Of course, there’s no law against selling anything at an air show, but defense companies traditionally do sell planes, sensors, avionics, support equipment, et al. So when I spotted the big ad placed where about half of show attendees have to pass on their way to the flight line or the chalets of the biggest companies, I decided to find out just why Raytheon had violated the unwritten rule for air shows: thou shalt sell airplanes. (Note all the airplanes behind the sign….)
The best explanation I heard was simple: cyber is in everything because everything is networked or has a receiver, making it is vulnerable to cyber attack or hacking. “All of the systems at the air show are all interconnected,” Michael Daly, Raytheon’s chief technology officer for cybersecurity and special missions, said. Daly noted it was the first time the company had advertised or promoted cyber sales at an air show.
There is a more parochial reason for Raytheon, in particular, to sell cyber here. They just closed on the $1.6 billion purchase of a commercial cyber security company, Austin-based Websense. Daly noted that the new subsidiary expected to do about $500 million in business this year and, with commercial cyber sales expected to continue to rise in the double digits for the foreseeable future, that is a compelling reason to breach convention. He noted that “80 percent of critical infrastructure is in the hands of private companies and the government customer is leaning toward buying commercial solutions” because they can usually be deployed much more quickly.
Raytheon even moved some of its existing cyber protection business into Websense, which will be a wholly owned subsidiary. The Paris Air Show marks the international coming-out party for this new venture.
But selling cyber internationally get can tricky, Raytheon officials told reporters visiting their “Global Cyber Solutions Center” in early June. “I’ve seen some small strides in the last year, but it’s [still] easier for Raytheon to sell high-end defense technology as an FMS case than it is to share a virus signature,” said Bill Leigher, the recently retired Navy admiral who now heads Raytheon’s cyber strategy shop.
The intelligence community and the Departments of State, Commerce, and Defense can all chime in on a sensitive cyber export, Daly explained to the reporters. Commerce is currently requesting industry and public feedback on a new set of export rules.
“A lot of it depends on the inten[ded] use of the product by the end customer, and sometimes that can be hard to control or understand,” Daly said. For example, he said, the same tools that help a country diagnose its own vulnerabilities could also be used offensively, to scan other nations’ networks for points of attack.
Overall, Daly said,”our customers are really buying in two spaces right now”: “defending the entire country” — for example protecting critical infrastructure — and “hardening military systems.”
“It’s not just about the network,” Leigher said. As the military, like society, keeps networking its hardware — the so-called “Internet of Things” — weapons systems become increasingly vulnerable to hacking. For example, he said, “there’s a maintenance box that connects to an F-35. That may be a cyber target for an adversary [to transmit malware] that prevents the aircraft from flying the way it was designed.”
So when Raytheon showed up in Paris with a big cyber ad campaign, “a lot of people were surprised” at first — but then they realized that just about everything can be hacked, Daly told me yesterday on an absolutely gorgeous summer’s day at the Raytheon chalet. He said the company is featuring its SureView system in its static display area at the show as well. Sure View monitors systems for insider threats and unauthorized access to networks.
How hard is Raytheon pushing cyber? If you go to the company’s website, you will also note a prominent — and recent — addition to the web page: a big fat button at the top for CYBER.