Lockheed-Martin: A Case Study
Since 1912 Lockheed-Martin was a concept derived from Glenn Martin with the design of his first airplane in collaboration with the founder of Alco Hydro-Aeroplane Company Malcolm Lockheed (Our History, 2017). The merger between Martin and Lockheed formed the well-known aerospace company Lockheed-Aircraft Company which is currently Lockheed-Martin. However, Lockheed-Martin evolved into a contractor for the U.S. defense in technology and security. Thus, making them extremely vulnerable to outside cyber-attacks and novice 'hackers.' Unfortunately, by 2011 a cyber-attack and Lockheed targeted the company reported no damage to the security. Nonetheless, they sent ninety-thousand employees replacement ID's (Kallegburg, 2015; Lockheed Martin
…show more content…
Hit by Unspecified Cyber Incident, 2011). Therefore, Lockheed-Martin neglected to implement proactive cyber-security procedures and methodologies to support its cryptosystem and SecurID. The cyber-attack to Lockheed-Martin began as a simple a phishing email; document sent to a small number of users to infiltrate the system (Choi, Y., Choi, D., Lee & Ha, 2016).
That is, either an email or malware document corrupted the system allowing the keylogger access to credentials, data, information and company assets. In this way, the cyber-attack violated the core tenets of cyber-security system focus on what's crucial, move key assets out of band, and detect/react/adapt (Hughes & Cybenko, 2014). Meaning the methodology to control the occurrence failed to lead to less focus on improving the security of the system with different procedures. Thereby, it questions Lockheed-Martin's motive with retaining the cryptosystem and …show more content…
SecurID. One reason that that Lockheed-Martin caused their susceptibility to a cyber-attack is that the accessibility was too easy with impeccable capability. For instance, in March of 2011 RSA, the company that supplied security tokens to Lockheed-Martin fell victim to a cyber-attack due to a phishing Excel file which created malware affecting the Adobe Flash giving the perpetrator access to company information (Choi, Y., Choi, D., Lee & Ha, 2016). Thus, Lockheed-Martin had two months to access the probability or a corrective plan of action to prevent the cyber-attack from occurring. Hence, the security token with the SecurID was effortless to break utilizing the seed value to calculate the number of the key fob to the key value which displayed the date and time. Afterwards the capability precise by writing a program that computes every stolen seed value and that the number would not show the date/time it then recorded the victim's logins (Case Studies, 2012). Because Lockheed-Martin failed to establish preventive measures or specific step methodologies it made the company accessible to unwanted cyber-attacks. Although, cyber-attacks are increasingly common with new advances in technology that makes it easy to pass through encrypted data and networks. Only several weeks after the cyber-attack of Lockheed-Martin Sony Corp led to a breach of one hundred million accounts, names, and addresses of consumers and employees (Lockheed Martin Hit by Unspecified Cyber Incident, 2011).
Since then companies began to become more aware of the problems associated with computer and security. Only in 2013, the Utah government reported twenty-million cyber-attacks each day, so it suggests that there are trillions of cyber-attacks worldwide (Millions of Cyber Attacks Each Day, 2015). So, the steps that companies take are an organizational framework with new operations towards employee education, organizational policies, IT and network advisors to limit access as a job-related function (Trim & Yam-Im, 2010). Meaning education combined with limiting the number of people having full access to everything decreases the chance of a cyber-attack and with the security of an IT specialist proactively monitoring the system. For example, Lockheed-Martin's cyber-kill chain that stops the stages of malware by reconnaissance, weaponization, delivery, exploit, installation, command & control, and actions (Mattern, Felker, Borum, & Bamford, 2014). Although, many companies have taken steps and precautions towards thwarting cyber-attack violators of computer and security still manage to infiltrate systems. That is due to companies failing to change current methodologies to compensate for the advancement of technology and more
'hackers.' The first thing a company must consider is eliminating the SecurID and cryptosystem and replacing it with a decryption key or symmetric cryptosystem that is private. In other words, all employees may collaborate but privately to authorized members and password identification to prove the receiver's identity. Also, transferred links without site key leaving an intercept of data nearly impossible. Moreover, procedural wise avoiding system susceptibilities, threat accessibility, and threat capability with firewall protection, spyware, deleting former employees I.D. number and changing the password and resets to primary programs monthly. Lastly, verify the credentials of every employee that way it limits links sent to the wrong recipient.
Hit by Unspecified Cyber Incident, 2011). Therefore, Lockheed-Martin neglected to implement proactive cyber-security procedures and methodologies to support its cryptosystem and SecurID. The cyber-attack to Lockheed-Martin began as a simple a phishing email; document sent to a small number of users to infiltrate the system (Choi, Y., Choi, D., Lee & Ha, 2016).
That is, either an email or malware document corrupted the system allowing the keylogger access to credentials, data, information and company assets. In this way, the cyber-attack violated the core tenets of cyber-security system focus on what's crucial, move key assets out of band, and detect/react/adapt (Hughes & Cybenko, 2014). Meaning the methodology to control the occurrence failed to lead to less focus on improving the security of the system with different procedures. Thereby, it questions Lockheed-Martin's motive with retaining the cryptosystem and …show more content…
SecurID. One reason that that Lockheed-Martin caused their susceptibility to a cyber-attack is that the accessibility was too easy with impeccable capability. For instance, in March of 2011 RSA, the company that supplied security tokens to Lockheed-Martin fell victim to a cyber-attack due to a phishing Excel file which created malware affecting the Adobe Flash giving the perpetrator access to company information (Choi, Y., Choi, D., Lee & Ha, 2016). Thus, Lockheed-Martin had two months to access the probability or a corrective plan of action to prevent the cyber-attack from occurring. Hence, the security token with the SecurID was effortless to break utilizing the seed value to calculate the number of the key fob to the key value which displayed the date and time. Afterwards the capability precise by writing a program that computes every stolen seed value and that the number would not show the date/time it then recorded the victim's logins (Case Studies, 2012). Because Lockheed-Martin failed to establish preventive measures or specific step methodologies it made the company accessible to unwanted cyber-attacks. Although, cyber-attacks are increasingly common with new advances in technology that makes it easy to pass through encrypted data and networks. Only several weeks after the cyber-attack of Lockheed-Martin Sony Corp led to a breach of one hundred million accounts, names, and addresses of consumers and employees (Lockheed Martin Hit by Unspecified Cyber Incident, 2011).
Since then companies began to become more aware of the problems associated with computer and security. Only in 2013, the Utah government reported twenty-million cyber-attacks each day, so it suggests that there are trillions of cyber-attacks worldwide (Millions of Cyber Attacks Each Day, 2015). So, the steps that companies take are an organizational framework with new operations towards employee education, organizational policies, IT and network advisors to limit access as a job-related function (Trim & Yam-Im, 2010). Meaning education combined with limiting the number of people having full access to everything decreases the chance of a cyber-attack and with the security of an IT specialist proactively monitoring the system. For example, Lockheed-Martin's cyber-kill chain that stops the stages of malware by reconnaissance, weaponization, delivery, exploit, installation, command & control, and actions (Mattern, Felker, Borum, & Bamford, 2014). Although, many companies have taken steps and precautions towards thwarting cyber-attack violators of computer and security still manage to infiltrate systems. That is due to companies failing to change current methodologies to compensate for the advancement of technology and more
'hackers.' The first thing a company must consider is eliminating the SecurID and cryptosystem and replacing it with a decryption key or symmetric cryptosystem that is private. In other words, all employees may collaborate but privately to authorized members and password identification to prove the receiver's identity. Also, transferred links without site key leaving an intercept of data nearly impossible. Moreover, procedural wise avoiding system susceptibilities, threat accessibility, and threat capability with firewall protection, spyware, deleting former employees I.D. number and changing the password and resets to primary programs monthly. Lastly, verify the credentials of every employee that way it limits links sent to the wrong recipient.