Even as defense budgets and even overall federal discretionary spending decline, one area that is likely to remain fairly secure or even grow in the years to come is cyber security. The reason for this is simple: the threat to federal, state and local governments, the military, critical infrastructure, private corporations and even individual Americans is growing both in quality and quantity almost daily. Secretary of Defense Leon Panetta has warned of what he termed a cyber “Pearl Harbor.” The director of the National Security Agency, General Keith Alexander, called cybercrime “the greatest transfer of wealth in history.” General Alexander was speaking of the full range of cyber crime which includes not only scams and identity theft but bank fraud and, most significantly, the theft of invaluable corporate intellectual property. The recent successful hacking of the personal computer of the former Chairman of the Joint Chiefs of Staff, Admiral Michael Mullen, USN (Ret.), is a reminder of how vulnerable each of us is as individuals to the cyber threat.
As a serious cyber threat to the military and critical infrastructure and networks began to emerge in the early 2000s, the federal government, particularly the Department of Defense but also the Department of Homeland Security, turned to private companies, including many of the best names in defense, to help provide solutions. Over the years, these companies have developed impressive capabilities, including data bases, tactics, techniques and procedures, software tools, and trained personnel. These capabilities have been employed both to help defend government networks and systems and to secure the companies themselves from cyber attack.
Take Lockheed Martin as an example. The company is the largest supplier of IT services and solutions to the federal government. It also is unusual insofar as the decision was made in the 1990s not to outsource its IT systems and cyber security activities but instead to maintain, manage and secure its corporate IT systems and networks. As a private company responsible to shareholders, whatever was done with respect to cyber security had to show a return on investment. What Lockheed Martin discovered was that there was a direct relationship between creating an efficient, reduced cost IT network and enhancing that system’s security. In addition, because the company chose to take on the responsibility for self-defense against cyber threats it also developed a powerful set of capabilities, including several cyber security centers staffed with a multi-disciplinary group of intelligence analysts, software programmers, systems engineers and IT service professionals as well as proprietary and customized COTS-based tools. All of these skills have proven useful in supporting government clients and can be of particular value in the commercial world which has to be sure that there is a return on investments in cyber security.
Other companies have developed similar capabilities in their efforts to provide security for their own and government IT systems. Companies such as General Dynamics, BAE Systems, Northrop Grumman and ManTech have developed a wide range of cyber security capabilities and solutions including cyber security operations centers, state-of-the-art digital forensics tools, threat visualization systems, open source network security solutions and secure data transfer capabilities, to mention just a few items. In many instances, cyber security is treated as an integral part of contracts to provide government agencies and the military with other IT and data services including cloud computing, the collection, processing, exploitation and dissemination of intelligence information and the amassing and manipulation of big data sets.
The skills and capabilities developed over years of working to build, maintain and secure both government networks as well as their own have given many of these defense companies enormous capabilities relevant to the security needs of the private sector. To the degree these companies have implemented some or many of their cyber security solutions to protect their own operations they are readily able to extend those solutions to the particular needs of specific sectors of the economy such as banking and finance, energy, health care and transportation. The explosion in the number and variety of mobile devices carries with it a demand for improved functionality and security of IT architectures and networks that are constantly expanding and changing. This will increase the demand for the kind of cyber security solutions that the smart defense companies are already developing for the military. This could be a major growth area for defense companies challenged by declining defense department budgets.