Cybersecurity goes by many names, and that's one of the reasons this emerging new industry remains so fragmented. It's time the industry reached consensus on an all-encompassing term that describes how to keep life- and mission-critical computers free from outside interference.
Unfortunately, cybersecurity has come to depict a range of nefarious computer break-ins by shadowy hackers with cryptic names that compromise the credit card accounts of retail store patrons, e-mails by notable politicians, and the control of cars and unmanned aircraft. Yet there's much more to cybersecurity than hackers and attempts to thwart their efforts. Moreover, there's billions of dollars pouring into the cybersecurity industry today, which represents opportunities for a wide variety of companies.
There's a plethora of descriptive terms in the cyber industry today, among them system security, system integrity, and trusted systems. Terms that were in vogue in previous years have fallen by the wayside, such as information assurance (IA), that authorities such as the U.S. Department of Defense (DOD) are abandoning. In fact, DOD officials issued an instruction last August to amend DOD Directive 5134.01, which establishes policy and assigns responsibilities to minimize the risk that DOD's warfighting mission capability will be impaired due to vulnerabilities in system design or sabotage or subversion of a system's mission-critical functions or critical components by foreign intelligence, terrorists, or other hostile elements.
The changes specifically substitute the word "cybersecurity" for information assurance. DOD leaders are setting on the term cybersecurity to describe outside interference to military computer systems and the embedded computing technology that underlies many of today's sophisticated weapon systems. That outside interference, described as vulnerabilities in system design or sabotage or subversion of a system's mission-critical functions could be intentional, such as the results of hackers, or also could include bits and pieces of computer programs, or bugs, that in certain circumstances could undermine or otherwise interfere with other parts of the program.
System security, system integrity, and trusted systems are describing aspects of the same thing: cybersecurity. Realizing this can help define what cybersecurity really means and can reveal a new perspective on the emerging industry. This became clear to me while talking with computer experts at the Association of the U.S. Army (AUSA) conference and trade show in Washington. Some of these people realize they're part of the cybersecurity industry, and some don't.
The computer scientist and companies involved with system security, system integrity, trusted systems, and perhaps even anti-tamper are working the same side of the street. These companies aren't involved in separate and distinct endeavors; they're all part of the cybersecurity industry.
So what does this mean? Well for one thing it places many embedded computing companies like Mercury Systems, Curtiss-Wright Defense Solutions, Extreme Engineering Solutions, and Abaco firmly in the cybersecurity camp. It's true, then, that not only the big prime contractors like Lockheed Martin, Boeing, Raytheon, and Lockheed Martin are doing cybersecurity. We're talking about an already-large and growing technology ecosystem that runs the gamut from software hypervisors all the way up to large, complex computer programs that run weapons platforms like jet fighters, main battle tanks, surface warships, and unmanned vehicles.
There are plenty of enabling technologies that come to bear on cybersecurity today, and plenty that will become part of this emerging ecosystem in the future. Perhaps the first step is to acknowledge that many of us are taking separate paths toward the same destination.
