Defense contractors eye cybersecurity bonanza

The industry side of the military industrial complex is on the scent of the federal government's cybersecurity dollars.

Bloomberg has a year-end rundown on the efforts of the big defense contractors to tap into a market that could swell to $11 billion by 2013. Boeing and Lockheed, for instance, both set up new cyberdefense business units in the last six months, the news agency says, while Raytheon in the last 18 months has acquired a trio of network security providers and is looking to boost the number of its certified security engineers by 50 percent in 2009.

"The whole area of cyber is probably one of the faster-growing areas" of the U.S. budget, Lockheed executive Linda Gooden told Bloomberg.

Whether that is money well spent, however, is a separate question, as CNET News' Declan McCullagh pointed out recently in a look at the efforts of the U.S. Department of Homeland Security. Formed in 2002, the DHS has always had a stated mission of combating cyberterrorism.

More than six years later, and after spending more than $400 million on cybersecurity, DHS still has not accomplished that stated goal....

Along the way, DHS was regularly receiving poor grades--including an F--on computer security report cards released by a congressional oversight committee.

In fiscal 2008 alone, the federal government spent $115 million on the department's National Cybersecurity Division.

And that, of course, is just a drop in the bucket of Washington's monetary outpouring. Altogether this year, the U.S. government is expected to spend $7.4 billion to secure military, intelligence, and other agency computer networks, Bloomberg reported, citing market researcher Input.

Wired's Threat Level blog says that the outlays -- and defense contractors' need to acquire expertise --

will only be good news for computer security firms that have been struggling to stay afloat the last few years when the government and private sector showed little interest in spending money to secure computer networks.

In December, a commission established by the Center for Strategic and International Studies urged that President-elect Barack Obama create a National Office for Cyberspace. "America's failure to protect cyberspace is one of the most urgent national security problems facing the new administration that will take office in January 2009," the cybersecurity policy report says. "It is a battle we are losing."

Over the summer, when he was still a candidate, Obama said he would make national cybersecurity policy and leadership a top priority.

[groink_hi]

The problem I see here is that just getting a job at any of these places requires top secret security clearance. There are only a limited number of ways you can obtain such clearance:

1. Hope that the hiring contracting company pays for the clearance. Very rare! It costs over $10k, and the person gets to keep the clearance even if he leaves the contract. Same problem with paid training - people will leave the company once they get what they wanted. So, most contracting companies are reluctant to hire someone with no clearance. And, you cannot even request for security clearance unless you have a contract that requires it. Basically a catch-22 - you can't get the job unless you have clearance, and you can't get clearance unless you have a job that requires it.

2. Join the military and attempt to get your clearance through there (it isn't automatic from what I've been told.)

Therefore, most people who are really good at security cant' get these jobs. So they're left with hiring what I call the "B" team - retired military personnel, and people who were laid off or had their previous security contract expire. If the government wants GREAT security people, they should allow the really good guys to obtain the clearance on their own. They still need to pay the money for the clearance, but at least they wouldn't need to get the contract first.

[cshanek]

You were correct in stating that it costs OVER 10k to obtain a TS Clearance. It costs about 50 to 90 K OVER 10K (60k-100k), and typically takes well over a year to obtain. Many prior military types take whatever means necessary to obtain Graduate/Post Graduate education and can do more than hold their own in their fields. Take software engineering for instance. Out of all the CMMI 5 Companies in the US, DOD contracts and companies make up a surprisingly large percentage.

In all honesty, not too many entities, civilian or otherwise, have succeeded in handling cyber security issues in their entirety.