WashingtonExec had the opportunity to interview Dr. Mike Papay, vice president of Cyber Initiatives at Northrop Grumman’s Information Systems sector. Papay explained his reasoning behind not creating a personal media profile, some setbacks found in cloud computing, and the need for stronger international allies in cybersecurity. WashingtonExec also asked the Virginia resident his favorite spot in the D.C. Metro Area as well as his hopes for improving future cybersecurity technology.
WashingtonExec: Could you tell us about your background and how you got involved in cyber security?
Mike Papay: Northrop Grumman has a long history of solving complex problems for our customers and cybersecurity is probably the most complex challenge out there today. Over my 25 years with the company, I have had the opportunity to work on all kinds of different problems spanning the areas of aerospace, IT, space, and missile defense, all of which have given me the basis for what I am now working to solve in my cybersecurity role. I love challenges that involve not just technical solutions, but political, social and legal issues as well. Additionally, I enjoy mentoring and developing the next generation of scientists and engineers and connecting the talent in our company that is needed to meet our customers’ cybersecurity requirements.
WashingtonExec: What do you think of the government’s new embrace of cloud computing in terms of cyber security? Do you see it being an issue in the future?
Mike Papay: It appears that in the “rush to the cloud”, the industry has made the same mistakes that were made when the Internet was designed. The Internet was built assuming a certain level of trust, which worked for quite a while, but has been tested in the era of cyber attacks and cyber exploitation. If IT systems were designed with security built-in from the beginning, we would not be dealing with a lot of these issues. The cloud is no different.
One way that Northrop Grumman is trying to combat this is through our Cloud Advanced Security which combines open architectures, virtualization, and cloud orchestration with a high level of security in a multi-tenancy environment. Through this core capability, and our understanding of the various missions and domains, we work with our customers to build a secure architecture in the cloud that will keep their data safe.
WashingtonExec: Do you think there needs to be legislation in Congress, mandating the top government agencies have minimum cyber security requirements?
Mike Papay: The majority of top government agencies are already set up to adhere to a minimum set of cyber standards. The real issue is that those standards do not go far enough to ensure the safety of our intellectual property and our ability to conduct business. The advanced, relentless nature of the continually changing cyber attacks that our government is experiencing today makes any legislation or regulation obsolete by the time it is published. That does not mean we should stop trying, but we have to approach the problem from a more agile angle than we have in the past.
Also, the drive to regulate cybersecurity in government agencies may create an increased interest in commercial entities wanting to be protected as well. Right now, they do not see a big need. This may cause more of a need for regulation on the commercial side.
WashingtonExec: How do you think US security technology compares to other countries like the UK?
Mike Papay: It is interesting to note that when President Obama took a trip to the UK in May one of the things that he mentioned was the US and UK’s shared vision for cyberspace. Several other countries are probably close to the US position in technology. It is clear that international cooperation and sharing of technology and data will greatly improve the performance of our computer network defense activities. Cybersecurity is not a problem that can be solved locally, so it is important to make sure we develop those partnerships with our allies. It is a global problem and these partnerships will enable us to get there together.
WashingtonExec: Is there a difference, in your opinion, between cyber security and cyber defense?
Mike Papay: Definitions of cybersecurity and cyber defense vary widely across the board. People are using the two terms interchangeably, whether you are listening to the DoD, reading about cyber in newspapers, or talking about it around the dinner table. There is also different terminology in the commercial marketplace and in the government.
The fact that people are talking about it at all helps raise awareness of the problem, and that makes us smarter about how to solve cyber issues. We work hard to ensure our employees are educated about cybersecurity, so they can serve as our first line of defense when operating their computers and mobile devices.
WashingtonExec: Do you use social media yourself and if so what is your favorite platform?
Mike Papay: I do not use any. Most of the spearfishing cyber attackers are taking advantage of personal information that people put out there on social media. For instance, your weak password is easy to remember because it matches the name of your dog or your child. That information is available on social media sites. People take advantage of human nature to gain access to your sensitive information.
WashingtonExec: You graduated from Virginia Tech and have worked for Northrop Grumman for twenty-five years what is your favorite hangout in the DC area?
Mike Papay: I have always liked the National Mall area – the architecture, the history, the museums, the restaurants, all of it. It reminds me what a great country we live in, and helps me to think about what is important to protect. It also motivates me to do a good job at work for my family and our customers.
WashingtonExec: Those are all of my questions. Is there anything you would like to add?
Mike Papay: One other important area is how critical technology is in cybersecurity. As a company, Northrop Grumman is making great strides internally on technology that will benefit not only ourselves but our customers. We also have important partnerships with external universities and high schools as well as other entities to make sure that the latest technologies are in place and there is a pipeline of technologists to solve challenging problems. Cyber technology moves very quickly. It is always on the forefront of everyone’s discussion and it is in the news daily. To stay in front of the fast moving technology, you need very strong people, which is why I am glad to be working with the other cyber professionals at Northrop Grumman.