CybersecurityAdministration's cybersecurity spending would benefit commercial vendors

People talk of the administration’s health care plans, but one of the next big agenda items for the Obama’s administration is cybersecurity, a priority that is becoming all the more clear following the 4 July hacker attacks on the White House, the Pentagon, and the New York Stock Exchange. The AP reports that the attack on U.S. and South Korean government agencies last week was even broader than first realized. Other agencies targeted by the malicious code included the National Security Agency (NSA), DHS, State Department, the Federal Trader Commission (FTC), the Treasury, NASDAQ, and the Washington Post. The AP called the attack “remarkably successful,” as many government agencies were still reporting problems several days after the systems were invaded.

Mike Tarsala writes that the Independence Day attacks are out of the ordinary only in their scope. Security experts say some vital federal agencies are now averaging hundreds of millions of cyber probes a day, with an unknown number intent on doing harm to government networks. According to the latest Department of Defense data, malicious attacks rose 31 percent in 2007 from the previous year to 43,880 incidents. It is among the reasons there is a growing urgency to beef up federal cybersecurity pronto.

Some plans in discussion involve building a centralized intrusion-detection network called Einstein, built partly with monitoring software from the NSA. More than likely, the vast number of government networks, all running on technology from different service providers may ultimately turn to a hodgepodge of commercially available software. That may result in a revenue boon for Symantec Corp. (Nasdaq: SYMC), McAfee Inc. (NYSE: MFE), Check Point Software Technologies (Nasdaq: CHKP), and hardware vendors including Cisco Systems (Nasdaq: CSCO) and Juniper Networks (Nasdaq: JNPR).

All told, overall defense spending is falling, but cybersecurity spending among a vast number of vendors could soon be on the rise, in an effort to patch vulnerabilities that could be exploited by rogue nation-states.

Some experts say that the massive 4 July cyber-attacked originated in North Korea. Tarsala writes that if so, it would not be the first time one country has electronically invaded another. Russia last year is suspected of crippling Georgia’s government systems in the summer 2008 battle over South Ossetia. Russia also has been accused of executing a coordinated denial-of-service attack to cripple systems in its former republic Estonia in 2007.

For the Obama administration, time may be ticking to fix systems that may be crippled by any number of foreign nations, or even by nationless enemies such as al Qaeda. There has been little to no increased government spending on cybersecurity to-date, but words may presage action. In May, Obama said cybersecurity would become a top economic and national security priority. Part of that plan is to create a new White House office, led by a cybersecurity coordinator, who has yet to be named. The need for such a coordinator’s position may unlock some of the difficult spending decisions that have to be made in order to fix the nation’s security holes.

The United States expects to spend about $7.3 billion on cybersecurity in fiscal 2009, the majority of which will go to the Department of Defense. Some of that spending is directed toward commercial vendors including McAfee and Symantec, for which all government spending makes up somewhere in the neighborhood of 10 to 12 percent of their annual revenue. A good amount also is directed toward systems developed by traditional defense contractors, including Lockheed Martin Corp. (NYSE: LMT), Northrop Grumman Corp. (NYSE: NOC) and Boeing Co (NYSE: BA).

Which firms would benefit from government spending increases? Tarsala says it is likely the commercial software vendors. The reason is simple. The most vulnerable government systems likely are the ones where there is very little being spent to protect them — which is not the case for the DOD, which traditionally turns to its well-worn list of contractors for solutions.

Another reason is that many of the government systems in cyberspace today are supported by multiple networks and service providers; very little is centralized. The quickest fix might be to boost security using the best-available off-the-shelf commercial products. At minimum, it is an interim step that is likely to be taken until a centralized NSA-based security system is built.

That likely will result in incremental revenue for well-known security software providers such as Symantec and McAfee. It would not be surprising at all to see their percentage of government-related revenue rise meaningfully in the coming 12 to 18 months.