TrendLarge defense contractors look for cyber-security business

Published 19 March 2009

Cyber attacks on U.S. government networks and private companies have grown exponentially; the result is a vast increase in the attention paid to, and money spent on, cyber security; the biggest U.S. military contractors are counting on winning billions of dollars in work to protect the U.S. federal government against cyber attacks

Government organizations, both civilian and military, and private companies rely more and more on the Internet. It is thus not surprising that there are two trends afoot: On the one hand, an exponential increase in both cyber attacks on government networks and cyber crime. On the other hand, a vast increase in the attention paid to, and money spent on, cyber security (see, for example, “U.S. Under Growing Cyber Attacks,” 18 February 2009 HS Daily Wire; “FBI: U.S. Facing ‘Cybergeddon,’” 7 January 2009 HS Daily Wire).

 

Wall Street Journal’s August Cole and Siobhan Gorman write that the biggest U.S. military contractors are, therefore, counting on winning billions of dollars in work to protect the federal government against electronic attacks. Cyber attacks on government agencies are no commonplace, including cyber break-ins into classified systems. Cyberspies also have siphoned off critical data from Pentagon contractors. A data breach recently cost a major aerospace contractor $15 million.

 

Cole and Gorman write that intelligence officials estimate annual U.S. losses from cyber breaches to be in the billions of dollars, and some worry that cyber attackers could take control of a nuclear power plant or subway line via the Internet — or wipe out the data of a major financial institution.

 

Anticipating the demand, defense companies are bolstering training, buying smaller firms and hiring former top government officials,” Cole and Gorman write. “The move into the cyber-security field could offer new revenue streams for the contractors and help offset declines stemming from budget pressures on the Defense Department’s traditional weapons systems.”

 

Last year the Bush administration launched a major cyber-security initiative, and 2009 spending is expected to reach $6 billion. Details are classified, but depending on the outcome of a 60-day White House review due next month, those familiar with the effort say spending could range from $15 billion to $30 billion in the next five years.

 

Major defense firms are eager to get a slice of that pie, but critics in the government say these firms may not have the necessary expertise and that the ramp-up in spending is a recipe for waste and inefficiency. “My concern and the concern of a lot of people in the government is: Are we going to dump money like we did after 9/11, or are we going to get something for the money we spend?” said one senior intelligence official. “You’re getting people who are not necessarily viewed as experts [in cyber-security] running divisions of these companies.” Here is what some of the large defense contractors are doing:

  • Northrop Grumman Chairman and Chief Executive Ronald Sugar made his case in an open letter to President Barack Obama this month, writing, “America’s defense industry has heavily invested in the tools, techniques and human talent to address this problem.”
  • In August Boeing hired Barbara Fast, a former senior Army intelligence officer who worked at the National Security Agency (NSA), to focus on cyber issues. Fast is consolidating the capabilities that Boeing has developed to protect its own massive network into a new division.
  • Lockheed Martin, the top Pentagon contractor and largest government information-technology provider by sales, is constructing a new cyber-security facility at its main network hub in Gaithersburg, Maryland.

Cole and Gorman write that some intelligence officials worry the government’s clunky contracting system will end up awarding contracts to familiar big companies that lack the highly skilled technicians who gravitate toward smaller firms. Contractors also need to watch their own network security, said Tom Kellermann, a vice president at Core Security Technologies, citing a Verizon report last year that found 39 percent of cyber breaches implicated contractors and other third parties. “You can’t put an IT person out there who doesn’t understand the threat or second- and third-order effects,” said Bill Swanson, chairman and CEO of Raytheon. Raytheon’s recent acquisitions, such as Oakley Networks in 2007 and SI Government Solutions in 2008, strengthen its cyber capabilities.

 

Foreign firms are also eagerly eying the cyber security market. Europe’s biggest defense contractor by revenue, BAE Systems, acquired information security firm Detica Group for $1.06 billion in July. It also recently hired a top Bush White House cyber-security official, Marie O’Neill Sciarrone.

 

Cole and Gorman note that as these big defense firms push further into this territory, they are bumping up against consulting firms. Booz Allen Hamilton has worked in the cyber-security field for more than a decade. One of its senior executives, Mike McConnell, led the National Security Agency (NSA) and was also director of national intelligence in the Bush administration. He continues to serve on the president’s Intelligence Advisory Board. Deloitte Consulting recently recruited Billy O’Brien, who helped draw up the Bush administration’s cyber policy.