• Home

  • Technology

  • Holistic approach to cybersecurity being engineered by maryland companies 8-13
2
Reprinted with permission from The Business Monthly, Inc. August 2013 Holistic Approach to Cybersecurity: Being Engineered By Maryland Companies By George Berkheimer, SENIOR WRITER A trio of Maryland compa- nies has combined their comple- mentary focuses to develop one of the first holistic approaches to cybersecurity in the nation. Established in May, cy- ber-oriented alliance combines the construction expertise of Wilhelm Commercial Builders (WCB) of Annapolis Junction, the privacy-boosting window coatings and monitoring sensors of Owings Mills-based Signals Defenses (SD) and the vulner- ability assessment capabilities of KCI Protection Technologies (KCI), headquartered in Sparks. With that mixture of skill sets, the associated companies are ably positioned to not only identify the weak spots in any given business’s physical and network security precautions, but also to engineer and build the solution. Targeting both existing fa- cilities and new construction projects, the partners assert they can handle anything from shield- ing a small conference room to hardening entire multi-story buildings against electronic in- trusion. In cybersecurity jargon, this new defense concept is called a Secure Work Environment (SWE), said WCB CEO Wayne Wilhelm, and its benefits are obvious. “The threats that we are facing from the use and demand of progressive technology is staggering, and the world is not becoming a safer place anytime soon,” Wilhelm said. “It is our mission to help [clients] … pre- serve the integrity of information and provide the proper counter- measures to secure privacy of information in the workplace.” Understanding and Adapting Wilhelm’s general contract- ing company boasts more than 20 years of experience providing construction services to commer- cial and government customers at the classified and unclassified levels, which include Sensitive Compartmented Information Fa- cilities (SCIFs) and Tempest-cer- tified projects. “Partnering with [SD and KCI] provides the additional resources and technology nec- essary to produce a turn-key ap- proach … by providing consult- ing services, protective products and monitoring and detection systems to ensure protection at all threat levels,” he said. At the Howard County Chamber of Commerce’s Cy- ber 4.01 conference in June, representatives from the three companies conducted a presen- tation that spelled out just how vulnerable most businesses are, even to some decidedly low-tech forms of intrusion. “A sufficiently determined, not necessarily well-funded adversary can gain access into almost any organization,” said KCI President John Fannin. More common ploys include bugs planted inside buildings by people posing as contractors, vendors and employees; laser lis- tening and recording devices that can convert window vibrations back into clear speech; and even simple photography of exposed documents through a window from the parking lot. KCI’s red-teaming efforts — attempts to gain malicious entry into a client company’s physical and cyber assets with permis- sion from its leadership cadre to validate its security program effectiveness — consistently succeed in finding ways to breach security. Vulnerability assessments like these make up the core of an effective security program, Fannin said. “They can help companies understand, anticipate and adapt.” What Haystack? Among the solutions SD offers are optically-clear film coatings that make windows resistant to radio frequency and infrared exploitation, and are even blast-resistant in some cas- es. Additionally, the company is currently working out the life- cycle support components of its new SD Gabriel system, which is scheduled to hit the market in the coming weeks. The low-cost, real-time mon- itoring system uses high-quality radio frequency (RF) sensors whose affordability, until re- cently, was limited to federal government and military clients with deep pockets. “This will be a real differ- entiator in the marketplace … costing on the order of magnitude of seven times less than current technology,” said Tom Jones, director of SD’s Secure Work Environment Services division. “We built a demonstration SWE facility where we plan to begin on-site demonstrations for po- tential clients in late July.” Used in combination with construction techniques that reduce the RF energy infiltrating or emanating from a building, the sensors can easily identify and defend against attacks using clandestine technology such as laser microphones and even hard-to-detect frequency-hop- ping bugs. “We’ve got to control the RF battlefield,” said Ron Waranows- ki, managing director at SD. “You can’t economically do Tempest any more, you have to do the next best thing. When you build a SWE, you cut the weeds down and the threat sticks out quickly.” Game Changer Hospitality, banking and manufacturing businesses have Continued on pg. 2

Holistic approach to cybersecurity being engineered by maryland companies 8-13

Embed Size (px)

Citation preview

Page 1: Holistic approach to cybersecurity being engineered by maryland companies 8-13

Reprinted with permission from The Business Monthly, Inc.

August 2013

Holistic Approach to Cybersecurity:Being Engineered By Maryland CompaniesBy George Berkheimer, Senior Writer

A trio of Maryland compa-nies has combined their comple-mentary focuses to develop one of the first holistic approaches to cybersecurity in the nation. Established in May, cy-ber-oriented alliance combines the construction expertise of Wilhelm Commercial Builders (WCB) of Annapolis Junction, the privacy-boosting window coatings and monitoring sensors of Owings Mills-based Signals Defenses (SD) and the vulner-ability assessment capabilities of KCI Protection Technologies (KCI), headquartered in Sparks. With that mixture of skill sets, the associated companies are ably positioned to not only identify the weak spots in any given business’s physical and network security precautions, but also to engineer and build the solution. Targeting both existing fa-cilities and new construction projects, the partners assert they can handle anything from shield-ing a small conference room to hardening entire multi-story buildings against electronic in-trusion. In cybersecurity jargon, this new defense concept is called a Secure Work Environment (SWE), said WCB CEO Wayne Wilhelm, and its benefits are obvious. “The threats that we are

facing from the use and demand of progressive technology is staggering, and the world is not becoming a safer place anytime soon,” Wilhelm said. “It is our mission to help [clients] … pre-serve the integrity of information and provide the proper counter-measures to secure privacy of information in the workplace.”

Understanding and Adapting Wilhelm’s general contract-ing company boasts more than 20 years of experience providing construction services to commer-cial and government customers at the classified and unclassified levels, which include Sensitive Compartmented Information Fa-cilities (SCIFs) and Tempest-cer-tified projects. “Partnering with [SD and KCI] provides the additional resources and technology nec-essary to produce a turn-key ap-proach … by providing consult-ing services, protective products and monitoring and detection systems to ensure protection at all threat levels,” he said. At the Howard County Chamber of Commerce’s Cy-ber 4.01 conference in June, representatives from the three companies conducted a presen-tation that spelled out just how vulnerable most businesses are, even to some decidedly low-tech forms of intrusion. “A sufficiently determined,

not necessarily well-funded adversary can gain access into almost any organization,” said KCI President John Fannin. More common ploys include bugs planted inside buildings by people posing as contractors, vendors and employees; laser lis-tening and recording devices that can convert window vibrations back into clear speech; and even simple photography of exposed documents through a window from the parking lot. KCI’s red-teaming efforts — attempts to gain malicious entry into a client company’s physical and cyber assets with permis-sion from its leadership cadre to validate its security program effectiveness — consistently succeed in finding ways to breach security. Vulnerability assessments like these make up the core of an effective security program, Fannin said. “They can help companies understand, anticipate and adapt.”

What Haystack? Among the solutions SD offers are optically-clear film coatings that make windows resistant to radio frequency and infrared exploitation, and are even blast-resistant in some cas-es. Additionally, the company is currently working out the life-cycle support components of its new SD Gabriel system, which is scheduled to hit the market in

the coming weeks. The low-cost, real-time mon-itoring system uses high-quality radio frequency (RF) sensors whose affordability, until re-cently, was limited to federal government and military clients with deep pockets. “This will be a real differ-entiator in the marketplace … costing on the order of magnitude of seven times less than current technology,” said Tom Jones, director of SD’s Secure Work Environment Services division. “We built a demonstration SWE facility where we plan to begin on-site demonstrations for po-tential clients in late July.” Used in combination with construction techniques that reduce the RF energy infiltrating or emanating from a building, the sensors can easily identify and defend against attacks using clandestine technology such as laser microphones and even hard-to-detect frequency-hop-ping bugs. “We’ve got to control the RF battlefield,” said Ron Waranows-ki, managing director at SD. “You can’t economically do Tempest any more, you have to do the next best thing. When you build a SWE, you cut the weeds down and the threat sticks out quickly.”

Game Changer Hospitality, banking and manufacturing businesses have

Continued on pg. 2

Page 2: Holistic approach to cybersecurity being engineered by maryland companies 8-13

Reprinted with permission from The Business Monthly, Inc.

August 2013

Holistic Approach to Cybersecurity:Being Engineered By Maryland Companies

want to be held hostage.” As businesses warm to the SWE concept, Jones said the team of companies is typically seeing requests to turn confer-ence rooms into soft SCIFs at the moment, but anticipates the demand for more robust projects will grow soon. “We’ve met with some sig-nificant Fortune 100 companies, and 10 companies are doing beta testing with our technology now,” Wilhelm said. “This is really the beginning of some

incredible stuff. We’re set up to be international in scope, and in two years we’re anticipating increased revenues of more than $20 million annually because of this opportunity.” Part of the trio’s appeal, Fannin said, is its ability to offer clients whatever level of service and product they want, or can afford, ranging from just an assessment up to a full-design, turn-key SWE. “Some companies just want to know what they can do to

improve their layers of protec-tion, and we can provide them with a prioritized list,” Fannin said, adding that every client has different thresholds of need and may find some risks acceptable. “Real-time monitoring is the big game changer,” Wilhelm said. “With Tempest, nobody knew what was happening in between accreditation cycles unless they were doing periodic bug sweeps. Now they can have 24/7 coverage if they want it.”

Continued from pg. 1

long been targets of corporate espionage techniques, and legal and accounting firms are equally at risk, said Jones. “A growing number of other businesses have expressed ex-treme interest in getting these types of technology and defense deployed in their environments,” he said. “It’s been estimated that corporations lose between $200 and $250 billion in intellectual property each year. They don’t


Holistic Cybersecurity for Industrial IoT Applications

Holistic Cybersecurity for Industrial IoT Applications

Documents
A HOLISTIC GRADUATE BUSINESS INFORMATION …...Cybersecurity is the strategic (mission focused and risk optimized) management of information technology and systems, which maximizes

A HOLISTIC GRADUATE BUSINESS INFORMATION …...Cybersecurity is the strategic (mission focused and risk optimized) management of information technology and systems, which maximizes

Documents
Holistic Grazing Planning and Reciprocal grazing ...vsf-international.org/wp...Holistic-management-and... · Introduction to the Holistic Management Approach Holistic Management Planned

Holistic Grazing Planning and Reciprocal grazing ...vsf-international.org/wp...Holistic-management-and... · Introduction to the Holistic Management Approach Holistic Management Planned

Documents
Engineered Solutions for Engineered Buildings

Engineered Solutions for Engineered Buildings

Documents
Critical Cybersecurity Questions Cybersecurity... · Critical Cybersecurity Questions 1 • How do you measure successful cybersecurity efforts? • Who is accountable for cybersecurity?

Critical Cybersecurity Questions Cybersecurity... · Critical Cybersecurity Questions 1 • How do you measure successful cybersecurity efforts? • Who is accountable for cybersecurity?

Documents
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq

Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq

Internet
Cisco CyberSecurity Institute › c › dam › m › de_ch › cybersecurity... · Cisco CyberSecurity Institute Cisco CyberSecurity Institute Förderung der Cybersicherheitsexperten/-innen

Cisco CyberSecurity Institute › c › dam › m › de_ch › cybersecurity... · Cisco CyberSecurity Institute Cisco CyberSecurity Institute Förderung der Cybersicherheitsexperten/-innen

Documents
AVIATION CYBERSECURITY - Atlantic Council · 1.3.3 Safety, security, enterprise cybersecurity, and aviation cybersecurity Where aviation cybersecurity crosses the traditional elements

AVIATION CYBERSECURITY - Atlantic Council · 1.3.3 Safety, security, enterprise cybersecurity, and aviation cybersecurity Where aviation cybersecurity crosses the traditional elements

Documents
How secure is your network? · IEC 62443 or NIST Cybersecurity framework. To avoid damages and downtime from cyberthreats, it’s important to implement a holistic approach addressing

How secure is your network? · IEC 62443 or NIST Cybersecurity framework. To avoid damages and downtime from cyberthreats, it’s important to implement a holistic approach addressing

Documents
EnginEErEd CUSTOM ENGINEErED SOLUTiOnS

EnginEErEd CUSTOM ENGINEErED SOLUTiOnS

Documents
Holistic View of Industrial Control Cybersecurity · 2016-09-21 · o ICS Capable o SCADA HoneyNet Project ... o Advanced Persistent Threats (APTs) o Advanced Evasion Techniques (AETs)

Holistic View of Industrial Control Cybersecurity · 2016-09-21 · o ICS Capable o SCADA HoneyNet Project ... o Advanced Persistent Threats (APTs) o Advanced Evasion Techniques (AETs)

Documents
EMERGING TECHNOLOGIES IN CYBERSECURITY · EMERGING TECHNOLOGIES IN CYBERSECURITY | Randall Lewis 1 EMERGING TECHNOLOGIES IN CYBERSECURITY ... Cybersecurity and Cybersecurity Technologies

EMERGING TECHNOLOGIES IN CYBERSECURITY · EMERGING TECHNOLOGIES IN CYBERSECURITY | Randall Lewis 1 EMERGING TECHNOLOGIES IN CYBERSECURITY ... Cybersecurity and Cybersecurity Technologies

Documents
Cybersecurity Test and Evaluation Process Sponsored Documents/Cybersecurity... · Program Office Implementation Plan must include cybersecurity ... – Ensures cybersecurity is part

Cybersecurity Test and Evaluation Process Sponsored Documents/Cybersecurity... · Program Office Implementation Plan must include cybersecurity ... – Ensures cybersecurity is part

Documents
Cybersecurity 5 improving cybersecurity

Cybersecurity 5 improving cybersecurity

Technology
HOLISTIC NATURAL HEALTH & HEALING & HOLISTIC NUTRITION ... · HOLISTIC NATURAL HEALTH & HEALING & HOLISTIC NUTRITION & SPORTS NUTRITION We offer a highly sophisticated Sports Certification

HOLISTIC NATURAL HEALTH & HEALING & HOLISTIC NUTRITION ... · HOLISTIC NATURAL HEALTH & HEALING & HOLISTIC NUTRITION & SPORTS NUTRITION We offer a highly sophisticated Sports Certification

Documents
Holistic Competency Requirements of the Position - … Holistic Job... · Contextualised Competency Mapping (CCM) Holistic Competency Requirements of the Position ... Holistic Competency

Holistic Competency Requirements of the Position - … Holistic Job... · Contextualised Competency Mapping (CCM) Holistic Competency Requirements of the Position ... Holistic Competency

Documents
Achieving Holistic Cybersecurity: 2016 Progress Reportcdn.govexec.com/media/gbc/docs/gbc_dell_cyber_relaunch_report_v11.pdf · agencies are racing to implement proactive, holistic

Achieving Holistic Cybersecurity: 2016 Progress Reportcdn.govexec.com/media/gbc/docs/gbc_dell_cyber_relaunch_report_v11.pdf · agencies are racing to implement proactive, holistic

Documents
Holistic Cybersecurity for Industrial IoT Applications · This paper, authored and presented by Cisco Systems and Rockwell Automation, will provide an overview of a holistic IIoT

Holistic Cybersecurity for Industrial IoT Applications · This paper, authored and presented by Cisco Systems and Rockwell Automation, will provide an overview of a holistic IIoT

Documents
A holistic Security Approach for the connected Car€¦ · Vector Cybersecurity Sympopsioum 2019 - A holistic approach on security for the connected car Author: Thierry Maudire -

A holistic Security Approach for the connected Car€¦ · Vector Cybersecurity Sympopsioum 2019 - A holistic approach on security for the connected car Author: Thierry Maudire -

Documents
Engineered Cybersecurity Chess Master Projectveracity.io/wp-content/uploads/2017/07/DoE_Poster-Chessmaster.pdf · Engineered Cybersecurity Chess Master Project Operational Technology

Engineered Cybersecurity Chess Master Projectveracity.io/wp-content/uploads/2017/07/DoE_Poster-Chessmaster.pdf · Engineered Cybersecurity Chess Master Project Operational Technology

Documents
Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs

Holistic View of Industrial Control Cybersecurity - …secure360.org/.../Holistic-View-of-Industrial-Control-Cybersecurity... · o Distributed Control System ... PLC vs. RTU o RTUs

Documents
Engineered Cybersecurity Chess Master Project - … · Engineered Cybersecurity Chess Master Project Operational Technology (OT) Software-Defined Networking (SDN) Solution IDENTIFY

Engineered Cybersecurity Chess Master Project - … · Engineered Cybersecurity Chess Master Project Operational Technology (OT) Software-Defined Networking (SDN) Solution IDENTIFY

Documents
GET TO KNOW: BDO’s Cybersecurity&€¦ · 3 GET TO KNOW: BDO’S CYBERSECURITY SERVICES Our Value Proposition BDO’s cybersecurity leadership, expertise and holistic approach to

GET TO KNOW: BDO’s Cybersecurity&€¦ · 3 GET TO KNOW: BDO’S CYBERSECURITY SERVICES Our Value Proposition BDO’s cybersecurity leadership, expertise and holistic approach to

Documents
BEYOND THE SOC AS A DETECTION CENTER: HOLISTIC CYBERSECURITY … · 2018-05-17 · Beyond technology, we see the cybersecurity operations roles and responsibilities significantly

BEYOND THE SOC AS A DETECTION CENTER: HOLISTIC CYBERSECURITY … · 2018-05-17 · Beyond technology, we see the cybersecurity operations roles and responsibilities significantly

Documents
Industry 4.0 and cybersecurity white paper · 2020. 8. 27. · Addressing cyber risks in manufacturing requires a holistic solution With digital factories and a digitally connected

Industry 4.0 and cybersecurity white paper · 2020. 8. 27. · Addressing cyber risks in manufacturing requires a holistic solution With digital factories and a digitally connected

Documents
Holistic Education for Holistic Behaviourweb.univ-pau.fr › ~bricage › slidesplanches › HSSengineering... · 2011-05-28 · Holistic!Education!for!Holistic!Behaviour ENGINEERING

Holistic Education for Holistic Behaviourweb.univ-pau.fr › ~bricage › slidesplanches › HSSengineering... · 2011-05-28 · Holistic!Education!for!Holistic!Behaviour ENGINEERING

Documents
A DETERMINISTIC APPROACH FOR CYBERSECURITY … · A roadmap for cybersecurity investments can create long-term strategic value, if approached with a holistic mindset. Depending on

A DETERMINISTIC APPROACH FOR CYBERSECURITY … · A roadmap for cybersecurity investments can create long-term strategic value, if approached with a holistic mindset. Depending on

Documents
Beyond Technology: Developing a Holistic Approach to Cybersecurity

Beyond Technology: Developing a Holistic Approach to Cybersecurity

Technology
Holistic Approach to Engineered, Diversion-Aided …€¦ · 7⅝” × 9⅝” Liner Hanger X-over 5½” × 4½” No-Go ocator Seal Unit nd ealbor xtension Reducin dapter 4½”

Holistic Approach to Engineered, Diversion-Aided …€¦ · 7⅝” × 9⅝” Liner Hanger X-over 5½” × 4½” No-Go ocator Seal Unit nd ealbor xtension Reducin dapter 4½”

Documents
Marine Cyber Risk Management A Top-Down Holistic Approachaapa.files.cms-plus.com/2019Seminars/Security/HC...What is Cybersecurity Capability Maturity? Cybersecurity Capability Maturity

Marine Cyber Risk Management A Top-Down Holistic Approachaapa.files.cms-plus.com/2019Seminars/Security/HC...What is Cybersecurity Capability Maturity? Cybersecurity Capability Maturity

Documents