Raytheon CEO: All companies cyberbreached

Growing connectivity leaves systems more vulnerable, according to Tom Kennedy.

Raytheon President and CEO Tom Kennedy spoke to the Davis Leadership Forum at Jacksonville University on the business of cybersecurity.
Raytheon President and CEO Tom Kennedy spoke to the Davis Leadership Forum at Jacksonville University on the business of cybersecurity.
  • News
  • Share

Imagine while on the way to work, the driver of a vehicle suddenly loses control of its critical systems, such as acceleration, brakes or steering.

Or the prescriptions of a hospital’s patients are altered, resulting in injuries and deaths.

Maybe stock market data is altered, causing widespread selling to drive prices down, or buying to drive them up.

All are scenarios that have happened, or can happen, Raytheon Chairman and CEO Tom Kennedy told attendees of the Davis Leadership Forum luncheon at Jacksonville University on Thursday.

Raytheon, based in Waltham, Massachusetts, is a leading developer of electronic combat systems and missile defense technology.

Speaking on “The Business of Cyber Security,” Kennedy, who heads the nation’s third-largest defense contractor with 2016 sales of $4 billion, discussed threats to the national defense, infrastructure, such as the power grid, large and small businesses and individuals.

Nation states, hackers for hire and “hacktivists,” he said, are a constant threat to an evermore connected world.

“Cybersecurity vulnerabilities are much more than the IT systems,” Kennedy said. “Everything is connected. Today your factories are connected. They have robotics and it is all tied back to the equipment manufacturer who is monitoring it for prognostics.”

That constant exchange of data, similar to that between the dozens of microprocessors that control systems in modern automobiles, provides portals for hackers to enter for the purpose of mining data, modifying data, disrupting systems and even inciting unease among a population.

Companies such as Raytheon, he said, work tirelessly to keep pace, if not stay ahead, of the “game” that can be played by hackers in any garage or basement anywhere in the world. Hackers can even lease space in the same internet “cloud” used by their targets.

“There are two types of companies,” Kennedy said, “companies that know they have been breached and companies that don’t know they have been breached.”

Kennedy described four key areas of cybersecurity vulnerabilities: nation states seeking access to company systems and infrastructure; criminal activity by those working to steal and monetize personal information; hacktivists pursuing political or social agendas; and a company’s own employees either through “poor cyberhygiene” or rogue workers seeking to do the company harm.

“Everything is connected, and everything that is connected is vulnerable to cyberattacks,” Kennedy said. “Threat has significantly increased. There are nation states out there that are trying to break into company systems, get into our infrastructure and have the ability to do damage to us now and in the future. I guarantee Sony never thought North Korea would hack into their systems.”

After decades of supplying the physical tools for warfare, in 2007 Raytheon began “being hammered daily” by cyberattacks, Kennedy said.

In response, the company purchased 17 cybersecurity companies and merged them into its own in-house capability.

To leverage that investment, it formed a cybersecurity division, which Kennedy said earns $600 million in annual revenue in government and private contracts.

Raytheon’s artificial intelligence monitors systems and activities from the factory floor to the desktop computer, issuing warnings when threats are detected.

The system, Kennedy said, was credited with saving the life of one company’s employee when it detected unusual internet activity that led to an intervention of a suicide attempt.

“If you are a leader of a business organization, it is important to be proactive when it comes to cybersecurity,” Kennedy said.

“You’ve seen what can happen when you get one of these breaches. Equifax is there to secure your information, and they lost your information. One breach of cybersecurity blew up their business model,” he said.

A retired U.S. Air Force captain, Kennedy joined Raytheon in 1983 in engineering radar development. He holds several patents credited with advancing radar and electronic warfare technologies.

Of the company’s 63,000 employees, 10,000 are veterans, he said. National security is a priority.

“We work both the sword and the shield,” he said of the company’s offensive and defensive weaponry production. “We also develop cyberbullets. We have to protect ourselves from the battlefield all the way up.”