After a year that saw destructive cyberattacks on major U.S. companies, President Obama’s call to stiffen America’s digital defenses could help bolster the bottom lines of top defense and aerospace contractors facing cutbacks in Pentagon spending.
In his State of the Union address Tuesday, Obama urged Congress to pass legislation to help battle the cyber spies, thieves and saboteurs who have wreaked havoc at major U.S. financial institutions, communications companies, retail chains and other civilian companies and infrastructure. The proposed bill would enhance information sharing between government and the private sector.
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” Obama said. “We are making sure our government integrates intelligence to combat cyberthreats, just as we have done to combat terrorism.”
Although the danger is not new, industry executives watched fearfully last year as hackers destroyed computer systems at Sony Pictures Entertainment; burrowed into digital networks at the nation’s largest bank, JPMorgan Chase; stole tens of millions of Americans’ credit card details and personal data from Target and Home Depot; and launched cyberintrusions against hundreds of other companies.
“2014 was the year that the hack went viral,” said Lillian Ablon, a cybersecurity analyst at Rand Corp., a research organization based in Santa Monica. “As a result, more companies are realizing that they need to become more proactive than reactive in their cyberdefenses.”
Some defense contractors now see an opportunity to tap into a rapidly growing digital arms race in the private sector, both at home and abroad.
The stakes are potentially huge. Gartner, an information technology research firm, estimates that governments and companies around the globe will spend $77 billion this year on cyberprotection, and that the tally will grow by 8% a year for the next decade.
“Defense contractors are simply following the money,” said Peter W. Singer, a fellow at the nonprofit New America Foundation in Washington and coauthor of the book “Cybersecurity and Cyberwar.”
“It’s in their interest to do so,” Singer added. “First, they were targets of hacking attacks. Then they developed their own defenses. Now they found a way to monetize it.”
Lockheed Martin Corp., best known for building warships and fighter jets, also has developed a fast-growing business segment providing cybersecurity services to more than 200 other companies.
“The fact that the president is shining a spotlight on the importance of cybersecurity in the commercial sector is helpful,” said Rich Mahler, director of commercial cybersolutions at Lockheed Martin Corp. “We are seeing increased awareness of the seriousness and pervasiveness of cyberthreats across executive committees and boards of directors.”
Federal agents notified more than 3,000 U.S. companies in 2013 that their computer systems had been hacked. Analysts say the pace of attacks only increased last year.
“All of us perceive the commercial side of the cyber business growing faster and larger than the federal side,” said Peder Jungck, chief technology officer of BAE Systems Inc., which is better known for building Bradley armored vehicles than software. “Cyber isn’t a hobby. It’s a significant business for us.”
BAE Systems paid $232.5 million in October to buy Perimeter Internetworking Corp., a commercial cyber service provider with 5,500 customers in the financial services, retail, healthcare and manufacturing sectors. It was the ninth cyber-related firm that BAE has bought since 2005.
Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, echoed the danger during a visit to Rome. According to the Pentagon news service, he said cybergaps in the private sector pose a serious threat to national security.
The U.S. military depends on commercial networks, so the strongest military cyberdefense still could be threatened by a weak link elsewhere, Dempsey said.
“We have authorities and capabilities that allow us to do a pretty good job of defending ourselves,” he said. “But the vulnerability of the rest of America is a vulnerability of ours, and that’s what we have to reconcile.”
Over the last decade, U.S. aerospace and defense firms raced to develop secure computer systems to stave off persistent threats from cyberspies from Russia, China and other countries.
Contractors positioned themselves by hiring former U.S. officials, partnering with universities to recruit young talent, and buying established firms. They soon began selling their software systems to the government and commercial customers in oil and gas, financial services and pharmaceutical industries.
Still, not every aerospace company has found success in cyber.
Boeing Co. sold its commercial cybersecurity business last week to Symantec Corp., maker of Norton Antivirus software, after it didn’t achieve the financial payout it expected.
Boeing continues to provide cyberprotection to its own internal networks and under contract to some defense programs.
Ed Hammersla, head of cyberproducts for Raytheon Co., maker of the Navy’s Tomahawk cruise missiles, said he expects the company’s commercial cyber business to surge past government contracts in the future. But he said Raytheon won’t forget about its main customer, the U.S. military.
“There are certainly more users of networked computers and devices in the commercial sector than government,” he said. “Our strategy has been to invest in products that are relevant in both.”