Defense firms getting into computer-network security business

By Gopal Ratnam

BOSTON — Lockheed Martin Corp. and Boeing Co. are deploying forces and resources to a new battlefield: cyberspace.

As the U.S. government increases spending for protection against computer attacks, new units of these military contractors are aiming to capture a share of a market that may reach almost $11 billion by 2013.

President George W. Bush announced a national cybersecurity plan in January 2008 to be supervised by the Department of Homeland Security, after an increasing number of attacks on U.S. government and private sector networks by groups linked to foreign governments, organized crime gangs and hackers. President-elect Barack Obama has pledged to appoint a "chief technology officer" to oversee the effort.

"The whole area of cyber is probably one of the faster-growing areas of the U.S. budget," said Linda Gooden, executive vice president of Lockheed's Information Systems & Global Services unit, which includes a cyber-defense operation launched in October. "It's something that we're very focused on. I expect there will be a significant focus under Obama."

U.S. government spending to secure military, intelligence and other agency computer networks is forecast to rise 44 percent to $10.7 billion in 2013 from $7.4 billion this year, according to a report by market forecaster Input.

The number of security breaches of U.S. and private-computer networks reported to the Computer Emergency Readiness Team of the Homeland Security Department almost doubled to 72,000 in the fiscal year ended in October from about 37,000 the previous year, agency spokeswoman Amy Kudwa said in an interview.

Boeing, which bases its Integrated Defense Systems unit in St. Louis, set up its Cyber Solutions division in August because of a realization by the company that it's a very serious threat, Barbara Fast, vice president of the unit, said. "It's not a question of if we'll be attacked but when and how will we be prepared."

The possibility that the Obama administration may devote more resources to securing the nation's networks is attracting defense contractors to compete with established providers like McAfee Inc. and Symantec Corp.

New York-based L-3 Communications Holdings Inc., and San Diego-based SAIC Inc., also have created special cybersecurity units. Their spokesmen declined to comment.

U.S. government agencies received an overall grade of C on computer security in fiscal 2007, according to a May report by the U.S. House Oversight and Government Reform Committee. The Pentagon's D-minus was an improvement over its failing grade in 2006, while the Treasury Department, the Nuclear Regulatory Commission each scored an F. The Justice Department earned an A.

Many of the government agencies also were found lacking a crisis-response plan if their networks were to suffer a series of breaches, based on the outcome of a cybersecurity game organized Dec. 17 and 18 in Washington by the consulting firm Booz Allen Hamilton and the non-partisan Business Executives for National Security.

In the game, players were told that university students received free portable computer drives and compact discs at a sports event. When the discs were plugged into computers, malicious software embedded on the devices spread, causing shutdowns of computer networks in the U.S. government, financial institutions, and the transportation sector.

"We need to have a plan tailored for a cyber crisis," Michael Chertoff, secretary of homeland security, said at the end of the simulated exercise.

"If the U.S. computer networks are attacked by a terrorist group or a foreign government, is this an act of war? How do we respond?" he said. "We haven't put together that strategy yet."

President-elect Obama must assert that the cyber-infrastructure of the United States is a vital asset for national security and the economy, according to a Dec. 8 report by the Center for Strategic and International Studies, a Washington think tank.

That's just what Obama said he will do.

"I'll declare our cyber-infrastructure a strategic asset, and appoint a National Cyber Adviser who will report directly to me," he said in a July address at Purdue. "We'll coordinate efforts across the federal government, implement a truly national cyber-security policy, and tighten standards to secure information."

Congress, too, will examine U.S. antitrust laws that may restrict companies from sharing information on cyber attacks in a crisis, said Rep. James Langevin, D-R.I., and chairman of the House Homeland Security Subcommittee on Cybersecurity.

"It's going to be a multiyear, multibillion-dollar project to get the right cybersecurity mechanisms in place," he said.