Defense and Aerospace

Extending Full Spectrum Dominance to Cyberspace

Guardtime offers its Defense and Aerospace partners next-generation anti-tamper hardware, solutions for defending critical networks from nation-state level attackers, designing and tailoring network defense or providing end to end data-centric security for sensor platforms. 

Technology Background

Guardtime and KSI technology got its wings from the aftermath of the world's first nation-state sponsored and coordinated cyber-attack in 2007 against another nation-state, Estonia.

While the attack mainly consisted of simple DDOS bombardment, after the services were restored and the dust settled, a lingering question remained: to what extent was the data inside the targeted systems affected? How could it be made absolutely sure that no unnoticed attacker, politically motivated insider or planted malware had tampered with any of the vital information about the citizens, property or government operations? What can be trusted to be true and what not?

It turned out that was no such technology in existence that would enable to conclusively answer these questions, without relying on any sort of trust and working at a scale required. But a group of Estonian scientists had been working on such a schema already for a few years, based on fundamental research into hash-linking cryptography and blockchain constructs, and since it was now clear that the need was there, Keyless Signature Infrastructure (KSI) was born and built up by Guardtime. 

Today, KSI and Guardtime have evolved, and the the use cases of KSI have broadened from the assurance of information stored in government databases, but the basic premise has remained the same - in order for any system or digital asset to be deemed secure, it must be possible to conclusively prove its unaltered state. And this is what Guardtime helps its customers to do, in real-time and at still unprecedented scale.   

Our Value Proposition 

Modern security is based on the need to search for vulnerabilities. That search can be in the form of firewalls scanning each packet that enters the network, signature-based malware detection schemes, of using sandboxes (or multi-vector virtual execution) to run code inside a protected environment. These are very sophisticated technologies but they all suffer from one fundamental problem: they can’t guarantee that they are working. They might work but then again they might not and it only takes one successful breach to have your most critical IP compromised. Users of these technologies have to rely on trust, and trust without verification is a failed and failing strategy.

KSI makes a different assumption: That the state of a network can be independently verified with mathematical certainty. The key word is “independently”. It means that the configuration of every switch and router, the state of every event log and data item in data stores can be verified without the need for trusted administrators or in the procedures that define the security of the network.

The implication is that if you can guarantee the state of your network then any unauthorized change in the state of that network represents an attack, the impact of which can be mitigated. This is a fundamentally different assumption and is the difference between searching for needles in a haystack and having real-time situational awareness of every stalk of hay.

KSI is the equivalent of Tag, Track and Locate for every individual asset and automated actions can be taken when that asset is out of compliance -  it can provide cyber-domain awareness and attribution at the scale needed for modern networks, enabling the extension of full spectrum dominance to cyberspace and the guaranteed security of networked digital assets, both military and commercial.

Solutions for System Integrity:
Black Lantern Anti-Tamper Appliance

Guardtime’s Black Lantern appliance is the cutting edge of Anti-Tamper (AT) technology, or the systems engineering activities intended to prevent and/or delay exploitation of critical technologies weapon systems.

Designed for the world’s most austere environments Black Lantern ensures that every component, configuration, and digital asset within a network can be tagged, tracked, and located with real-time situational awareness no matter where that asset is transmitted, stored, or received.

Solutions for Insider Threat:
Real-time Mitigation with Native Forensics

KSI Insider Threat Services deliver three core elements; all built to DoD standards to address new regulatory Risk Management Framework guidance for continuous monitoring of cyber assets (see NIST SP 800-53, CNSSI 1253, and ICD 503):
  • Real-time monitoring and detection of insider threat activity across even the largest enterprises
  • Fully portable forensic evidence and chain of custody of the suspect(ed) activity and attribution.
  • KSI Training and Education services dedicated to Insider Threat Detection, Reporting, Mitigation, and Eradication

Solutions for Sensor Platforms

In a world of connected machines there are a myriad of interacting devices, customer transactions, user activities, access, authentication and ‘handoff’ automation, virtualization and application launches, software deliveries, data from API interactions and their associated messages, as well as sensor data from remote devices.

KSI provides chain of custody and auditability for the lifetime of the data from sensor fusion, ingest and analytics across data lakes hosted in different environments administered by different organizations. Without it one compromise anywhere in the chain and the reliability of the data being collected and any conclusions derived thereof will be suspect.

Solutions for Cloud Assurance

Driven by proven cost-efficiencies, cloud solutions remain in demand by Federal agencies, however cybersecurity concerns remain one of the largest hurdles to cloud implementation. While FedRAMP security standards are gaining acceptance, the standards focus on protecting the network instead of security gaps from insider threats and protection of the data itself.

KSI, integrated into the cloud infrastructure provides a level of assurance not previously possible, providing complete traceability, accountability and transparency for the cloud. Entities who are either using or administrating the cloud can be held responsible for their actions, regulators get to audit all processes and everyone involved can verify what happened when.

Guardtime's Senior Leadership Team for Defense and Aerospace

Guardtime's team for Defense and Aerospace consists of industry veterans only, with senior strategic, operational and technical leadership responsibilities shared by:  
David E. Hamilton Jr. 
- Previously a member of the Senior Executive Service, and the Program Executive Officer for the Rapid Capabilities Office for 11 years. Served 29 years in uniform at US Air Force, retired in the rank of Colonel.  

Matthew Johnson - Previously Director for CACI’s National Security Cyber Group. Served at US Air Force OSI as a Special Agent focusing on cyber security, cloud, weapons development, intelligence, and related security operations.