| Rolls-Royce

Global
- China
- Japan
- Germany
- North America
- South East Asia
- United Kingdom
- India
- Korea
- Arabic
- Brazil
- Global contacts

We develop and deliver complex power and propulsion solutions.

For more than 100 years we have been at the forefront of innovation. Helping to power, protect and connect the modern world.

About

Create your future with us

Help us deliver better power for our changing world.

We develop and deliver complex power and propulsion solutions for safety-critical applications in the air, at sea and on land.

Our products and service packages enable our customers to connect people, societies, cultures and economies together.

Products & Services

Doing more with less

We have a fundamental role in meeting the environmental and societal opportunities and challenges that the world faces.

Sustainability

Rolls-Royce 2025 Half Year Results

Rolls-Royce announced 2025 Half Year Results on Thursday 31 July 2025

View webcast and materials

News centre

Updates and news from around the Rolls-Royce businesses.

Home

Sustainability

Cyber Security

Alpha Q Inc. profile with Paul Buckley

PROFILE

Company: Alpha Q Inc.

Business activities: Specializes in the manufacture of complex components for the aerospace, defense, and commercial sectors

Employees: 190

Founded: 1964

Headquarters: Colchester, CT

Confronting the emerging cyber threat posed by AI

Rolls-Royce chose Alpha Q. Inc. as a cybersecurity “Shining Star,” a company committed to protecting its business and the Rolls-Royce supply chain from cyberattacks. This interview with Paul Buckley, technology coordinator at Alpha Q, has been edited and condensed.

Q: What’s the current state of the cybersecurity threat?

P.B.: The cybersecurity landscape is an ever-moving target. The most recent development is threat actors using artificial intelligence (AI). We knew it was going to happen because these guys look for the best tools. It’s all about money. They’re willing to spend money to make a whole lot more money.

Q: What’s an example of the AI threat? Is it social engineering?

P.B.: Yes. For a computer to simulate somebody’s voice and intonation, you used to need to get them to read a 30-page script. Now the bad guys can take about a 10- to 15-second snippet of someone saying anything and they can simulate your voice to the point that your wife or parents won’t know the difference. That’s one of the things they’re doing through social engineering to get you to divulge information you’re not supposed to be giving out.

Q: So for example, a hacker might fake my voice on the phone saying, “Here’s the new bank account information”?

P.B.: That would do it. No matter what hardware or tools we employ, the first targets are the users, because users are the most vulnerable. We use an outside service to constantly test our users by sending out false phishing emails, trying to get them to divulge something. If you click on something you’re not supposed to, a nice warning sign pops up and provides a link to a training demonstration to reinforce the proper response to emails.

Q: If using AI for voice phishing is a new threat, what are you doing to train employees about vigilance?

P.B.: Since this threat is really an emerging one, this is not formally included in our training materials yet. We have always told our users “trust your gut.” If a request, regardless of how you receive it, sounds unusual coming from the person making the request, if there is a sense of urgency in the request, if they are asking you to do something they have never asked you to do before and it seems really odd (like “please pick up $1,000 worth of gift cards for me”), then trust your gut. If it’s someone you know personally or have a business relationship with, contact them using the email address you always use. DO NOT respond to their presumed email request. If you can, call them, again at a known number, then confirm the request that way. The same would apply with phone calls. One of the acknowledged experts in this field, Roger Grimes, says he teaches “Stop – Look – Think.” His shortened version of that is, if your response to a request is “Huh?” then STOP. Don’t be pressured into making a response quickly because of some inferred urgency in the request.

Q: What are some other key components of cybersecurity?

P.B.: You have to have multiple layers of things. Anybody that wants to break into somebody’s system can accomplish that eventually. What we try to do is put up multiple layers. Our logins require multi-factor authentication. We have an application that constantly monitors our log files and looks for unusual activity. And one of the things I check all the time is people’s accounts getting locked. After three failed attempts, their account is locked and I get an email and text message. If it happens once, you know everybody fat fingers their password, especially when dealing with a 16- or 20-character password. But when you start seeing the same person locked out every 15 minutes for an hour, that’s not normal.

Q: What else do you worry about?

P.B.: We consider ourselves, being partnered with the Department of Defense through customers like Rolls-Royce, to be a fairly big target. I’ve told my boss the only thing that ever keeps me awake at night is fear of a ransom attack. They no longer just go after capturing your data and encrypting your data. They attack you with four or five different things and in different ways. If they can get into your system they will sit there for six months, investigating how much money you make, what can be made from a ransom demand? They will get into the personal emails of the president and managers and look for things that can literally be used to blackmail officers. But I do feel much, much better with all the things we have done in the last several years.