When it comes to protecting critical national infrastructure, it doesn’t get much more high-profile than the White House. Faced with a cyber ‘incident’ that penetrated the unclassified network of former US President Barack Obama, tech giant Leidos had to quickly assess the damage, and throw a ring of digital steel around the leader of the free world. Eight years down the track and the security layer that they developed is still in place, quietly doing its job, affirms Tom Prunier, chief technology officer for Leidos UK.
Prunier, who started life in the United States Marine Corps before joining law enforcement, and ended teaching FBI agents how to investigate cybercrime, says: “I can’t really go into specifics, but it was a nation state incident. We went in and provided a service and now we run the security operations centre for the president.” Prunier adds that the impact of the infiltration “wasn’t good” but it allowed for improvements to be made, and the longer-term consequences have positioned Leidos as one of the global forerunners of security operation centre capabilities.
As ransomware continues to dominate the cybersecurity landscape in 2022, with targets large and small falling prey to organised criminal hacking groups, the conversation is shifting more and more towards the security operations centre model, as a way and means of protecting organisations from online harms.
So, what does that look like, and how do you address the budgetary concerns for organisations, especially in the public sector, who maybe struggle to make the financial case for investing in 24/7 security?
Prunier says: “Within the UK what I’ve noticed is that the requirements, in terms of what customers want, is increasingly driven by protective monitoring. So, what I’m really focusing on is trying to develop a streamlined solution that’s easily deployable, provides excellent coverage and visibility from a protective standpoint but also is cost effective and repeatable. The other part of that is getting to the point where you can share a lot of these threat vectors and the things you see with other colleagues, other programmes and other customers. It builds that country-wide defensive posture.”
In the US, Leidos cybersecurity products adhere to National Institute of Standards and Technology (NIST) and Risk Management Framework (RMF) standards, and for the most part, despite differing data regulations, they translate well into the UK, says Prunier. People, process and technology is the mantra that drives the company’s approach to software development, and even though automation is increasingly being introduced into security information and event management (SIEM) platforms, it is the combination which remains key.
“It’s got to be balance between people and process and that’s what I’ve always felt makes for a complete set of defence measures,” says Prunier. “You want to automate as much as you can but there’s still that human aspect that goes beyond the artificial intelligence and automation where they’re looking for specific things.
“For instance, when we were setting up the SOC we allowed the analysts a lot of latitude for what they felt was there niche whether it be outbound traffic or inbound traffic and let them really create their defensive mechanisms and dashboards that help enhance the overall process.”
And there are exciting plans for the organisation ahead. “With ransomware we’re actually starting communications with some smaller companies that have come up with some interesting avenues defending against or stopping ransomware. We can implement that not only in our monitoring but also in our automated processes that will allow us to stop and protect against many types of ransomware. We’re just starting that conversation but it’s something that we want to integrate into our package offering. The really exciting thing is it’s being offered at a price point that really targets smaller organisations to keep the costs really low and allow them to benefit from it.”
