By Geoff Fein
Northrop Grumman [NOC] has opened a new cyber security operations center (CSOC) in Maryland to focus on protecting its networks and data as well as those of its customers worldwide.
Because of the company’s extensive relationships with the government, Northrop Grumman’s networks are targets for attack, Linda Mills, president information systems and corporate lead executive for cyber, told reporters at a briefing yesterday in Washington, D.C.
"More than 1.5 billion cyber transactions a day occur on our network of over 10,000 servers, used by our…120,000 employees. So it’s not surprising that our systems are common targets for phishing attacks," she said.
To better defend itself against cyber intrusions, phishing and outright attacks, Northrop Grumman built CSOC. Mills said it is "a comprehensive cyber threat and decision response center that focuses on protecting Northrop Grumman and translating lessons learned to our customers’ network and data worldwide.
"At CSOC we integrate transitional security monitoring with data collection analysis," she added.
CSOC mitigates advanced cyber threats in a way that goes far beyond what commercial security software can do, Mills noted.
The lessons we learned from operating CSOC yield best practices we can then deliver to our customer," she said. "CSOC contributed to Northrop Grumman being selected to develop and mange similar CSOCs, or equivalent, for federal departments and agencies, and we are working internationally to create CSOCs abroad."
A number of defense companies as well as network security firms have developed their own cyber security centers, raising the question of whether there needs to be so many facilities. Mills said the number of centers reflects the complexity and scope of the challenge the country is facing in regard to cyber security.
Mills added she expects the government and industry will work together as the federal agencies look to incorporate cyber security language into contracts.
"I am sure the government, as they normally do, will be working with industry to ensure our comments and thoughts are reflected in what ever evolves," she said. "Like any new government policy there are always engagement and interaction with industry…[it] doesn’t represent concerns per se."
It is more about making sure industry understands what the intent of the language…what the wording implies, Mills added.
The 6,300 square foot CSOC is staffed around the clock, and provides security monitoring for the company’s 105,000 clients.
According to Northrop Grumman, CSOC incident handlers respond to suspected security incidents: computer forensic examiners collect and analyze evidence from digital media; a technical team develops and deploys solutions and systems used within the CSOC; intelligence operators analyze and report on internal and external threats; and computer network defense experts design and develop security capabilities that can identify advanced threats. Many of these internal capabilities are even replicated in Northrop Grumman’s external delivery as the Tier One security provider to multiple government agencies.