Ed Hammersla, Chief Operating Officer of Raytheon Trusted Computer Solutions, spoke with WashingtonExec about his work in cross domain solutions and role in the development of Red Hat Enterprise Linux. He also provides insight on living on a farm, his background in biblical archeology and a longtime passion for water sports.
WashingtonExec: Please describe your role as Chief Operating Officer of Raytheon Trusted Computer Solutions. What does a good day look like for you?
Ed Hammersla: Part of the duties of a COO is to make sure that the organization is providing value; not only to the customers that buy your products, but to the owners of the company whether they be private individuals or large corporations such as Raytheon. A good day is a day we’ve solved a customer’s problem. We’ve received a nice email that proves our technology is being used to help save lives or help with missions and things like that. A good day is also when we are able to recruit the best and brightest to our team to help us launch these missions.
WashingtonExec: How have your degrees in business administration and biblical archeology molded your career?
Ed Hammersla: Well, the business of course is important because if you can’t keep the organization afloat financially then you don’t get to keep doing what you do. You have to be mindful of the financial side and the legal side. The archeology was really an academic hobby when I was in college. Although I will say it is interesting because one of the lessons from there was to not hold too many preconceptions and be willing to listen to any voice and any new evidence and to change your direction based on evidence and new things you find. I think it probably helps in adaptability and things like that.
WashingtonExec: What made you want to work in cross domain solutions?
Ed Hammersla: I’ve been in software for close to 30 years now and what always interests me is something that solves an interesting problem. Cross domain solves the problem of intelligence agencies sharing classified and sensitive data with each other which is of course an interesting problem and was extremely interesting after the events of 9/11 with the 9/11 Commissions Reports and that sort of stuff. Not only was it something that our nation and our government needed to do more of, but Trusted Computer Solutions had technology that enabled it.
WashingtonExec: You were pretty influential in the development of Red Hat Enterprise Linux. Why was that important to you? How has it influenced your current work?
Ed Hammersla: The Red Hat Enterprise Linux operating system is what you might call the secret sauce of a cross domain solution. It provides the security policy enforcement at the operating system level that allows these software solutions to be used in the very classified environments they are used in. We took a role of being pretty active in the Linux development because prior to Linux becoming what the industry would call a trusted operating system the only real alternative was the Trusted Solaris Operating System from SUN. Although that was functionally strong and secure it only ran on one vendor’s hardware which was SUN. That of course induces risk not only to us as a software company, but also to the government as a whole. Being dependent on one vendor is never good. The movement to Linux provided a lower cost solution for the government and num, a more flexible platform on which to run our cross domain solutions. Now we can run on IBM, HP, SUN or any vendor’s hardware. Linux provided us that sort of flexibility.
“I think all of the problems we are seeing today in cyber security are largely a result of building on sand; in other words, building security applications on standard off-the-shelf operating systems, not secure or trusted operating systems.”
WashingtonExec: What do you see as the next big thing in the technology industry?
Ed Hammersla: I hope it is a movement to more secure operating systems. One of the articles we frequently reference is a White Paper written by the NSA fifteen years ago with a tremendous title called “The Inevitability of Failure.” The point of that paper was that if you don’t build applications on a secure foundation, meaning a secure operating system, then you are building on a house of sand. I think all of the problems we are seeing today in cyber security are largely a result of building on sand; in other words, building security applications on standard off-the-shelf operating systems, not secure or trusted operating systems. I guess we are advocates of driving security down into the operating system level which gives you a higher degree of built in security rather than add-on security at the edge.
WashingtonExec: What do you think is the biggest challenge your company faces in the next couple of years?
Ed Hammersla: We are expanding internationally and that’s always a challenge for a variety of reasons. We are interfacing with more and more devices. We have a big initiative for mobile now of course and when you make our technology available to the mobile environment there is an additional set of security concerns that we need to be worried about. When you get into the mobile market you are talking about a variety of vendors and very fast changing hardware. How we maintain our level of security in an environment where the hardware platforms are changing as rapidly as they do in mobile becomes a challenge for us, but we’re well underway coming up with solutions to do that.
WashingtonExec: There have been a lot of incidences in the news today regarding cyber hacking and cyber terrorism. How do you think the cyber threat has changed in the last three or four years? How has it evolved?
Ed Hammersla: The people who launch the threats have gotten a lot better and there are a lot more of them. When you look at the advanced persistent threats that are happening today and the sophisticated attacks, you realize that we need become more sophisticated in creating computing environments that can withstand those kinds of attacks. Our approach is that you have to build in security rather than add it on. Buying more firewalls and better virus scanners isn’t the answer – it’s to move to a more trusted platform.
WashingtonExec: What is something most people might not know about you?
Ed Hammersla: I’ve been surfing since I was sixteen years old – that’s probably not well known. There probably isn’t a water sport that I haven’t done. I used to swim competitively in high school and college. Architecture is one of my favorite art forms and that’s probably not well known either.
WashingtonExec: Do you still live on a farm?
Ed Hammersla: Oh, yes. That’s true, although I probably don’t look like the average farmer.
WashingtonExec: What is on your summer reading list?
Ed Hammersla: Actually the new book that came out about Lyndon Johnson is really interesting Passage to Power. It covers the events in Dallas when President Kennedy was assassinated and exactly how Johnson orchestrated his inauguration and the assembly of people back on the plane.
WashingtonExec: Do you think we are safer now with cyber security or less safe because of all of the new mobile technologies?
Ed Hammersla: More mobile devices provide more targets. To use the old line from Top Gun you are in a target rich environment if you are a hacker now, right? The problem is people want all of their data with them all of the time. The approach we use is to virtualize data in a cloud. Right now most of the mobile devices – all of your contacts, maybe your names, addresses, phone numbers, and your driver license numbers are all on your mobile devices somewhere so if somebody hacks it they get all of that stuff. However, if you could virtualize that mobile device into the cloud and then provide security components, it is a lot harder for a hacker to get your information. The device in your hand would look and feel the same, but the data would be coming from the cloud rather than from your own disk drive mounted in your iPhone. From a users perspective you wouldn’t notice any difference, but from a hacker’s point of view there wouldn’t be anything to steal. In the cloud I can provide a different level of security because it is an environment I can work with whereas the mobile device is an environment that is changing so rapidly that frankly security is just not something people thought about.
WashingtonExec: Do you think your employees understand that?
Ed Hammersla: Our employees do, are you kidding me? They are paranoid security engineers. It is my children that I am more worried about. It’s fine to use all of those vehicles, just make sure that what you are putting out there is something that you don’t mind other people knowing.
WashingtonExec: Has Raytheon implemented a BYOD policy or something similar?
Ed Hammersla: Not at Raytheon, for a variety of security reasons. BYOD comes in degrees – the environment I described earlier, this virtualized cloud environment would allow BYOD. There is the actual BYOD where you do some minor customization and employees have access to your company’s data. There is the partial BYOD in which employees hand over their personal device to IT or allow IT to download an app onto the device that makes is more secure like a container or something like that. For the highly secure environments such as Intelligence Agencies I doubt we will see BYOD because you would need to secure those devices with operating systems you can control and all that sort of stuff. It is sort of a continuum where BYOD is probably good for 80% of the market. For that last 10% a modified BYOD works and then for the top 10% of very secure implementations like Intelligence agencies and federal systems integrators they are probably going to want to maintain a little more control over that device.
WashingtonExec: How do you expect big data overload in the public sector will affect your company in the next couple of years?
Ed Hammersla: Big data overload is inevitable. Where it affects us is in the need to securely transfer vast quantities of very complex data in a secure way. An example is satellite imagery that has to be rapidly moved to the warfighter without the fear of interception by enemy forces. We have cross domain solutions that enable that and we expect that as big data overload occurs, there will be more and more need for this type of solution.