New funding to protect cyberassets catches industry attention
- By Alice Lipowicz
- Feb 22, 2008
With federal government spending on cybersecurity
set to sharply increase in the final
budget submitted by the Bush
administration, contractors are
looking hard for fresh business
opportunities. Although opportunities are
starting to take shape, they are not as clear as
some contractors would like.
A dramatic rise in attention and federal
funding for cybersecurity and infrastructure
protection is expected in fiscal 2009. Recent
- Proposed spending on information technology
security in fiscal 2009 is $7.3 billion,
10 percent more than in 2008.
- Financial support for a new classified
White House cybersecurity directive signed
by President Bush in January and to be
carried out by intelligence agencies could
be in the $6 billion range each year. The
initiative could include more aggressive
actions to monitor the Internet and block
and disable cyberattackers.
- The Homeland Security Department's
National Cyber Security Division is slated
to receive $293.5 million for enhancing the
protection of federal networks. This
includes additional funding for the U.S.
Computer Emergency Readiness Team.
- The Air Force expects to pick a permanent
location for its Cyber Command by
December. It has released a wish list of
projects totaling $399 million.
Cybersecurity has been a national security
concern for more than a decade, but public
attention has skyrocketed with reports of data
losses and cyberespionage. In 2007, Congress
heard accounts of foreign hackers breaking
into the networks of military agencies and
defense contractors and stealing huge
amounts of sensitive data. Such attacks likely
will intensify this year, according to a
December report from the SANS Institute.
With billions of dollars in the
pipeline, more contracting work is
sure to follow. But details are
fuzzy because much of the new work will occur
in the classified arena and cybersecurity contracts
historically have been difficult to chart.
"It is pretty clear there are dollars there for
cybersecurity, but how quickly will there be a
spending plan? I'm not sure," said Scott
Hastings, former chief information officer at
DHS and now a partner at Deep Water Point
LLC, a consulting firm in Washington. "One of
the challenges will be defining the problem."
"I am sure there will be an expansion of
business related to cybersecurity, but we cannot
see all the budget numbers," said Ray
Bjorklund, senior vice president at FedSources
Inc., a research firm in McLean, Va. Some
classified budget figures will leak out to the
media, but some will not.Enemy at the gates
Confusing matters is the fact that some people
view federal cybersecurity as everything the
government does to protect its systems and networks,
and others say cybersecurity only occurs
at a higher level and involves protecting critical
networks, the Internet and civilian infrastructures,
such as energy plants and oil pipelines.
There also might be arguments among the military,
intelligence agencies and DHS over who
gets the increases in cybersecurity.
Cybersecurity might be a hot topic in
Congress, but there is a chill in the air
regarding some discussions of the topic. For
example, Rep. Bennie Thompson (D-Miss.)
strongly criticized the promotion of DHS
CIO Scott Charbo to be undersecretary of
National Protection and Programs, overseeing
"Given his previous failings as chief information
officer, I find it unfathomable that you
would invest him with this authority,"
Thompson wrote to DHS Secretary Michael
Chertoff. "This decision raises concerns about
the seriousness and credibility of the administration's
Thompson also reiterated concerns he first
made public in September about evidence of
Chinese hackers penetrating networks set up
by contractor Unisys Corp. in connection with
an IT contract with the Transportation
Security Administration. Unisys officials said at the time that they had
followed all security protocols
and made the
Thompson has asked the
general to investigate.
DHS responded Feb. 13 with
a letter of praise for Charbo and a
list of his accomplishments. "The letter has
not alleviated our concerns," said Dena
Graziano, a spokeswoman for Thompson.
Privately, some insiders close to the situation
say it is a frustrating example of how a cybersecurity
breach can become mired in politics.
Even with the high-profile increases in
spending, the overall picture of cybersecurity
contracting is still unclear because much of the
work will be classified. Budgets for such initiatives
are notoriously difficult to pin down.
"The classified nature of the new directive
makes it a bit tough to sort out exactly where
money will be spent," said Jeremy Grant, senior
vice president at the Stanford Group Co.
investment research firm. "Formal fiscal 2009
IT security numbers released by the Office of
Management and Budget show only a 9.8 percent
increase, but the fact that a lot of this
work will be done in classified agencies suggests
that there is a much bigger number that
has yet to be revealed."
Despite President Bush's lame-duck status,
Congress is likely to agree with the new cyber
priorities, at least partially, experts say,
because the cyberthreat has grown dramatically
and many Democratic leaders have been
calling for more attention to cyber
priorities for several years.
Lawmakers are also considering
a new approach
to the Federal
Management Act to
make it more performance-
and less focused on
"We support tweaks to
FISMA to strengthen information
security," said Tim
Bennett, president at the Cyber Security
Industry Alliance, a coalition of organizations
and corporations. The alliance also backs the
"Clearly, we are all seeing increasing awareness
of the growing threat to our networks,
and the government is responding to that,"
Although spending on cybersecurity is likely
to increase, it might be difficult to immediately
spot many of the gains in contracting.
That is because IT security projects often are
folded into larger projects. Aside from the
basic computer and network protections,
which have mostly been accomplished already,
cybersecurity work has been viewed in terms
of subcontracts to larger IT contracts. That
could change as more dollars begin to flow,
with larger systems integrators emphasizing
their cyberabilities.Big-picture approach
The 2009 budget is likely to include funding
for software and support along with legal and
investigative assistance. It also might pay for
counterattacks in cyberspace and conventional
military responses. A portion of the funding
could help support the Air Force's new Cyber
Command, for example.
"Cybersecurity is a problem that requires a
solution beyond an infrastructure fix," said
Richard Colven, vice president of executive
programs at research firm Input Inc., of
"Our adversaries have become more sophisticated,"
Bjorklund said. "To be able to protect
against threats in this cyber environment
takes more money."
As the complexity of cybersecurity increases,
it is possible that systems integrators will
take a more comprehensive approach, he
added. Several major federal contractors have
robust cybersecurity units, and that emphasis
is likely to grow, he said.
"Systems integrators will have to become
more comprehensive and integrated in their
approach," said Chris Campbell, a senior analyst
at Input. "I haven't seen it yet, but it could
happen." That trend would signal a change
from the government's piecemeal handling of
cyber concerns in the past, he said.Alice Lipowicz (firstname.lastname@example.org) is a staff
writer at Washington Technology.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.