Lockheed Martin Acquires Cybersecurity Firm Industrial Defender

Iris Scans: Security Technology In Action

Lockheed Martin has expanded its cyber-security portfolio with the acquisition of Industrial Defender, a provider of cybersecurity products and services for critical infrastructure in the oil and gas, utility, and chemical industries.

The acquisition signals a shift in direction for the nation's largest defense contractor (based on a ranking by Washington Technology of government contracting revenues). The company plans to take its knowledge of securing government IT systems and apply it to critical infrastructure industries. Lockheed Martin's chair and CEO Marillyn Hewson called the acquisition "a natural extension of our commercial cybersecurity business [that] complements our information technology cybersecurity expertise."

Industrial Defender specializes in addressing cyber threats to technology used in operating industrial and chemical plants and in managing pipelines. The company's Automation Systems Manager provides a unified view into security, compliance, and change management activities across control systems. In addition to security, Industrial Defender offers products that enable IT-like visibility, monitoring, patch, configuration, and asset management for control systems.

[The Army's desktop-as-a-service plan gains cred at Pentagon in step to improve security. Read Army Expands Virtual Desktop Program.]

Lockheed Martin still derives most of its business from the Department of Defense and federal government agencies. Industrial Defender provides its technology to more than 400 companies in 25 countries. The acquisition, however, gives Lockheed's federal customers a fuller suite of services, a spokesperson for the company said.

The increasing complexity of cyber threats has raised significant concerns on the part of the Obama administration regarding the need to protect critical infrastructure in the US, including banking systems, communications and transportation networks, chemical plants, energy providers, and other vital industries.

In February the White House released the first version of its cybersecurity framework for privately owned critical infrastructure, a catalog of industry best practices and standards that companies can follow when developing better security programs. While the framework offers guidance to a broad range of companies in different industries, it leaves the choices of technology up to the user in addressing each category of risk management.

The framework stems from an executive order issued by President Obama last year. President Obama stressed the importance of strengthening the cybersecurity of critical infrastructure by "jointly developing and implementing" the framework. The executive order also instructed federal agencies to produce unclassified reports of threats to US companies and expanded the Enhanced Cybersecurity Services program to enable timely sharing of cyber threat information with critical infrastructure companies.

There were more than 48,000 cyber incidents involving government systems that agencies detected and reported to the Department of Homeland Security (DHS) in fiscal year 2012, according to a February 4 report published by Senator Tom Coburn (R-Okla.).

"Over more than a decade, the federal government has struggled to implement a mandate to protect its own IT systems from malicious attacks," Coburn said in the report. "As we move forward on this national strategy to boost the cybersecurity of our nation's critical infrastructure, we cannot overlook the critical roles played by many government operations, and the dangerous vulnerabilities which persist in their information systems."

Cyber-criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Read our Advanced Attacks Demand New Defenses report today. (Free registration required.)