Raytheon CEO On Creating A Cyber-Safe Workplace
Pat Gorman and Gabriel Perna
Raytheon CEO Thomas Kennedy is in charge of a $27 billion company, with 67,000 employees.
Needless to say, cybersecurity is something he pays attention to—both internally and in the work that defense contractor does for its clients.
Chief Executive asked Kennedy to discuss what the CEO’s role is in creating a cyber-safe workspace. The Raytheon CEO also touched upon the role company culture plays in creating a more secure organization, how his leadership style has evolved and more. Below are excerpts from this email conversation.
The simple truth is that when everything is connected, everything is vulnerable. So CEOs must be the ones setting the tone at the top that cyber securing the enterprise is a top priority. In words and actions, they need to become champions for cybersecurity. And they need to support it with investments, getting the right IT and operations talent in place and empowering managers to implement effective systems, processes and plans.
Companies can gain significant competitive advantage by leveraging new technologies for automation, cloud computing, global supply chains, and networked products and services. But all of these must be secured and monitored—across the entire system of systems, whether an internal tool or a product you sell—from its IT components, to operational technology (OT) hardware and software, to internet of things devices and connected third-party services. The business must manage the associated cybersecurity risks of all of these elements, since the impacts can be severe. There are the very real dangers of business disruption; health and safety impairment; damage to a company’s brand and its public trust; lawsuits and fines; and the loss of critical intellectual property and privacy data.
I like to say that there are two types of companies out there relative to cyber: those that know they’ve been breached, and those that don’t know they’ve been breached. As a result, CEOs need to be proactive. They can’t assume they’re not a target – they are.
The challenge for companies is that employees are both the strongest defense and the weakest link relative to cybersecurity.
This risk is called “the insider threat” – and there are two kinds of threats from employees here. There’s the employee deliberately downloading sensitive files or intellectual property to sell or bring with them to a competitor when they leave; and/or sabotaging the OT system. Then, more commonly, there’s the employee who unintentionally falls victim to an external bad actor, such as through a phishing scheme, or who circumvents security controls in a misguided effort to do some work. No matter the intent, there has been a stream of headlines of such actions leading to the critical loss of IP on IT systems, and sabotage against the OT systems of factories, industrial control systems and even hospital equipment.
Getting employees to become part of the solution needs to be communicated through employee education. It’s a high payoff activity. Since increased training not only lowers the risk that employees will unknowingly facilitate breaches, but that when bad things do happen, they know how to respond and minimize the impact. Good training brings to life the dangers of bending rules and how to be alert for malicious insiders.
At my company, IT partners with Communications to get the word out through an employee education initiative we’ve branded RTN Secure. And it’s regularly updated to highlight new vulnerabilities and best practices as the threats evolve.
Cyber-aware employees then become your best line of defense and a critical component of your organization’s cyber resiliency. You have to assume compromise; it’s not if, but when.
As with every part of your business, culture is key. It provides the solid foundation of compliance, collaboration and communication required to ensure the resilience of your organization.
You may invest millions of dollars in employee cybersecurity education, but for it to truly pay dividends, you must have a culture of community and shared risk across the organization – it needs to be part of the organizational DNA.
Chief Executive Group exists to improve the performance of U.S. CEOs, senior executives and public-company directors, helping you grow your companies, build your communities and strengthen society. Learn more at chiefexecutivegroup.com.
0
1:00 - 5:00 pm
We are in a period of rapid change. Customer needs, technologies, competitors and internal capabilities require companies to review and update their strategies for the new realities. In this workshop, strategy experts Steve Rutan and Denise Harrison will show you a systematic approach to strategic planning to help you refine or redefine your business strategy and approach including:
2:00 - 5:00 pm
Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations.
Limited space available.
10:30 - 5:00 pm
General’s Retreat at Hermitage Golf Course
Sponsored by UBS
General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.
The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.
