How NERC CIP v5 is igniting a more collaborative approach to critical infrastructure cyber security 

The recent EnergySec Security Summit in Austin, TX offered a SANS Institute course on NERC CIP readiness. The Lockheed Martin Industrial Defender Solutions team attended the 4-day event including the SANS curriculum. There were many a great sound bite that caught our attention and sparked conversation. Here are some of our favorites:


What do these summit sound bites mean for ICS management?

Read more

One emotion few of my peers experience is the feeling of walking into a room and being the only woman - and it didn't matter whether I was visiting a Security Operations Center (SOC), attending a Chief Information Security Forum or meeting with Information Security leaders in various industries. Meeting after meeting and at all levels, I have concluded that the low numbers of women and minorities working within cybersecurity and across the IT discipline is a concern from a personal standpoint and a business risk that I feel few recognize.

The cybersecurity industry continues to grow at an incredible rate. A recent study by the organization Women in Cybersecurity found that security professionals worldwide are expected to increase to nearly 4.2 million by 2015. Although women hold 56 percent of all professional jobs in the U.S. workforce, only 25% of all IT jobs are held by women (

Having diversity drives the intelligence-driven acumen behind an effective cybersecurity infrastructure."

Read more

Defending against advanced persistent threats

Why Lockheed Martin Industrial Defender Solutions is the best team to defend critical infrastructures and champion cyber security

Quick - what do you think of when I say "Lockheed Martin"?


Of course you do! Over the past 100 years Lockheed Martin has built a global reputation on the backs of high profile defense contracts. But Lockheed Martin offers more defense than you may have realized. Perhaps one of the best kept secrets that's not a secret after all is Lockheed Martin also delivers commercial cyber security business solutions to critical infrastructures among the Fortune 500; 79% of utilities, 35% of oil & gas and 46% of chemical processing.

In a recent visit to the Global Vision Center in Arlington, VA I toured the facility's 100 Moments exhibit. From witnessing Amelia Earhart's records (plural), to Air Force One, to the International Space Station solar array panels - the Lockheed Martin mark has proven to be a symbol of innovation. The centennial mission, "Helping the Future Arrive" includes tackling the challenges faced by critical infrastructures.

To that end, Lockheed Martin combines the intel analytic capabilities provided to the Department of Defense for decades with available technology to bring something unique and different to critical infrastructure markets including electric utilities, oil & gas and chemical processing.

Read more

As a global security company and as a member of the cyber defense community, Lockheed Martin joins their competitors and colleagues on a weekly basis to share relevant intelligence that can help all parties better protect the interests of the critical infrastructures they serve.

The critical systems and networks of our customers come under attack every day. And every day we continue to safeguard some of the most sensitive information and mission-critical systems in the world. Lockheed Martin’s Computer Incident Response Team has created an intelligence-driven defense process, Cyber Kill Chain®, which allows cyber security professionals to proactively remediate and mitigate advanced threats in the future.

There are seven steps every Advanced Persistent Threat (APT) and attacker must take to accomplish their mission.

Read more

The expanded use of mobile technology could potentially create havoc in the right hands, especially when acquiring passwords and sensitive information for espionage."

Last week, we talked about how cyber security is like Chess. In order to be effective, you have to prepare and anticipate your opponent’s moves and styles of attack before they happen. Today we will look at the other side of the cyber coin: attackers. What future capabilities do we think they will have, and what can we do to start preparing for them?

Read more

Cyber security is like Chess. You have to prepare and anticipate your opponent’s moves and styles of attack before they happen. The more moves and scenarios you can plan for in the future, the stronger your security will be, and the greater your chance of success.

Like Chess, effective cyber security is also about making assumptions on present trends and looking back at the past to anticipate the future. But unlike Chess, your tools and technologies constantly evolve for you and those seeking to harm your networks. In 20 years, a pawn will still be a pawn, but continuous monitoring or incident response will look and feel completely different. In some possible scenarios, they may not even exist anymore.

There are three futuristic capabilities that can change the way companies address defending their networks and Intellectual Property (IP).

Read more

Industrial Defender solutions were built with automation in mind, including but not limited to the automation of collecting and alerting on cybersecurity events, enforcing policies, and monitoring changes within the industrial control systems environment to strengthen an organization's cybersecurity posture and improve situational awareness. The latest version of this industry-leading technology stays true to the objective and delivers timely answers to real-world industrial control systems customer concerns.

July 24th marked the debut webcast showcasing the latest Industrial Defender ASM v6 platform capabilities. Policy management enhancements, work automation suite and FleetView additions to the products already robust cybersecurity, compliance and change management applications. This post documents the live twitter feed that captured key presentation points as well as the question and answer portion of the program. Peruse the highlights for an overview of how Industrial Defender ASM v6 can assist you with your next ICS project!

Read more

Field Report from Nuclear Information Technology Strategic Leadership (NITSL) 2014 Event

A group of technically astute and remarkably humble nuclear cybersecurity engineers and thought leaders convened in Dallas last week to consider the substantial challenges to securing the nuclear power plants scattered throughout the U.S.

Read more

One of the most common terms in any large organization is Risk Management. Risk Management has grown from a vertical role shared by multiple organizational executives into a separate horizontal practice in which a series of professionals can often dedicate entire careers. But what exactly is Risk Management? What is IT Risk Management? What is a Risk Management Framework? And why is it a vital component of an effective cyber security platform? For me, Risk Management is a rigorous business discipline that if applied and communicated correctly can ensure a business continues to achieve a strategy for profitable growth. It’s also the language of executives and one that cyber security executives should be extremely well versed in.

Originating as a business discipline, risk management is the process of understanding what could possibly impact your company in a negative way, and having an action plan for each possible threat. Risk Management is about mapping and understanding the likelihood of these financial threats to your organization in a manner that looks at probability and severity.

Read more

Today we are proud to announce a new chapter in our Industrial Defender ASM solution, ASM v6.0. Version 6.0 is a culmination of many of our dreams, aspirations and efforts of the past 3 years. It’s not only been a fun journey to make an industry-defining product in the ICS market but it’s also a passionate mission to help that brave and over-worked plant manager wearing several hats outside his primary job; that compliance manager trying to maintain hundreds of spreadsheet based compliance documents; that fleet manager responsible for compliance, health and welfare of several plants; that IT lead on OT systems who is trying to grapple with getting data from a 20 yr. old PLC. We worked with each of those different users to carefully develop the solution to meet their needs.

With 6.0, we completed the goal to be that one tool an OT operator needs. Our product is the most complete and comprehensive in the market to help with the security, compliance, operations and change management aspects of an OT environment, whether it’s a generation plant, an EMS system, a substation, a refinery, a water treatment plant or a chemical plant.

Read more