CEO Club Briefing

Cyber Threats

Excerpt from remarks to the Boston College Chief Executives Club 

June 11, 2019

TAKEAWAY: Cyber Threats

NOVAKOVIC:  
So, I think by nature, given both our customer and given the type of work that our companies do, we tend to be very security-conscious. And cyber is just another element of security on the very, very high end. So clearly, it’s important to build moats around your business to ensure that you build robust cyber systems so that you can reduce hacking, reduce malware, and reduce theft.  

I worry an awful lot about the cyber threat from the inside. I think insider threats can be a significant problem for companies. And as a leader, there’s an important juxtaposition and balance between ensuring that you have proper security and that you do not violate people’s civil liberties or that you build a police state in which everybody’s afraid to do something because they’re afraid their neighbor is going to turn them in. It’s finding that balance where you see something, say something, without creating the tattletale mentality that rips human institutions apart. So, we spend an awful lot of time talking about internal insider threats and help people who you think may be at risk. I worry more about—it’s the Snowdens of the world who do more damage than—you know, that was scary. He’s a bad guy.

KENNEDY:  
Right, exactly. And I know as an industry, we work together on our supply chain, because that’s what has happened. I know you can give us some insights into your business also. But since the companies themselves have done a great job in protecting themselves from cybersecurity, where we see the threat is actually a lot of it coming in through our supply chain. And you have a big supply chain.  So maybe just a couple things about how you ensure—

NOVAKOVIC:  
So our supply chain is more vulnerable, and I think part of our responsibility is to—particularly smaller businesses, they can’t afford to put a very expensive cyber protection program in place, so the extent that we have to offer them the umbrella of our protection, we can do that in some instances. Some of it’s just awareness and training, so we have to spend a fair amount of time on that as well.  

But it is a real challenge. It’s a real challenge for all of us. It’s the safety of our suppliers, the reliability—not just—typically, you’re looking at things like quality, cost, schedule. And now you also need to think about and how secure are they, because the bad guys will go for the most vulnerable link, find the weak flank, right? And the supply chain can be the weak flank. And folks who are our potential enemies are not stupid—so find the Achilles’ heel, go for it.  

So we’re spending an increasingly amount of time—by the way, the other thing—and I think it’s important people understand—our industry has a level of comity to it. Not comedy, although that on occasion happens—comity, so that we tend to share lessons learned and practices among ourselves more than, I think, a fair number of industries.  

So, for example, if we see a particular cyberattack, we tell our customer, and our customer disseminates it to Raytheon and Lockheed Martin and everyone else, so we can all have a—there’s nothing stronger than a common defense. And if we can all be aligned in that common defense, it’s a big help. So I’m a big believer in industry cooperation. You have to sometimes put down your—you have to worry a little less about the competitive aspects of some of this and more about how can we protect ourselves and make us strong?