Government contractors look at securing commercial networks
Unless they're buying low-priced sneakers, battle tank designers don't interact much with discount retailers. Still, when cyber thieves stole millions of customer records in 2007 from TJX (TJX), the operator of Marshalls and T.J. Maxx, the company called in experts from General Dynamics (GD). Based in Falls Church, Va., the defense contractor is better known as the maker of the military's Abrams battle tanks. "Within hours, our forensic experts were able to identify how the breach occurred and we were able to fix the problem," says Nadia D. Short, vice-president for strategic planning at General Dynamics.
Such unconventional partnerships are on the rise. Corporations are building more complex networks to record and analyze the data from their businesses. Infrastructure is being outfitted with digital sensors to better monitor and control utility services. Those technologies will bring new efficiencies—and new cyber security risks, as critical data and infrastructure become vulnerable to attacks or theft by hackers. Networks are the "weak underbelly of the U.S.," says Timothy McKnight, Northrop Grumman's (NOC) vice-president for information security and a former FBI agent specializing in computer fraud.
Defense contractors are "uniquely positioned to solve" cyber security problems for utility companies, power grid operators, credit card processors, and others that run complex networks, says Steven Grundman, vice-president for aerospace and defense at the consulting firm Charles River Associates in Boston. Such networks are actually made up of many smaller, connected networks, and only defense companies have experience protecting so-called "systems of systems," he says. A typical IT consultancy, he adds, focuses on one company and one computer network at a time. The missile-defense program, however, required building and protecting missile interceptors, ground-, sea-, and space-based radar, and control equipment. That experience helped Boeing (BA) and Lockheed Martin (LMT) win grants last year to work with utility companies to develop prototype smart-grid systems with military-grade cyber security. The grants are part of a $4.5 billion program run by the Energy Dept.
Barbara Fast, a former U.S. Army major general and now head of Boeing's cyber security operations, says her company is at an advantage because it already works "in both commercial and government sectors, unlike any other major competitors." The cyber defenses Boeing uses to protect the fighter jets it builds for the government may be applicable to commercial planes as well, especially as the latter are increasingly "digital and need security safeguards in place," she says.
Government agencies will remain the biggest purchaser of cyber defense services. John Slye, an analyst at market researcher Input, estimates the government will spend $11.7 billion on cyber defense contracting by 2014, up 48 percent from $7.9 billion in 2009. That growth is attractive to defense contractors, especially when their traditional business of weapons development is growing no faster than the rate of inflation.
To compete for government dollars, they're hiring experts and building facilities to monitor computer networks. Northrop Grumman and Lockheed Martin both have opened cyber security centers in the last two years. Raytheon (RTN) has hired 1,600 cyber experts and will open its own lab in 2011. Such expertise puts them at a "decisive advantage" over traditional security companies, says Grundman.
The bottom line: Defense contractors are leveraging their government experience to provide cyber defenses for commercial networks.