Lockheed Develops Cybersecurity Yardstick For DoD Assets

Cyber experts from Lockheed Martin have developed a model that standardizes how to measure the cyber resiliency maturity of a weapon, mission, and/or training system anywhere in its lifecycle – the Cyber Resiliency Level model (CRL).

The US government defines "cyber resiliency" as the ability to anticipate, withstand, recover from, and adapt to changing conditions in order to maintain the functions necessary for mission effective capability. The aerospace and defense industry earlier lacked a simple, common method to discuss cyber resiliency of a military system, the company said in a statement Tuesday.

"Today's software-based military systems and a global supply chain make securing military systems a complex problem to solve," said Jim Keffer, director of Cyber, Lockheed Martin Government Affairs.

"With the CRL, we can now leverage existing risk management frameworks to effectively measure and communicate resiliency across six categories we know are important to our customers," he added.

To use the model, engineers work with US and allied military program stakeholders to conduct a series of risk and engineering assessments. The process provides increased visibility into the current state of risk and produces a customized, risk-mitigation roadmap that shows how to increase a system's CRL to a more desirable level.

"In an era of scarce resources, the CRL model can help stakeholders make informed decisions and prioritize cybersecurity spending on the most impactful solutions," said Keffer.