Lockheed Martin: How to Lock Down a Wireless NetBy David F. Carr | Posted 2005-12-13 Email Print
Lockheed Martin couldn't allow hackers to see critical data on its wireless network. The answer: an intrusion detection system to pinpoint and repel attacks.
Jasyn Voshell remembers the white van. It had a "high-gain antenna. Just like you see in the movies."
Voshell, who had been a network security manager for Lockheed Martin's Aeronautics division, points out the spot where he saw the van, outside Lockheed Martin's fighter-jet factory on the outskirts of Fort Worth, Texas. The van's occupants were using a powerful radio beam to knock computers off Lockheed Martin's wireless network. It was a nuisance, a denial-of-service attack, although it could have been a prelude to something more serious.
But the attackers never got the chance to go further. The factory's wireless intrusion detection system alerted Voshell that someone was messing with his network. Minutes later, a Lockheed Martin security guard tapped on the window of the white van. The driver "knew he was busted," Voshell says. But before he could drive away, the guard yanked the door open, threw the man to the ground and put a gun to his head.
"They were doing other stuff, too, which I can't talk about," Voshell tells a journalist during a visit in May, leaving unclear who was attacking his network and why. He recalls the incident, however, as "my favorite thing to have happened at Lockheed Martin, ever."
Given its critical work on military aircraft, including the new F-35 Joint Strike Fighter as well as the established F-16, Lockheed Martin is an attractive target for hackers, plus actual spies and terrorists. Voshellthe architect of the wireless security plan that covers more than 100 buildings at facilities in Texas, Georgia and Californiais paid to be paranoid. Though the plan he implemented remains in place, Voshell left in November for an information security job with Textron.
During his stint at Lockheed Martin, Voshell put a lot of time and effort into defining the technologies and procedures that would allow the company to take advantage of the convenience and portability of wireless computing without compromising on security. Among other things, that meant finding ways to detect attacks on the wireless network and, just as important, detect when wireless equipment within the plant is configured incorrectly.
In addition to deploying a wireless intrusion detection system from AirDefense of Alpharetta, Ga., the company had to define policies and procedures on how to respond to a wireless security incident.
The white-van episode was an extreme case, of course. "We don't always take out guns and pull people out of cars," Voshell says, reassuringly. But by developing standard action plans for common types of incidents, he hopes to ensure appropriate, and consistent, responses.
The AirDefense system has picked up attacks from downtown Fort Worth, more than 10 miles away, but there are also potential threats within the plant. On a tour of the facility, Voshell points out a United Arab Emirates jet and a U.S. Air Force fighter receiving finishing touches in adjacent hangars. Foreign nationals with contracts to buy U.S. military equipment are allowed to check out the merchandise, for example, but information on other projects at the plant is off limits to them. Boeing, a defense industry competitor, may have personnel on site because of joint ventures with Lockheed Martin. And since, increasingly, the laptops these guests bring with them have wireless networking capability, Voshell needs to be able to detect and shut down any misuse of that capability.