Northrop Grumman's J.B. "Gib" Godwin proposes new, holistic, cyber-assurance paradigm: "Electro-Magnetic Spectrum Dominance"

Speaking to attendees at the American Institute of Engineers Cybersecurity Conference East yesterday, Northrop Grumman Corporation's J.B. "Gib" Godwin, vice president for cybersecurity and systems integration for the company's Information Systems sector, insisted that a bigger, faster, smarter cyber threat leaves no room for "silver bullets" or "Lone Rangers" and proposed "a new paradigm for cyber assurance: a holistic approach to electromagnetic dominance."

To counter threats that are rapidly evolving, increasingly sophisticated, and perpetrated by a global force ranging from teenagers to state actors, Godwin called for a move away from a paradigm that is defensive, reactive, fragmented, network-focused, add-on, and improvised.

In the new paradigm, forces would "control the spectrum and use it to advance the mission." By tearing down stovepipes between services, networks and disciplines; uniting and drawing upon the full range of kinetic, non-kinetic and intelligence resources; upgrading training; and fully integrating cyber-assurance into the procurement process, Godwin maintained that cyber-assurance efforts could become predictive, holistic, coordinated and mission-focused. Stated Godwin: "It's about cooperating, collaborating and coordinating across the electromagnetic spectrum: from air to land to sea to cyberspace."

Godwin focused on the imperative of mission assurance, pointing out that, "Because it was so focused on the network, cyber assurance in the old paradigm often compromised the mission. To seal off and stop an attack, we shut down the firewall, repaired the damage and eventually reopened it, leaving our warfighters flying, sailing, and rolling blind during shutdown." The new cyber-assurance paradigm "prioritizes the mission" through "dynamic defense" that deploys redundant systems and migrates the command, control and communications (C3) functions to different pathways to ensure that C3 functions are secured 24/7 and forces can operate through a threat.

Godwin highlighted Northrop Grumman initiatives aimed at advancing the new cyber-assurance paradigm, particularly its extensive investments in a best-in-class, emulated closed-range system to identify and design approaches to get out in front of the threat. "In state-of-the-art laboratories, we're creating scenarios that define our vulnerabilities, emulate enemy attacks and develop responses ... or maybe I should say 'pre-sponses,'" he said.

The closed-range system enhances an additional key Northrop Grumman deliverable - training, which includes overview courses for non-technical staff to comprehensive courses for specialists. The system's distributed nature allows for on-site training across the US Department of Defense, the government and industry to prepare teams to anticipate the most advanced threats.

In addition, Godwin previewed Northrop Grumman's Asymmetric All-sources Analysis Against Persistent Threat (A4PT), currently undergoing testing. A4PT applies complex event processing - used in the financial world to provide real-time analysis and response in trading situations - to cyber assurance.

Source: Northrop Grumman