The past year has seen a remarkable rise in the profile of the cyber threat to the United States, with widespread coverage in the media and high-profile events such as the attacks against Google and more than 30 other companies. In testimony before the Senate Armed Services Committee in April, Lt. Gen. Keith Alexander said there are “hundreds of thousands of probes every day,” against Department of Defense networks.
Within the private sector, some experts estimate hundreds of billions, if not a trillion, dollars have been stolen using cyberspace. In March, Mike McConnell, former director of National Intelligence and currently leading the cyber effort at Booz Allen Hamilton, wrote in The Washington Post, “The United States is fighting a cyber-war today, and we are losing.”
The piece was one argument in the growing debate surrounding cyber–security and how the United States should go about enhancing security for critical infrastructure, in both government and private sector hands.
Former President George W. Bush looked to increase U.S. capabilities in this area with the now declassified Comprehensive National Cybersecurity Initiative. President Barack Obama continued that trajectory by commissioning the Cyberspace Policy Review, led by Melissa Hathaway, and by appointing Howard Schmidt to the position of White House cybersecurity coordinator in December 2009.
A number of bills are before Congress addressing various aspects of cybersecurity, and the Department of Defense is ready to stand up U.S. Cyber Command. According to estimates by Bob Kipps, managing director at KippsDeSanto & Co., an investment bank, spending by the federal government on cybersecurity is close to $10 billion per year.
The central lesson of the growing discussions surrounding cybersecurity is that it will continue to grow in importance. The United States is the most networked nation in the world, and most cyber experts maintain the nation does not have an adequate number of trained, skilled cyber professionals.
The cyber arena is one in which the government contracting industry has played an increasing role. In April, L-3 Communications won a contract to provide cyber operations and IT support to the U.S. Air Force’s Central Command, along with personnel to manage, monitor and defend CENTCOM systems from cyber attack.
Cybersecurity is widely recognized as one of the fastest-growing fields for the contracting community, and it is still a relatively nascent market.
Wes Bush, CEO and president of Northrop Grumman Corporation, recently told Capital Business, “If you look at the areas of increasing investments, it is unmanned systems, cybersecurity and communications, surveillance, reconnaissance and intelligence.”
Other industry leaders have also recognized the growing importance of cybersecurity to the government and private sectors.
“Cyber is indeed a growing market, and I think the reason is simple,” said Bill Varner, president of the ManTech’s Mission, Cyber & Technology Solutions Group. “Many people, including myself, believe that cybersecurity is the No. 1 threat facing our nation after weapons of mass destruction.”
Cybersecurity is such a rapidly growing area because of the potential dangers associated with any attacks. A possible disruption to U.S. networks could prove absolutely catastrophic.
For Varner, “When you think of how dependent we’ve become on doing business via the Internet … it’s easy to see how large the impact of an interruption to that would be.”
The threat landscape has caused the government and private sector to actively look toward providing better defense for networks in the United States. A dearth of skilled professionals has led the government to turn to the government contracting sector to provide much-needed talent and expertise in the cyber arena.
Most individuals in government contracting can see that cybersecurity is an area likely to provide growth opportunities in the near and long-term future. As such, government contractors are actively seeking to expand their capabilities to take advantage of this growing market.
Catching the Train
There are already a growing number of players in the government contracting community looking to secure contracts for cybersecurity. Companies like ManTech International Corporation and CSC have a long history of providing cyber capabilities.
For newcomers and old-timers alike, acquisitions and mergers are some of the best methods to grow a cyber capability. ManTech, an IT and technical services company, acquired two companies in 2008 to expand its cyber offerings, the Emerging Technologies Group and EWA Services, Inc.
Several other companies completed acquisitions in 2009 in an effort to expand their cyber capabilities. QinetiQ acquired Cyveillance, Inc. in July 2009, Raytheon acquired BBN Technologies in October; and ICF International acquired Jacob & Sundstrom in December.
The current year has also seen several acquisitions, including two by Symantec, of PGP Corporation and GuardianEdge Technologies, Inc. and one by Applied Signal Technology, Inc. of Seismic LLC. SAIC, an established player in the cybersecurity arena, acquired CloudShield Technologies, Inc. in February of this year.
The acquisitions are likely to continue as well.
“I would not rule out an acquisition or two for MCTS before the end of the year,” Varner said.
So what are some of the hottest areas in cyber right now?
“Securing the application, the cloud and identity management/access control, are particular areas of interest from both a software and services perspective,” according to Kipps. “While these are hot areas receiving considerable attention, it’s important to acknowledge that the network security puzzle hasn’t been solved, and remains the foundation of the multilayer security solution.”
The growing focus on cybersecurity is particularly helpful to small and mid-sized companies with core competencies in the cyber arena. The acquisition environment is quite attractive, with a large number of potential buyers that spikes valuations.
Nevertheless, there are some challenges companies looking to carry out mergers and acquisitions face.
“The biggest challenge may be quantifying the opportunity,” Kipps said. It is more difficult to diligence the smaller firms, many of which have not been around for a significant period of time.
For Kipps, “Cybersecurity is an arms race of sorts, with competitors trying to both stay one step ahead of the competition and ideally two steps ahead of the threat.”
The Long Road Ahead
The cyber market is still a growth industry, particularly with very little U.S. strategy or actions in cyberspace clearly defined. Two very important issues will set the tone for the future of cybersecurity contracting. One is the passage of any of the numerous cyber bills pending before Congress.
The Cybersecurity Act of 2009 bill, which has passed out of committee, is likely to be the first piece of cyber legislation through the Senate this year. The bill calls for the creation of a cybersecurity advisory panel, to be composed of members from government, industry, academia, non-profits and interest and advocacy groups.
Some major areas for potential contracts are the creation of a cybersecurity dashboard, the creation of regional cyber centers along with research and development funded by the National Science Foundation.
The second is the standup of U.S. Cyber Command, headed by Gen. Alexander who will also remain as director of the National Security Agency.
“The standup of U.S. Cyber Command will shape the future of a lot of cyber activity and the primary cyber customer areas,” Varner said.
Some experts estimate the U.S. government has only 1,000 skilled cyber professionals. As a result, particularly with the standup of CYBERCOM, the government will increasingly look to the private sector to enhance cyber capabilities by providing the skilled professionals needed to defend U.S. government networks.
The cyber market is still relatively new and companies still have the opportunity to enter the market through acquiring or organically building capabilities. The time to enter the market is now, and a skillful acquisition of a company that can provide cyber capabilities would enhance the portfolio of any company.