National Journal July 23, 2011 All Aboard The Cyberwar Express
With cuts looming in traditional military spending, cybersecurity has become the Next Big Thing for defense contractors. Less clear is what the public is getting. By Chris Strohm If you pay them, they will come. When Deputy Defense Secretary William Lynn spoke at a conference of top cybersecurity experts in February, he delivered just the message that defense contractors wanted to hear. “It is going to take a public-private partnership to secure our networks,” Lynn declared, assuring his audience that the Pentagon would be spending billions of dollars a year on cybersecurity and needed their help. “Throughout American history, at moments of great challenge and crisis, industry and the private sector have stood up, partnered with government, and developed the capabilities to keep our country safe.” The Pentagon’s fiscal 2012 budget request includes $2.3 billion to safeguard its networks from cyberattacks, but that’s only one piece of the action. The White House Office of Management and Budget estimates that total spending on information security this year will be about $12 billion, with two-thirds of that at the Defense Department. The cyber-industrial complex already employs the equivalent of 79,000 full-time workers, almost half of whom work for private contractors. The money flood has spawned a raft of new specialty firms and prompted traditional defense contractors to go on a buying binge. Big players such as Boeing and Raytheon are paying steep prices to acquire little-known specialty companies, including some that are only a few years old. It’s the price of admission. The results are apparent in the landscape around Fort Meade, Md., home to the U.S. Cyber Command as well as the National Security Agency and the Defense Information Systems Agency. Dozens of firms, some new and some old, have set up shop nearby. Science Applications International launched a Cyber Innovation Center in Columbia, Md., last September. Northrop Grumman opened its 6,300-square-foot Cyber Security Operations Center in suburban Maryland in 2009. Not to be outdone, Lockheed Martin has built a 25,000-square-foot NexGen Cyber Innovation and Technology Center in nearby Gaithersburg. Cybersecurity and intelligence were the hottest sector for mergers and acquisitions in 2010, according to an analysis by Aronson Capital Partners, a middle-market investment bank. Boeing paid $775 million last year for Argon ST, a six-year-old firm that had become a hot niche player in electronic warfare. Argon makes systems for ships, submarines, and aerial drones that scoop up and analyze all kinds of communication signals. Boeing’s offer of $34.50 per share last June represented a 41 percent premium over Argon’s market value. In another large deal, Raytheon paid $490 million in December to buy Applied Signal Technology. “This sector remains ripe for consolidation as larger contractors align their capabilities with federal spending priorities,” Aronson Capital Partners wrote in a summary of 2010 activity. Translation: The big boys know this is more than a fad, and they will buy their way in. State governments and academic institutions are chasing the money, too. Gov. Martin O’Malley has declared that Maryland will be “the epicenter of cybersecurity,” and has even created a branding concept: “CyberMaryland.” More substantively, the University of Maryland has set up a “Cyber Incubator” at a research park tied to its Baltimore campus. The 110,000-square-foot building houses 16 companies, including one called Cyber Map, which has created an online map of all things cyber in Maryland. The money isn’t just around Fort Meade. NSA is building a $1.5 billion data center in Utah to help protect federal computer systems, including those at civilian agencies. The Defense Advanced Research Projects Agency is seeding projects across the country, including a $24 million “Cyber Genome” project to map the “DNA” of malicious code and a $16 million project to camouflage virtual networks. Amid the frothy exuberance, many analysts worry about wasteful spending. Analysts and government watchdogs warn that the government hasn’t clearly defined its needs, making it hard to know which problems are real and which are just excuses to spend money. They also fret about a lack of coordination among the scores of agencies, saying that it sets the stage for duplication. “There’s a huge opportunity for everyone to run to these agencies and to sell,” says Mieke Eoyang, director of the national-security program at Third Way, a centrist Democratic think tank, and a former staff member on both the House Intelligence and House Armed Services committees. “But without some overall guidance that’s coordinated about what level of security [is needed], we’re not fixing the problem.” That is probably an understatement. In fact, no one really knows exactly how much money is being spent. The White House Office of Management and Budget estimates that the total is $12 billion this year. But Deltek, an industry consulting firm in Herndon, Va., puts the figure at about $9.5 billion and says it’s climbing fast. Secrecy threatens to make the uncertainty even worse. Each federal agency has to have its own cyberstrategy, yet OMB won’t publicly disclose what each one is spending—or on what. Can anyone say waste, fraud, and abuse? _______________________________________________ Infowarrior mailing list [email protected] https://attrition.org/mailman/listinfo/infowarrior
