In The Boardroom With...

Mr. Chris Daly
Director of Business Development for Cybersecurity
General Dynamics C4 Systems
www.GDC4S.com

 

“General Dynamics C4 Systems develops and integrates communication and information systems and technology for a myriad of U.S. government programs, allied nations and select commercial customers globally. As a prime provider of “network-centric” products and systems, we seamlessly and securely connect users – from the network core to the tactical edge – with the information they need to decide and act. Our world-class capabilities create high-value, low risk solutions for use on land, at sea, in the air and in space. Based in Scottsdale, Arizona, General Dynamics C4 Systems employs over 10,000 employees worldwide and specializes in command and control, communications networking, computing and information assurance.”

For more information: http://www.gdc4s.com/documents/5-14-09-GDC4S-prf1.pdf


SecurityStockWatch.com: Thank you for joining us today, Chris. Please give us an overview of your background and your role at General Dynamics

Chris Daly: I received my first exposure to information security as a systems analyst in a government computer security lab in 1990. At that time we were just beginning to secure Internet-facing web servers, performing risk analyses of government locations worldwide and testing high assurance operating systems for use in secure areas. I later served as a security consultant to a variety of financial institutions, transportation and manufacturing companies and government agencies as they worked to link up their legacy systems to the Internet. I also did a stint as a regional director for a business continuity consulting practice before returning to the federal government market where I held different leadership positions in the security field.

I work for General Dynamics C4 Systems now which is a business unit of General Dynamics. In my role as Director of Business Development for Cybersecurity, I contribute thought leadership in the formation of various General Dynamics security offerings such as cybersecurity, cloud security,

technologies and mobile security. I also work on opportunity formation, partner ecosystem development and technical standards bodies. For example, I am currently a co-chair of the Trusted Computing Group's newly formed Trusted Mobility Solutions Work Group.

SecurityStockWatch.com: We read with great interest in your capabilities brochure (http://www.gdc4s.com/documents/GDC4S_Capabilities_Brochure_2011-06-20.pdf ) that "General Dynamics C4 Systems enables secure communication and information flow from the network, to the desktop, to the individual. We ensure secure access and integrity of stored and processed information. It's what you'd expect from a company that has been protecting all levels of information including Type 1, both domestically and abroad, for more than 40 years." Please give us an overview of the solutions General Dynamics brings to market.

Chris Daly: General Dynamics provides the personnel and electronic systems for Defense and for civilian government organization domestically and abroad. These systems actively defend government networks against external attacks and internal threats. We offer a broad portfolio of secure communications and computing solutions that range from satellite communications and ground systems supporting NASA to command and control systems for the battlefield. Our offerings span the gamut of custom built, assurance products for secure voice and data, such as our TACLANE® In-line Network Encryptors and Sectéra® vIPer™ Universal Secure Phones; to trusted cross-domain and multi-domain systems, such as our Trusted Network Environment and our Trusted Embedded Environment; to Security Management solutions. In addition, many of the solutions we offer are based on a new strategy called "COTS+." Let me provide some specific examples of what is meant by COTS+.

In the area of RF networking, General Dynamics C4 Systems is leading the Joint Tactical Radio System (JTRS) Handheld, Manpack and Small Form Fit (HMS) Team to bring secure networked voice, video and data communications to dismounted soldiers as well as vehicles and UAV's. JTRS HMS radios are built on cutting-edge Software Defined Radio (SDR) and information assurance technologies in smaller, lighter and more power efficient devices, enabling safer and more effective battlefield prosecution.

In the area of rugged, mobile computing, General Dynamics Itronix has a full range of mobile-rugged and commercial computing solutions including rugged notebooks, ultra-mobile PCs, tablets and handhelds. We offer wireless integration, DynaVue® display technology for improved outdoor-viewability and a myriad of client services. Our Tadpole® product line consists of ultra-thin clients, mobile workstations and desktop/rackmount servers. These differentiated solutions give users the flexibility to compute in secure, mobile environments.

In the area of security management infrastructure, we continue to build and deploy leading edge solutions based on a combination of COTS tools and custom capabilities for key and identity management, device integrity and software assurance. For example, we are currently leading efforts related to the establishment of platform certificates to enable trustworthy identification of endpoints - either physical or virtual machines.

These examples just scratch the surface of our COTS+ solutions, products and services. I invite your audience to find out more by visiting www.GDC4S.com and checking out our full suite of capabilities.

SecurityStockWatch.com: Are there any "new" solutions you would like to talk about?

Chris Daly: Through recent acquisitions, we are accelerating our ability to deliver a wider array of competitively-priced products based on commercial offerings for government agencies needing COTS+ secure tools.

New to the General Dynamics family, the General Dynamics C4 Systems Fortress Technologies product line delivers a high performance portfolio of COTS wireless and secure communications capabilities, based on industry-proven technology. The products and technologies are enhanced with industry-standard encryption that conforms to commercial and government security standards. Such security features enable users to meet stringent environmental standards for tactical wireless communications in austere environments for global defense, critical infrastructure and use across the enterprise.

Leveraging a self-forming, self-healing, path-optimizing mesh architecture, the General Dynamics Fortress advanced wireless network solution is optimized for rugged-outdoor, mobile, military, first responder and critical infrastructure environments, where reliable communications are a must. Today, General Dynamics Fortress infrastructure is the backbone of the DOD's largest wireless networks deployed around the globe.

Newly-released under the General Dynamics C4 Systems Fortress Technologies product line is the DS310 commercial off-the-shelf 'Suite B' encryptor for secret communication between wired or wireless devices and networks. Suite B enables a simpler process for connecting to classified networks while maintaining security. Delivered in a driverless PC card and supporting multiple layers of encryption, the DS310 meets stringent security guidelines, including those of the National Security Agency (NSA).

General Dynamics also acquired Argus Systems offering a suite of trusted Linux and Solaris-based operating systems and utilities based on the PitBull Foundation product. PitBull Foundation is a feature-rich, mature, multilevel security (MLS) software product that enhances and extends the security of Linux and Solaris operating systems and the X Window system. PitBull Foundation for RHEL 6.0 announced in earlier this year, is based on advanced trusted technology from General Dynamics and can replace or supersede SELinux functionality and mechanisms. PitBull Foundation is significantly simpler to set up, configure, and maintain than SELinux and gives higher performance than SELinux.

In use by leading financial institutions to secure their Internet-facing trading and consumer applications, PitBull Foundation is compatible with existing applications and provides significant security to both the system and to applications.

SecurityStockWatch.com: We had the pleasure of watching the General Dynamics Impact Video (http://www.gdc4s.com/video/GDC4S_2009_Impact_Video1.wmv). Please share with us your perspectives on the latest trends and best practices in achieving secure mobile communications.

Chris Daly: Securing mobile communications and mobile computing platforms are the hottest security topics today - and for good reasons. We are already seeing a steep rise in the number and diversity of malware that target mobile platforms such as spyphone apps, rootkits and man-in-the-middle proxies. This rise in malware is accompanied by an increase in remote work or telework that puts more endpoints outside of the enterprise perimeter and at greater risk for security incidents. Mobile platforms may also introduce new types of information to risk of loss or privacy breach data like your physical location, photos, contacts lists, texts, and call logs. With eWallets and mobile money applications, you also can put financial data at risk in new ways. Another emerging trend is the concept of "bring your own device" (BYOD) to work. This concept of mixing enterprise and personal usage of mobile devices will likely keep security professionals awake at night for some time to come. Among General Dynamics' top business priorities is helping customers understand the adversary and identify and repair vulnerabilities before they can be exploited.

Mobile computing has also introduced new ways to work and communicate. For example, app stores provide an amazing array of new capabilities for use on-the-fly. Other new computing and communications methods include context-aware mobile computing, self-forming mobile area networks (MANETs), Near Field Communications (NFC), adoption of WiMAX and mobile money. From a security perspective, all of these new capabilities require refinements of trust systems, protection mechanisms, and security protocols.

The good news is that mobile device management and security providers are working hard to fill the gaps, however exploit mitigation strategies still lag in the mobile space. For example, patching discovered vulnerabilities for mobile devices still takes too long. Greater adoption of existing standards and best practices is also needed. Groups and forums such as the Trusted Computing Group, the Global Platform organization, ISO TC 204 and the Mobey Forum offer trust and security specifications and best practice options for securing mobile platforms and communication. Also worthy of consideration is movement beyond permission-based systems to greater employment of separated, trusted execution controls and protections - especially when a device is used for both business and personal. In general, strong authentication, trusted identity, configurable settings, encrypted storage, compliance scanners, and secure VPNs are all key elements to extending the enterprise controls to the mobile endpoint and are on every requirements list of security professionals dealing with mobile computing and communications.

SecurityStockWatch.com: What are your key target markets and what is your perspective on the market drivers for General Dynamics' solutions at this challenging economic time?

Chris Daly: Our key markets include the government, telecommunications, health care and financial industries. Clearly, our customers across the board need to do more with smaller budgets. It's a 'perfect storm' for experienced providers who can slash the cycle time from requirements identification to fielded capability and to better leverage existing infrastructure in the delivery of capabilities. This environment demands a movement from strictly organic offering development to more agile offering frameworks based on open standards and COTS technologies. Therefore, our focus at General Dynamics has been a COTS+ approach that will enable rapid development, quick technology insertion and improved management of capabilities for our core customer sets. We are extending capability from the enterprise or the cloud to the mobile endpoint. The "plus" in our COTS+ strategy reflects our strong belief in the value of trusted technologies and trusted integrated solutions. This strong belief is one of the reasons for our continued commitment to the Trusted Computing Group, and other entities that lead the thinking on government and commercial trusted technology standards.


SecurityStockWatch.com: Are there 1 or 2 success stories or "wins" you would like to talk about?

Chris Daly: One relevant and interesting work area is mitigating insider threats. An insider threat is a person, generally an employee, ex-employee, or trusted user who uses their granted authority and privileges to gain access to information and computing resources; and, leverages this access to conduct activities intended to cause harm to an enterprise. We are currently demonstrating the integration of trusted computing-based technologies to enable network access control, trusted identity and platform integrity verification. These technologies work in conjunction with other security controls such as public key infrastructure, data loss prevention, attribute-based access control, and vulnerability scanning to provide near real-time situational awareness and mitigation of the insider threat. This extensive capability is based on a COTS+ framework and illustrates the fine-grained controls, flexibility and awareness that are achieved with an open standards approach that implements the Trusted Computing Group specifications. We are currently piloting this capability in a government solutions lab.

SecurityStockWatch.com: What resources are available for your customers and strategic partners at www.GDC4S.com ? (feel free to talk here about case studies, "white papers", literature, etc.)

Chris Daly: In addition to the informational resource available on www.GDC4S.com The General Dynamics sponsored,EDGE® Innovation Network, offers a collaborative, open-environment initiative enabling industry and academia, with government input, to work together to enhance the delivery cycle of new technologies and innovative capabilities to the military, law enforcement, first responders and others.

With more than 240 members and EDGE Innovation Centers located in the United States, Canada and the UK, each EDGE Innovation Center provides subject matter expertise, equipment, facilities and laboratories for developing and testing new technologies, products and systems at faster cycle times than are currently possible on funded programs, all the while enhancing capability effectiveness and agility.

More information about EDGE can be found here: http://www.edge-innovation.com/ I would also like to highlight our collaborative work in the area of trusted computing technologies. Specifically, as part of the NSA High Assurance Platform (HAP) Program, we are leading the effort to transition HAP trusted computing technologies to an open source model. The focus of the HAP contract has always been to provide reference implementations of TCG-based capabilities at various stages of development in order to encourage the use of trusted computing technology by commercial vendors. We are currently delivering on one of the main goals of the HAP effort by providing technology transfer to government-identified commercial vendors. This effort allows the Community to incorporate selected HAP components (e.g., Trusted Platform Module (TPM) usage, Platform Trust Services, Key Management) into their products/systems in an interoperable, standardized way using proven technology. At General Dynamics, it's our goal to incorporate protective measures into the design and operations of networks to avoid vulnerabilities.

SecurityStockWatch.com: We understand that General Dynamics is a member of the Trusted Computing Group. We had the pleasure of recently publishing an interview with TCG's President and Chairman, Dr. Joerg Borchert . Care to elaborate on General Dynamics activities with TCG?

Chris Daly: General Dynamics is proud to be a long-time Contributor member of the Trusted Computing Group (TCG). Our early involvement stems from ongoing work with government customers leading to one of the first reference implementations of TCG specifications. This pioneering reference implementation included support for several TCG specifications including Trusted Network Connect (TNC), Trusted Platform Module (TPM)-based platform integrity measurements and attestation, and the use of virtual TPMs in a virtualized commercial workstation. This capability is currently productized and supported as our Trusted Virtual Environment (TVE) offering. General Dynamics continues to participate in multiple TCG Work Groups, the latest being the Trusted Mobility Solutions (TMS) Work Group that I co-chair. The TMS WG is especially interesting to me since it focuses on how customers can take advantage of the basic TCG capability building blocks in the development of an end-to-end, trusted mobility solution. The TMS WG plans to deliver an end-to-end reference architecture, use cases, solution requirements and reference implementations for

platforms and is open for new members to participate. The TMS WG is also working closely with other TCG Work Groups and liaison members such as the Mobey Forum, to ensure that we deliver solutions that can be readily adopted and deployed.

SecurityStockWatch.com: Thanks again for joining us today, Chris. Are there any other subjects you would like to discuss?

Chris Daly: I would like to conclude by saying that system assurance practices need to adapt to the dynamic computing and communications environment. In general, system assurance principles need to have greater consideration in the early phases of requirements and design of software and system components. At the same time, the security community must make security mechanisms simpler to understand and configure. Despite many advances and good intentions in systems security, point protections continually lag behind the threats -industry must invest more in trusted technologies and a cohesive end-to-end security framework to address the increasing sophistication and impacts of threats.