Expert Q&A: Larry Grossman Discusses Cybersecurity Challenges and Opportunities
Larry Grossman is vice president of cybersecurity and information technology (IT) services with the Tetra Tech Federal IT Group. Larry has more than 30 years of experience in information security operations, compliance, governance, and risk management functions. He previously served as the Federal Aviation Administration’s (FAA) Director of Information Security and Privacy and Chief Information Security Officer (CISO). In that role, Larry provided strategic leadership of FAA's information security and privacy programs. Larry also participated in government-wide and international cybersecurity initiatives and exercises and regularly updated Congress on FAA’s cybersecurity efforts.
Larry started his FAA career developing and maintaining air traffic control (ATC) automation and aviation safety systems and spent several years improving and modernizing ATC systems and services. An avid aviation enthusiast, Larry holds commercial pilot and flight instructor certificates in both land and sea, and travels in his own aircraft whenever possible. Larry holds a Bachelor of Science in Information Technology from Stockton University.
What are some of the biggest cybersecurity challenges facing commercial and government organizations?
By far the biggest challenge we face within the IT discipline is around our workforce. Unfortunately, malicious actors continue improving their methods and many have unlimited resources, so to keep pace with ever-changing threats, effective cybersecurity teams must continuously improve their detection and response capabilities. This continuous evolution requires highly capable cybersecurity professionals, who are in high demand across the industry.
I can’t stress enough the importance of workforce training across an organization’s entire enterprise, especially in social engineering, which is a method used by cybercriminals to compel users into making security mistakes. Phishing remains the number one threat vector for cybercriminals, and while defensive tools have improved considerably, they are not absolute in the protection they provide.
Within one organization, an employee took a second to review their personal email account and clicked on an attachment in a very compelling email from what they thought to be their child’s college. That email launched over two million malicious emails, creating an organization-wide denial of service. This event lasted three days and required the reimaging of 10,000 workstations. Over 98 percent of cybersecurity compromises occur because of either social engineering or system patching was neglected. Within the Tetra Tech Federal IT Group, we are fortunate to have built a highly skilled cybersecurity practice that assists our government and industry partners in security operations, compliance, secure development practices, and cybersecurity training.
What cybersecurity challenges have you seen that are unique to the aviation environment?
Every large complex environment will have some unique challenges, and the aviation environment is certainly no different. The ecosystem that makes air travel work for both people and cargo includes many service providers across government and private industry with a vast number of interconnected Industrial Control Systems (ICS), purpose-built Operational Technology (OT) environments, and traditional IT systems and services. This certainly creates a very large attack surface where cyber incidents can occur. With automated information exchange across multiple federal agencies, Department of Defense (DoD), aircraft manufacturers, airline and airfreight carriers, airport operators, and international air navigation service providers (ANSPs), a compromise in one service provider risks compromise across others.
Typically, there is no broad understanding or consistent approach in applying security protections across all providers. In addition many systems that operate this 24x7x365 environment cannot simply be taken out of service to upgrade or patch, and even when they can, the unique environments do not allow remote patching. Software updates require on-site visits for hundreds of facilities across the United States. Highly integrated security monitoring and collaboration has facilitated great improvements in cyber resiliency to assure safe and efficient air travel. As air traffic continues to grow with more interconnected systems and services, the implementation of automated detection and response capabilities will become critical for effective cyber resiliency.
In addition autonomous and uncrewed aircraft integration into the managed airspace is bringing a whole new set of cybersecurity challenges. After recently leaving federal service and joining the Tetra Tech Federal IT Group, I have been so impressed with the broad level of aviation and technology expertise we provide to assist the Air Force, Department of Homeland Security (DHS), and the FAA across the spectrum of cybersecurity disciplines. Our broad engagement with aviation also extends to the airport communities across the United States and Europe.
How do you see cybersecurity evolving in the near term?
Cybersecurity is changing rapidly, and so are the tools used for cyber protection improvements. Artificial Intelligence and machine learning (AI and ML) will continue to be a major contributor to the advancement of cybersecurity. ML is being used to identify malicious behavior by modeling network behavior and improving overall threat detection. It is no longer sufficient to simply monitor intrusion detection devices and deploy anti-malware or antivirus software. It is critical that normal network traffic is well understood so that a flag is raised when any network anomaly occurs. Implementing this type of automation will reduce the high volume of alerts that currently require a security analyst to review. This will lessen analyst fatigue and permit them to focus on higher priority security operations tasks.
Automation also will create an environment where a smaller, more focused team can efficiently manage security operations, reducing labor costs. In the near term, implementation of Zero Trust capabilities will also continue to mature. A Zero Trust environment assumes that your network is always compromised, which is okay provided that all users and network devices have been authenticated and every communication on the network has been pre-approved and is validated in real time. If this type of infrastructure management sounds complicated, that’s because it is, in fact, very complicated. While Zero Trust architecture implementation will take some time to mature, the federal government, through Executive Order, has mandated that all agencies aggressively adopt this security model, so this work will continue to accelerate.
Finally, I believe that there will be continued improvements in cybersecurity collaborations across sectors, because we all now agree that cybersecurity truly is a team sport. Historically, organizations would never release information about cyber incidents fearing that any disclosure would adversely affect their business, but that approach has proven to help cybercriminals. Improvements in information sharing through public-private partnerships have vastly improved cybersecurity capabilities and resiliency.
The importance of cyber threat intelligence and cross-sector collaboration has become a critical component of successful security programs. The Tetra Tech Federal IT Group certainly shares that philosophy and participates in numerous industry collaboration forums to further facilitate information sharing. With respect to cybersecurity, no one is safe if we’re not all safe. As the malicious actors continue to evolve, Tetra Tech continues to enhance our cybersecurity capabilities and offerings so that we and our clients remain cyber-aware and secure.
How does Tetra Tech support federal clients in meeting evolving cybersecurity challenges?
Tetra Tech has a broad cybersecurity portfolio and currently assists many federal partners with meeting their cyber challenges. We participate in public-private partnerships to enhance communications and cybersecurity collaboration. From emerging security architectures that permit Zero Trust operations to advanced cyber threat detection tools using AI and ML, robotic process automation (RPA), and technologies such as quantum computing that without quantum cryptography could render standard encryption highly vulnerable.
Tetra Tech’s Innovation Lab offers an adaptable platform where we employ these technologies to assist clients in accelerating their digital transformation with cybersecurity at the forefront. Since the cybersecurity threat landscape is changing so quickly, Tetra Tech is aggressively broadening our cybersecurity practice to assure that our capabilities remain at the forefront for our current and future clients. There is no end state with cybersecurity, just the journey.