Other

Northrop Grumman's Timothy McKnight on Security and Identity Management

Northrop Grumman CISO Timothy McKnight on the threat of nation-based attacks, the benefits of identity management and the future of the CISO role.

By Katherine Walsh

February 12, 2008CSO — Timothy McKnight likes to say that he’s doing his job if he’s getting dumber--in other words, if he’s trusting his staff members to advise him and make tactical decisions, so that he can focus on the company’s overall security strategy.

Of course, as the CISO and VP of the defense contractor Northrop Grumman, McKnight actually needs to be pretty smart. A former special agent for infrastructure protection, corporate espionage and foreign counterintelligence at the FBI, McKnight’s number-one concern now is helping protect his company--and therefore the U.S. government, Northrop’s biggest customer--against governments that are looking to steal intellectual property and gain a competitive advantage over the United States. To do this, McKnight has set up a special intelligence group, focused on identity management and PKI, and worked to develop a business-focused staff.

McKnight recently spoke with CSO’s Katherine Walsh about the challenges of leading security at one of the largest U.S. military defense contractors and providers of IT for the federal government.

CSO: When you are a company that serves one very large customer, and that customer happens to be the U.S. government, what’s different about how you treat security?

Northrop Grumman’s Timothy McKnightMcKnight: That’s a great question. Obviously one of the big threats to the U.S. government is at a nation-state level, meaning espionage and foreign intelligence. We have to have a clear picture of that, just because of the nature of the business we’re in. We also deliver services to the state of Virginia, the city of San Diego, and some commercial companies like Honda, where we focus on more of a balance between risk, usability and the ability to win business.

There are seven different security sectors at Northrop Grumman, and I need to set a bar across all of them. One of the advantages we have is security clearance for classified information that we can then use to better protect our networks. It’s a big advantage, but there is always a spectrum of security. You have to decide what to focus on, whether you’re talking about the public or the private sector.

CSO: Protecting the information assets of Northrop Grumman is obviously critical, given its position in the world. Do you treat the R&D data you need to protect and the personally identifying information (PII) of your employees the same way?

McKnight: Not in all cases. There is a baseline amount of security across the entire enterprise. We have very significant layers of defenses within our

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
Safeguarding the New Currency of Business

PricewaterhouseCoopersWatch this webcast to learn how your organization can leverage PricewaterhouseCoopers' Global Information Security Survey 2008, the world's largest survey on privacy and infosec practices.

» View the webcast

Featured Sponsors