Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Holistic approach to cybersecurity being engineered by maryland companies 8-13
1. Reprinted with permission from
The Business Monthly, Inc.
August 2013
Holistic Approach to Cybersecurity:
Being Engineered By Maryland Companies
By George Berkheimer, Senior
Writer
A trio of Maryland compa-
nies has combined their comple-
mentary focuses to develop one
of the first holistic approaches to
cybersecurity in the nation.
Established in May, cy-
ber-oriented alliance combines
the construction expertise of
Wilhelm Commercial Builders
(WCB) of Annapolis Junction,
the privacy-boosting window
coatings and monitoring sensors
of Owings Mills-based Signals
Defenses (SD) and the vulner-
ability assessment capabilities
of KCI Protection Technologies
(KCI), headquartered in Sparks.
With that mixture of skill
sets, the associated companies
are ably positioned to not only
identify the weak spots in any
given business’s physical and
network security precautions,
but also to engineer and build the
solution.
Targeting both existing fa-
cilities and new construction
projects, the partners assert they
can handle anything from shield-
ing a small conference room
to hardening entire multi-story
buildings against electronic in-
trusion.
In cybersecurity jargon, this
new defense concept is called
a Secure Work Environment
(SWE), said WCB CEO Wayne
Wilhelm, and its benefits are
obvious.
“The threats that we are
facing from the use and demand
of progressive technology is
staggering, and the world is not
becoming a safer place anytime
soon,” Wilhelm said. “It is our
mission to help [clients] … pre-
serve the integrity of information
and provide the proper counter-
measures to secure privacy of
information in the workplace.”
Understanding and
Adapting
Wilhelm’s general contract-
ing company boasts more than
20 years of experience providing
construction services to commer-
cial and government customers
at the classified and unclassified
levels, which include Sensitive
Compartmented Information Fa-
cilities (SCIFs) and Tempest-cer-
tified projects.
“Partnering with [SD and
KCI] provides the additional
resources and technology nec-
essary to produce a turn-key ap-
proach … by providing consult-
ing services, protective products
and monitoring and detection
systems to ensure protection at
all threat levels,” he said.
At the Howard County
Chamber of Commerce’s Cy-
ber 4.01 conference in June,
representatives from the three
companies conducted a presen-
tation that spelled out just how
vulnerable most businesses are,
even to some decidedly low-tech
forms of intrusion.
“A sufficiently determined,
not necessarily well-funded
adversary can gain access into
almost any organization,” said
KCI President John Fannin.
More common ploys include
bugs planted inside buildings by
people posing as contractors,
vendors and employees; laser lis-
tening and recording devices that
can convert window vibrations
back into clear speech; and even
simple photography of exposed
documents through a window
from the parking lot.
KCI’s red-teaming efforts —
attempts to gain malicious entry
into a client company’s physical
and cyber assets with permis-
sion from its leadership cadre
to validate its security program
effectiveness — consistently
succeed in finding ways to breach
security.
Vulnerability assessments
like these make up the core of
an effective security program,
Fannin said. “They can help
companies understand, anticipate
and adapt.”
What Haystack?
Among the solutions SD
offers are optically-clear film
coatings that make windows
resistant to radio frequency and
infrared exploitation, and are
even blast-resistant in some cas-
es.
Additionally, the company
is currently working out the life-
cycle support components of its
new SD Gabriel system, which
is scheduled to hit the market in
the coming weeks.
The low-cost, real-time mon-
itoring system uses high-quality
radio frequency (RF) sensors
whose affordability, until re-
cently, was limited to federal
government and military clients
with deep pockets.
“This will be a real differ-
entiator in the marketplace …
costing on the order of magnitude
of seven times less than current
technology,” said Tom Jones,
director of SD’s Secure Work
Environment Services division.
“We built a demonstration SWE
facility where we plan to begin
on-site demonstrations for po-
tential clients in late July.”
Used in combination with
construction techniques that
reduce the RF energy infiltrating
or emanating from a building,
the sensors can easily identify
and defend against attacks using
clandestine technology such
as laser microphones and even
hard-to-detect frequency-hop-
ping bugs.
“We’ve got to control the RF
battlefield,” said Ron Waranows-
ki, managing director at SD.
“You can’t economically do
Tempest any more, you have to
do the next best thing. When you
build a SWE, you cut the weeds
down and the threat sticks out
quickly.”
Game Changer
Hospitality, banking and
manufacturing businesses have
Continued on pg. 2
2. Reprinted with permission from
The Business Monthly, Inc.
August 2013
Holistic Approach to Cybersecurity:
Being Engineered By Maryland Companies
want to be held hostage.”
As businesses warm to the
SWE concept, Jones said the
team of companies is typically
seeing requests to turn confer-
ence rooms into soft SCIFs at
the moment, but anticipates the
demand for more robust projects
will grow soon.
“We’ve met with some sig-
nificant Fortune 100 companies,
and 10 companies are doing
beta testing with our technology
now,” Wilhelm said. “This is
really the beginning of some
incredible stuff. We’re set up to
be international in scope, and
in two years we’re anticipating
increased revenues of more than
$20 million annually because of
this opportunity.”
Part of the trio’s appeal,
Fannin said, is its ability to offer
clients whatever level of service
and product they want, or can
afford, ranging from just an
assessment up to a full-design,
turn-key SWE.
“Some companies just want
to know what they can do to
improve their layers of protec-
tion, and we can provide them
with a prioritized list,” Fannin
said, adding that every client has
different thresholds of need and
may find some risks acceptable.
“Real-time monitoring is
the big game changer,” Wilhelm
said. “With Tempest, nobody
knew what was happening in
between accreditation cycles
unless they were doing periodic
bug sweeps. Now they can have
24/7 coverage if they want it.”
Continued from pg. 1
long been targets of corporate
espionage techniques, and legal
and accounting firms are equally
at risk, said Jones.
“A growing number of other
businesses have expressed ex-
treme interest in getting these
types of technology and defense
deployed in their environments,”
he said. “It’s been estimated that
corporations lose between $200
and $250 billion in intellectual
property each year. They don’t