Joint Venture Plugs Network Security Holes

By Nick Wakeman, Staff WriterTrident Data Systems Inc. of Los Angeles had the security technology and L-3 Communications Corp. of New York had the money and the market reach. And with the formation last year of their joint venture, L-3 Network Security, the two created a company geared to attack the changing nature of network security.Based in Denver, the independent company is going after both government and commercial work with a risk management approach that starts when a network is being developed, said Corey King, vice president of government operations for L-3 Network Security.Formed in August 1998, L-3 Network Security hit $3.5 million in revenue in its first year with roughly a 50-50 split between government and commercial clients, King said. It has about 48 employees.Because of growing security concerns in the government, King said he expects to see his company double its revenues every year for the next three to five years.The company has two primary products, Retriever, which helps identify security vulnerabilities, and Expert, which is a risk management tool. But the approach to the market is not to sell products but to sell a solution, he said.In the government market, the company is working with a variety of systems integrators including GTE Corp. of Irving, Texas, Lockheed Martin Corp. of Bethesda, Md., OAO Corp. of Greenbelt, Md., Trident Data Systems and Unisys Corp. of Blue Bell, Pa.Through these partners, L-3 Network Security is a subcontractor on several major contracts, including the General Services Administration's Program Safeguard, which is a vehicle for selling critical infrastructure protection services, and GSA's Millennia and the Department of Transportation's Information Technology Omnibus Procurement II contracts, both of which are large multiaward IT services contracts."And we are always looking for more partners," King said. The type of companies that L-3 Network Security is looking to partner with are ones that are providing network support and development to government agencies, he said.Some of its major customers include the Air Force, Army, Federal Aviation Administration and the National Weather Service.The government's approach to network security issues has changed drastically because of lessons learned from the year 2000 date code problem and from the rise of electronic commerce, industry officials said.Network security used to be a relatively simple proposition, said Stephen Hunt, an analyst with the market research firm Giga Group of Norwell, Mass. "We only had to construct a hard and clear boundary between us on the inside and them on the outside," he said.But electronic commerce initiatives require multiple systems to have to communicate, both inside and outside an organization, Hunt said. "You have to fight the battle on multiple fronts," he said.L-3 Network Security's approach to this problem is a methodical and multi-layered one, King said. The company's tools can identify what assets are vulnerable, what the threats are, and what impact those vulnerabilities and threats will have on an agency's business processes, he said.The best way to implement security measures to assure an agency's mission is to make security an integral part of the planning process, King said. "Security too often is an add-on after a system is built," he said.But that attitude appears to be changing, according to findings of a market research study by the Electronic Industries Alliance, which conducted more than 500 interviews with government and industry officials about future IT purchasing plans."The key thing we heard was that security is not just about products, but it has to be integrated in building a system," said Michael Kush, vice president of marketing and strategy for Electronic Data Systems Corp.'s government unit. Kush helped conduct the EIA study."The government is demanding that we include information security in whatever we are building," he said.For L-3 Network Security, that shift could mean more opportunities like the project it is doing for the Electronic Systems Center at Hanscom Air Force Base in Massachusetts, King said. L-3 is a subcontractor on the project to Trident. King declined to disclose the value of the contract.But L-3 Network Security is helping the Air Force plan the acquisition of weapons systems by identifying vulnerabilities and building security into the systems, King said.King said his company can help provide information to policy-makers to aid in decision making and provide information to operations personnel. "In a lot of cases, people don't have the ammunition to take to senior decision makers to show how great security impacts their operations," he said.Security threats also are not static, so security procedures need to be part of the way a system operates, King said. Even after a network is built, new security threats can arise, "because a network is like a living, breathing thing. It grows and changes everyday," he said.