Some of our nation’s most critical systems are facing increasingly complex and dangerous threats as hackers grow more sophisticated and even the smallest vulnerabilities leave organizations exposed.
Executive Mosaic sat down with Matt Heideman, president and general manager of Xage Security Government, to take a closer look at the most urgent threats facing our networks and better understand where we should be focusing our efforts. Heideman was recently elevated to his current post from his previous position as vice president of Xage’s U.S. federal business.
Read below for Heideman’s full Executive Spotlight interview.
What’s your outlook on the global defense landscape? What significant changes or trends are you seeing, and how are those factors moving the GovCon industry market?
The global defense landscape faces many challenges. Adversary groups, cybercrime organizations and nation states are using advanced ransomware and other rapidly evolving tactics, techniques and procedures to attack critical infrastructure industries and all kinds of other targets, both governmental and private. There’s a lot of concern about what’s going on in Ukraine and the INDOPACOM theater right now as threats from Russia and China heat up. These global geopolitical events and relationships have enormous impact on the cyber threat landscape and therefore on the need to accelerate adoption of more advanced cybersecurity technologies. That is driving a lot of urgency in the GovCon industry market.
We do quite a bit of work in the space domain, which is experiencing serious challenges and is highly threatened right now. Coordinating secure data exchange across space-based and ground-based infrastructure is incredibly important for our national security. Attacks against space-based infrastructure could impact things as critical as the Global Positioning System, which underpins an enormous amount of economic activity as well as strategic defense operations; we have to figure out how to protect it.
The biggest change in the market is that cybersecurity is taking a complete shift, and it’s no longer good enough to just do monitoring and assessments. You can’t just detect threats, alert someone to them and hope to be successful, as adversary tactics, techniques and procedures have proven to circumvent these today’s standard security measures and allow adversaries to stay one step ahead of todays’ defenses. We have to protect and prevent our critical infrastructure and mission systems from being attacked. We need solutions that can provide prevention not just identification, monitor and incident response.
What is the biggest threat facing U.S. cyber systems today, and what is being done to protect against that threat?
The biggest threat is from attackers targeting critical infrastructure and operational mission systems. What if our adversaries came in and started taking out our power grids or nuclear power plants, shutting down our banking systems or causing major impacts to our ability to defend ourselves? The Cybersecurity and Infrastructure Security Agency has identified 16 critical infrastructure industries, all of which need major improvements in cybersecurity, since they represent a valuable target for cyberattackers motivated by either profit or geopolitical aims.
With everything that CISA is trying to address in the 16 domains that they’ve identified, there are some critical key points that could put all of our systems at risk. Components like satellites and communications are critical mission systems that we use every single day just to do basic logistics in our country — our entire infrastructure is managed by global positioning systems, so if adversaries take that out, then our entire supply chain is gone. It’s a very serious concern right now.
Can you talk about how cybersecurity has impacted or changed the national security paradigm?
There is increased acknowledgement that cyberattacks on strategic targets have a major impact on national security, and that investing in cybersecurity is a national security issue. By putting cybersecurity at the forefront of the national security conversation, what we’re doing is giving investment channels the opportunities to invest in innovative technologies and capabilities and look differently at both cybersecurity challenges and broader national security issues. The traditional cybersecurity approach has been network focused, driven by the technologies used by information technology systems both in the government and private sectors.
Critical infrastructure, mission systems and mission operations have been an afterthought because there has been an assumption that a lot of these systems were not connected to a network or secure via network segmentation or isolation. Well, that’s not true. In the past, critical infrastructure and mission assets might have been cut off from the internet by an air gap, but this technology is getting more and more connected as global operations require real-time data sharing to coordinate across large, complex interconnected systems of assets.
There’s a rapid proliferation of edge devices and Internet of Things devices that have connectivity capability, which makes them potential conduits for attackers to get into central policy management systems and giving threat actors complete access into sensitive systems. None of those edge devices these days are being locked down, so edge device security is a critical aspect that needs to be looked at as part of any cybersecurity strategy.
What emerging technologies do you anticipate will have the greatest impact on our standing in the great power competition in the next few years? Where are you seeing opportunities for accelerated, meaningful tech growth for the U.S.?
As we strive to re-define cyber security parameters that allow for operations at the tactical edge, prevention solutions will be a critical piece. Across every sector, it is crucial to be able to not just detect attacks, but prevent them in the first place, and to be able to ensure that your data is trustworthy and free from manipulation. This is important because data is what we use to make all of our decisions these days. Making real-time decisions across globally coordinated systems requires a high-integrity, high-availability system for assuring that the data is valid and has not been tampered with. I think blockchain (a distributed ledger technology) will be a key emerging technology for security.
Blockchain/distributed ledger is being given a closer research and development look and is finally seeing some high value use cases that are ready to take to market. Blockchain has been around since around 2008, but it hasn’t necessarily been used in the applications that we’re looking at from a cybersecurity perspective until now. I think that people have been fearful to give it a go. But as our strategic systems become more and more distributed, and as the number of IoT mission sensors at the edge expands, distributed ledger will become more and more appealing, even necessary, for assuring the reliability of data that is used for all sorts of decision making.