Reflection of person working at a computer.

Sensitive Data and Intellectual Property


Objective

Protect company and supplier proprietary information to reduce the likelihood of data fraud, loss, sabotage and theft.

Management

As we expand data sharing and collaborative capabilities in our products and services, they become targets for increasingly sophisticated cyber adversaries. Our information technology (IT) systems and company information are routinely targeted by hacktivists, cyber criminals, insider threats, nation-state actors and advanced persistent threats. With thousands of our scientists and engineers developing cutting edge and patented products and services, the health of our business and mission success depends on protecting our employee information, intellectual property (IP) and customer sensitive data.

Lockheed Martin maintains an enterprise ISO 27001 certification that undergoes annual surveillance auditing and recertification every three years. In 2020, the annual ISO 27001 Surveillance Audit of the Lockheed Martin Enterprise Information Technology (EIT) focused on several Continental United States and International sites and locations across the corporation. The audit was successfully completed with zero findings.

The Classified Business and Security Committee of our Board of Directors reviews the Lockheed Martin procedures for maintaining data and information security for our customers and our own business operations. Employee privacy and data protection is managed by three business functions. The Corporate Information Security (CIS) team detects cyber intrusion risks and devises technical defenses. The Counterintelligence Operations and Corporate Investigations (CO/CI) team works with federal agencies to understand and mitigate external intelligence threats and identifies and investigates concerns of insider threat activity. The Privacy team, which is part of the Legal department, determines methods and governance for the proper use of personal data. Together, these functions secure our corporate and employee data.

The CIS team manages Lockheed Martin’s computer network defense system to continuously build our resilience against an evolving ecosystem of cyber risks and external threats, including nation-state threats. CIS has a dedicated Computer Incident Response Team (LM-CIRT) which is composed of security analysts with expertise across numerous technical disciplines. Leveraging Lockheed Martin Intelligence Driven Defense® methodology, LM-CIRT is the corporations first line of defense against both network and host-based threats. CIS additionally operates Security Intelligence Centers (SIC) worldwide that are managed by LM-CIRT.  These centers bring together three primary capabilities: pervasive sensors, data management and analyst collaboration. Each SIC is staffed with cyber intel analysts who deeply understand our adversaries in terms of motivations, tactics, techniques and their objectives. LM-CIRT leverage the Lockheed Martin Cyber Kill Chain® to analyze threats and attacks not only at a micro level, reviewing the full details and conduct triage based on the suspected threat, but they also at the macro level, examining how a series of attacks can link together to represent a persistent campaign. Studying the patterns in these campaigns and fusing together various pieces of information, LM-CIRT can successfully pre-empt and block additional attacks from the adversary, including zero-day attacks. The CO/CI and CIS teams work together to address risks associated with insider threats and develop data-driven initiatives to improve our ability to prevent, detect, respond to and mitigate threats. CIS also collaborates with our supply chain and program management organizations to enhance our supply chain cyber risk mitigation strategies. These strategies include engaging with the suppliers who handle the most sensitive Lockheed Martin information to increase their awareness and enhance their cyber defense capabilities.

Lockheed Martin’s cybersecurity policies, as well as our Corporate Insider Threat policy, direct our compliance with global privacy laws and regulations. We integrate privacy considerations into new business opportunities, contracts, systems and acquisitions. We instill in our employees a respect for data protection and privacy through outreach, education, training and awareness. Education and awareness are vital to maintaining an environment where our employees, customers and partners trust us to use and protect personal information responsibly. Lockheed Martin provides multiple privacy-related courses, ranging from a mandatory new-hire Privacy Awareness training to a Privacy Professional Certification class.

In 2020, the Security Leadership Team was pleased to launch the Lockheed Martin Fusion Center. The Fusion Center offers a central location for integrated functional Classified Security resources to more effectively collect, analyze and share actionable intelligence aimed at safeguarding personnel, assets and information. New tools for data and link analysis, combined with resources for vendor due diligence and supply chain disruption monitoring, will create a strong foundation in our efforts to ensure the integrity of Lockheed Martin technologies.

Also in 2020, the annual Cybersecurity Awareness Month hosted in October switched to a virtual format. The team used immersive training experiences, like virtual escape rooms, to introduce newly hired employees to cybersecurity and our secure culture at Lockheed Martin.

2020 SMP Goals

Monitor employee cybersecurity engagement to counter malicious email threats and monitor number of vulnerabilities per device on core IT networks.

Achievement

Success: We do not disclose performance data deemed competitive and proprietary.

Monitor data loss incidents that occur within core IT networks for business operations.

Achievement

Success: We do not disclose performance data deemed competitive and proprietary.

We track two other proprietary goals to improve the security of sensitive data and intellectual property and IT networks.

Achievement

Partial Success: We do not disclose performance data related to these proprietary goals.

Sensitive Data and Intellectual Property
Insider Threat Awareness Campaign

In 2020, the Lockheed Martin Space Counterintelligence team launched a video campaign to raise employee awareness and engagement on the topic of insider threats. The videos aim to explain the concept of an insider threat, how to identify related behaviors and risk indicators and how each individual can contribute to insider threat prevention efforts at the company.

Sensitive Data and Intellectual Property
Corporate Email Testing Program

The Lockheed Martin CIS team began its internal email testing program for phishing randomly selected employees ten years ago. Focused Phishing is a new program to identify and test vulnerable employee populations based on real-time threats and provide tailored awareness such as the risks of supplier compromise. This more in-depth testing focuses on awareness and providing tailored test content, training and actionable follow-ups.

Information Security

TOP