidence package after a project completed
    • Go beyond CIP regulations and manage assets across the supply chain for security and operations on non-CIP assets  

Register to watch on-demand: 

Navigating-play

 

Read more

This month marks the 10th anniversary of National Cyber Security Month in the U.S. and DHS.gov is dedicating the third week of the month to awareness on the topic of cyber security as it relates to critical infrastructure and the internet of things. This month is a great opportunity to raise awareness on the importance of cyber security with your customers, your employees and your boards. 

Just a decade ago cyber security was mainly a concern of bankers, not critical infrastructure operators! Today, critical infrastructure cyber security has become a focus for industrial control system asset operators, compliance regulators and company board rooms.  

What’s changed? The threat landscape. Threat actors have expanded beyond individual hackers and organized crime syndicates to nation-state actors, terrorists, and political activists. Attack vectors and attack campaign methodologies (think APTs) have matured, morphed and proliferated. 

According to a study by ABI Research the global oil industry is expected to spend $1.87 billion by 2018 in cybersecurity. It’s no wonder a recent report published by the IIA Research Foundation found that 58% of all board members want to be involved cyber security preparedness. 

No matter the risk factors the unique challenge for ICS remains the samemeasuring cyber security risks across an organization’s disparate asset base, heterogeneous systems and hard to reach (often antiquated) end-points and then communicating that risk to key decision makers. For electric utilities in particular we see a trend that cyber security program efforts are often eclipsed by immediate compliance mandates tied to more tangible and inevitable non-compliance penalties. And while compliance to regulations is undeniably important, it doesn’t guarantee security. (Watch the full webcast; Navigating the Crossroads of Compliance and Security)


Tattoo this somewhere: Being compliant does not make you secure”.
– Mark Weatherford on Navigating the Crossroads of Compliance and Security 

Without situational awareness within both the OT operations and IT systems, measuring, communicating and effectively mitigating cyber security is nearly impossible.  

How can you turn awareness into meaningful actions?

  1. Find ways to share resources to elevate the cyber security conversation within your organization
  2. Leverage centralized reporting tools for both transparency and trend analysis for increased situational awareness
  3. Partner with organizations dedicated to developing purpose built solutions to combat ever-evolving threats

Having tracked the trending needs of utilities and energy companies we intend to continue our commitment for the next ten years by arming our customers with solutions to move beyond cyber security awareness into action.


How can the Oil & Gas industry translate their disciplined approach to health, safety, and the environment (HSE) to cybersecurity?

cybersecurity_oil_and_gas_thumbFind out how an integrated and intelligent approach to energy industry cybersecurity can help your organization move towards a more stringent application of cybersecurity.

Download the whitepaper Cybersecurity in the Oil and Gas Industry

 

  New Call-to-Action

Read more

SANS European ICS Security Summit: Field Report

Don’t even think about ICS cyber security if you don’t first know what assets and software you have running in the ICS. You can’t start to assess your risk, if you don’t know what you have running.” 
– Ralph Langner, SANS EMEA ICS Summit

There’s an intensifying sense of urgency to protect critical infrastructure from cyber threats perpetrated by an accumulating cast of threat actors amid percolating geo-political crisis.  While SANS is known for training security professionals in both IT and OT security, their summits tend to attract thought leaders rather than practitioners and this year’s European SANS ICS Security Summit was no exception. Hosted by Mike Assante with a speaker lineup that included leaders from CERT-EU, ENCS, ABB, Rockwell, Siemens, as well as leading experts such as Ralph Langner, Jonathan Pollett – to name a few – there was no shortage of experts taking the podium.

zero_day_attack_museum

What struck me was the common thread topic focused on the need for asset and configuration management as a starting point for handling the realities and difficulties of managing risks to control environments. As Europeans seriously consider how to practically manage the complexity and interconnectivity of a mish mash of both antiquated and modern operational systems technologies, one thing is obvious, you can’t protect anything until you know what you have in your environments.  Ralph Langner (famed Stuxnet analyst @langnergroup) said it best, “Don’t even try risk management until you have asset management.”

He was preaching to the choir. The Lockheed Martin Industrial Defender Solutions team has come to that same conclusion and what’s more – we’ve developed a solution to meet the niche needs of ICS cyber asset management. It was all I could do to not jump out of my seat and say, “Yes, we know that too and we’ve built something to help!” Needless to say, that would have gotten me ejected by the fine folks at SANS who don’t want to subject their summits to over-zealous ICS security marketers.

Bottom line – if you want to track asset inventory, asset configuration details and asset baseline configuration changes – and you do, consider Industrial Defender ASM for automated data collection, searchable asset detail functionality for always-current asset info. See it for yourself!

The demo below takes less than 2 minutes, and it just might help you with automating the first step in an improved approach to ICS cyber security.


SANS Top 20 Critial Controls adapted for the unique needs of industrial control systems

20_Control_Implementation_Guide_thumbThe US State Department in conjunction with the SANS Institute has previously demonstrated more than 94% reduction in "measured" security risk through the rigorous automation and measurement of the Top 20 Critical Controls.

Find out what this mean for your unique control systems environment.

New Call-to-Action

Read more

All-day Industrial Defender ASM workshop in Amsterdam a success with European customers.

Lockheed Martin Industrial Defender conducted an all-day workshop on September 23 in Amsterdam, Netherlands with our European Technical Advisory Council (TAC). The purpose of the European TAC conference, comprising of a select group of our European customers, was to gather feedback from customers on Industrial Defender solutions with a focus on understanding the pain points in their operations and how Industrial Defender solutions can help. We shared the Lockheed Martin Industrial Defender Solutions product roadmap and moderated the free exchange of ideas amongst the customers on supporting security and compliance for Industrial Control Systems (ICS) in Europe and beyond.

We covered a lot of ground during the day starting with an in-depth demonstration of the recently released ASM v6.0. The feedback during the demo was very positive. The ASM solution was developed with a lot of input from North American customers and it was very encouraging to hear that our European customers can benefit from these product enhancements as well including work automation, asset security role, policy management and network baselines.

The rest of the day was broken up into a detailed discussion on a wide range of topics concerning ICS security, change management and compliance. Event management and system monitoring was a key topic. The discussion centered on existing and possible new workflows for analysts to deal with large numbers of events.

ASM v6.0 has a much improved policy management application that comes standard with policies based on NIST, NEI and NERC-CIP. Customers appreciated how this would help their internal compliance programs and would like to see policy libraries for IEC 62443 and CPNI.

Intrusion detection forms a big part of the security program in any critical infrastructure facility and it’s no different for our European TAC customers. The Industrial Defender Solutions team has strengthened the IDS solution with the network baselines feature set in the Industrial Defender NIDS v6.0. Baselining the network and tracking changes to the baseline can be done centrally via the file baseline feature at the Industrial Defender ASM level. The Industrial Defender NIDS product line will be further improved over the short and medium term to incorporate more central management from the Industrial Defender ASM.

The Lockheed Martin Industrial Defender Solutions team was very enthused by the participation and feedback from the European TAC. It was gratifying to hear that the investments we have made in the product were the right ones, which has made the solution more usable and valuable. We appreciate the input from the TAC and will continue to engage with them in various forums – both virtually and face to face. We hope to see them all at next year’s European TAC. 

Read more

The Shellshock vulnerability has put most of the operational technology (OT) world into a state of panic. Especially, it has been very confusing to OT operators in the critical infrastructure industries on how to deal with it. Here is a step-by-step process on what the OT operators can do to get a handle on the vulnerability.

The Steps

  1. Find out which machines in my asset base have bash
  2. Find out which bash versions on machines where bash is installed
  3. Find out whether the assets are critical, whether the vulnerability is exploitable on the assets
  4. Create workflow for patching the vulnerability
  5. Enable technologies to check for active exploitations on the bug

Find all machines where there is a bash installed. Search for the software: 
On nix machines, bash software is installed under several names, bash-i386, bashx86–64 etc. If your software has wildcard search or auto suggest features (such as Industrial Defender ASM™), and as you type bash, all the software that has the words ba will be displayed.shelhshock1

Create a policy to find out all versions of bash software:
Instead of searching, if the software allows to write a policy, the users should use the policy expression capability to check for policy deviations on bash.

shellshock2

The following is an example of how ASM users can check for machines which have any version of bash

Finding out whether the machines have a specific version of software:
OT operators can use policies to find out specific versions of bash running in OT environments.

The users can use the below policy on ASM to find out whether the machines have been fixed to a specific versions.

ASM users can check for machines having not only vulnerable versions of bash software but also to check whether they have been patched to non-vulnerable version of bash as well.

shellshock3

Finding out whether the vulnerability is actively being exploited: 
Snort has published signatures that alert on CGI scripts trying to exploit bash. Industrial Defender posted signatures for customers on Sep 29 to the Support Site.

The following is a screenshot from ID NIDS product detecting the attack.shellshock4

Just because an asset has bash that is vulnerable, it does not mean that it’s exploitable. It is exploitable only when the shell is exposed to applications through CGI or SSH scripts.



Read more

The cloud might not be raining on industrial control rooms anytime soon, but IT departments in critical infrastructure industries will want the cost advantages and flexibility offered by cloud computing in all its forms. As IT and OT collaborate on projects to secure industrial control systems environments, cloud security will be an emerging topic. 

The complexity between hybrid clouds introduces a new paradigm of vulnerabilities from a cybersecurity-standpoint.A hybrid cloud is a consolidation of a private cloud and a public cloud. The reason for their growing popularity stems from their ability to offer multiple deployment models at once.

Gartner predicts that globally, almost half of all large enterprises will have deployed hybrid clouds by the end of 2017. That means we are in a defining moment wherein companies will begin planning to move away from private into hybrid clouds.

The challenge, though, is how to interconnect multiple clouds to work as a seamless whole. You don’t want a cloud for e-mail, another one for content management and development, and yet another for collaboration; especially if the clouds lack the capability to interact with one another. More importantly, the complexity between hybrid clouds introduces a new paradigm of cybersecurity vulnerabilities. But with a careful implementation of standards concerning how to perform governance and implement IT systems to protect data, securing the hybrid cloud becomes possible.

Establish industry-specific and federal security controls

The energy and utilities industry have The North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) controls, the financial sector has the Payment Card Industry (PCI) standards and the healthcare industry has to comply with security guidelines laid out in the Health Insurance Portability and Accountability Act (HIPAA).

We provide a set of cloud-specific controls and baseline security measures from the Federal Risk and Authorization Management Program, the federal government’s security accreditation program for cloud services and providers. FedRAMP standardizes the approach to security assessment, authorization and continuous monitoring for cloud products and services with a “do once, use many times” framework that is expected to reduce the cost, time and staff required to conduct agency security assessments of cloud solutions.

Our Solutions as a Service Secure Community Cloud or SolaS -- which consists of a community, private and hybrid cloud -- is built to meet the government’s Federal Information System Management Act (FISMA) security guidelines at the Moderate Security Level and FedRAMP certification. SolaS received the FedRAMP Joint Authorization Board’s provisional authorization to operate, which is the most rigorous approval, and involves a thorough review by chief information officers of the General Services Administration, and Homeland Security and Defense departments.

As a cybersecurity company, Lockheed Martin not only meets the FedRAMP requirements but has also layered in specific security controls developed by the company.

stat_gartner

We are working with companies in the energy, finance, healthcare and education sectors to identify similar baselines they can use to deploy trusted cloud services within their domain space.

I believe we will start to see a more significant adoption of the hybrid cloud as the industry-specific controls and the government-specific controls are extended to the cloud. At this point, commercial entities can start to consume each other’s cloud services in a more trusting environment, and in a manner similar to the way agencies share data with FedRAMP.

At Lockheed Martin our approach towards the hybrid cloud and security is in lock-step with the bottom line in the commercial space - to understand how to use, secure and bundle services across multiple environments and make it seamless to their customers.

                                   

Read more