Security blanket

New funding to protect cyberassets catches industry attention

Dollar and cents

IT security: $7.3 billion proposed
for fiscal 2009.

Classified
cybersecurity efforts: Estimated at
$6 billion.

DHS cybersecurity:
$293.5 million for network security
and intrusion detection.

Air Force
Cyber Command: $399 million
on wish list.

With federal government spending on cybersecurity
set to sharply increase in the final
budget submitted by the Bush
administration, contractors are
looking hard for fresh business
opportunities. Although opportunities are
starting to take shape, they are not as clear as
some contractors would like.

A dramatic rise in attention and federal
funding for cybersecurity and infrastructure
protection is expected in fiscal 2009. Recent
developments include:
  • Proposed spending on information technology
    security in fiscal 2009 is $7.3 billion,
    10 percent more than in 2008.
  • Financial support for a new classified
    White House cybersecurity directive signed
    by President Bush in January and to be
    carried out by intelligence agencies could
    be in the $6 billion range each year. The
    initiative could include more aggressive
    actions to monitor the Internet and block
    and disable cyberattackers.
  • The Homeland Security Department's
    National Cyber Security Division is slated
    to receive $293.5 million for enhancing the
    protection of federal networks. This
    includes additional funding for the U.S.
    Computer Emergency Readiness Team.
  • The Air Force expects to pick a permanent
    location for its Cyber Command by
    December. It has released a wish list of
    projects totaling $399 million.

Cybersecurity has been a national security
concern for more than a decade, but public
attention has skyrocketed with reports of data
losses and cyberespionage. In 2007, Congress
heard accounts of foreign hackers breaking
into the networks of military agencies and
defense contractors and stealing huge
amounts of sensitive data. Such attacks likely
will intensify this year, according to a
December report from the SANS Institute.

With billions of dollars in the
pipeline, more contracting work is
sure to follow. But details are
fuzzy because much of the new work will occur
in the classified arena and cybersecurity contracts
historically have been difficult to chart.

"It is pretty clear there are dollars there for
cybersecurity, but how quickly will there be a
spending plan? I'm not sure," said Scott
Hastings, former chief information officer at
DHS and now a partner at Deep Water Point
LLC, a consulting firm in Washington. "One of
the challenges will be defining the problem."

"I am sure there will be an expansion of
business related to cybersecurity, but we cannot
see all the budget numbers," said Ray
Bjorklund, senior vice president at FedSources
Inc., a research firm in McLean, Va. Some
classified budget figures will leak out to the
media, but some will not.

Enemy at the gates

Confusing matters is the fact that some people
view federal cybersecurity as everything the
government does to protect its systems and networks,
and others say cybersecurity only occurs
at a higher level and involves protecting critical
networks, the Internet and civilian infrastructures,
such as energy plants and oil pipelines.

There also might be arguments among the military,
intelligence agencies and DHS over who
gets the increases in cybersecurity.
Cybersecurity might be a hot topic in
Congress, but there is a chill in the air
regarding some discussions of the topic. For
example, Rep. Bennie Thompson (D-Miss.)
strongly criticized the promotion of DHS
CIO Scott Charbo to be undersecretary of
National Protection and Programs, overseeing
cybersecurity.

"Given his previous failings as chief information
officer, I find it unfathomable that you
would invest him with this authority,"
Thompson wrote to DHS Secretary Michael
Chertoff. "This decision raises concerns about
the seriousness and credibility of the administration's
initiative."

Thompson also reiterated concerns he first
made public in September about evidence of
Chinese hackers penetrating networks set up
by contractor Unisys Corp. in connection with
an IT contract with the Transportation
Security Administration. Unisys officials said at the time that they had
followed all security protocols
and made the
appropriate reports.

Thompson has asked the
department's inspector
general to investigate.
DHS responded Feb. 13 with
a letter of praise for Charbo and a
list of his accomplishments. "The letter has
not alleviated our concerns," said Dena
Graziano, a spokeswoman for Thompson.

Privately, some insiders close to the situation
say it is a frustrating example of how a cybersecurity
breach can become mired in politics.

Even with the high-profile increases in
spending, the overall picture of cybersecurity
contracting is still unclear because much of the
work will be classified. Budgets for such initiatives
are notoriously difficult to pin down.

"The classified nature of the new directive
makes it a bit tough to sort out exactly where
money will be spent," said Jeremy Grant, senior
vice president at the Stanford Group Co.
investment research firm. "Formal fiscal 2009
IT security numbers released by the Office of
Management and Budget show only a 9.8 percent
increase, but the fact that a lot of this
work will be done in classified agencies suggests
that there is a much bigger number that
has yet to be revealed."

Despite President Bush's lame-duck status,
Congress is likely to agree with the new cyber
priorities, at least partially, experts say,
because the cyberthreat has grown dramatically
and many Democratic leaders have been
calling for more attention to cyber
priorities for several years.

Lawmakers are also considering
a new approach
to the Federal
Information Security
Management Act to
make it more performance-
oriented
and less focused on
paperwork.

"We support tweaks to
FISMA to strengthen information
security," said Tim
Bennett, president at the Cyber Security
Industry Alliance, a coalition of organizations
and corporations. The alliance also backs the
spending increases.

"Clearly, we are all seeing increasing awareness
of the growing threat to our networks,
and the government is responding to that,"
Bennett said.

Although spending on cybersecurity is likely
to increase, it might be difficult to immediately
spot many of the gains in contracting.

That is because IT security projects often are
folded into larger projects. Aside from the
basic computer and network protections,
which have mostly been accomplished already,
cybersecurity work has been viewed in terms
of subcontracts to larger IT contracts. That
could change as more dollars begin to flow,
with larger systems integrators emphasizing
their cyberabilities.

Big-picture approach

The 2009 budget is likely to include funding
for software and support along with legal and
investigative assistance. It also might pay for
counterattacks in cyberspace and conventional
military responses. A portion of the funding
could help support the Air Force's new Cyber
Command, for example.

"Cybersecurity is a problem that requires a
solution beyond an infrastructure fix," said
Richard Colven, vice president of executive
programs at research firm Input Inc., of
Reston, Va.

"Our adversaries have become more sophisticated,"
Bjorklund said. "To be able to protect
against threats in this cyber environment
takes more money."

As the complexity of cybersecurity increases,
it is possible that systems integrators will
take a more comprehensive approach, he
added. Several major federal contractors have
robust cybersecurity units, and that emphasis
is likely to grow, he said.

"Systems integrators will have to become
more comprehensive and integrated in their
approach," said Chris Campbell, a senior analyst
at Input. "I haven't seen it yet, but it could
happen." That trend would signal a change
from the government's piecemeal handling of
cyber concerns in the past, he said.

Alice Lipowicz (alipowicz@110govinfo.com) is a staff
writer at Washington Technology.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
 Top 100 Slideshow
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts