The FISMA Focus IPD

From: The Washington Post

By Marjorie Censer

The government’s technology can receive a bad rap — too slow, too big, too outdated. Technology contractors rarely have the cache of consumer-oriented firms such as Apple and Google.

But in the cybersecurity field, that paradigm may be turned on its head.

Government contractors certainly hope so. Seeing an area in which the government has taken the lead, and hoping to diversify their businesses in the face of declining federal spending, these companies regard cybersecurity as a prime opportunity to develop or expand their commercial practices.

Mark J. Gerencser, who leads McLean-based contractor Booz Allen Hamilton’s commercial business, said it simply makes sense to create new bridges between the government and commercial sectors, given how interconnected the world has become.

“Cyber can’t be solved by the government alone, nor can it be solved by private industry,” he said.

Retired Air Force Lt. Gen. Kenneth A. Minihan, who formerly headed the National Security Agency and is now a managing director at Paladin Capital Group, agrees.

There is “absolutely symmetry between the critical infrastructure that the government needs and the critical infrastructure that the private sector needs,” he said.

Some analysts say the shift won’t be easy given the different language and business models required when selling to the commercial world. But that hasn’t stopped government-focused companies from making forays into sectors such as health care, energy and banking.

Hanover-based KEYW, for instance, has been known for its work with federal intelligence agencies, but recently announced it’s working on a commercial project. Fairfax-based ManTech International, squeezed by spending reductions in Iraq and Afghanistan, has also identified cybersecurity as an area where it is establishing commercial work.

The company had left the commercial market nearly a decade ago.

“I think we’re in the absolute best position we could be” in, said L. William Varner, president and chief operating officer of ManTech International’s mission, cyber and intelligence solutions group. ManTech’s experience working for the government “gives us a cache that few companies have.”

Cyber for government

The government market alone is vast. Herndon-based Deltek, which analyzes the government contracting market, estimates that in fiscal 2011, the government — which includes the Pentagon, civilian agencies, intelligence agencies and even Congress and the judiciary branch — posted about $9 billion in “contractor-addressable” cyber spending, or spending on the services and products that contractors can offer.

John Slye, an advisory research analyst at Deltek, has forecast that the sector will grow considerably in the next few years, reaching about $14 billion by fiscal 2016.

The possibility of using some of the same capabilities and expertise in the commercial world could make cybersecurity all the more lucrative.

“The dual marketplace does make it a very attractive sector,” said Elizabeth A. Ferrell, who leads McKenna Long & Aldridge’s cross-practice cybersecurity industry team.

While the government market has traditionally been a larger one, companies are seeing more possibilities in the commercial sector, though few companies will offer financial details.

Samuel S. Visner, vice president and general manager for cybersecurity at Falls Church-based Computer Sciences Corp., said there are more “addressable” cyber dollars in the public sector, “but the growth rate commercially is, I would say, outstripping it.”

Bridging the gap

Some of the most promising commercial opportunities are with the critical infrastructure companies — such as electric, power and water companies — as well as financial businesses, technology companies and health care firms, said David Z. Bodenheimer, a partner at Crowell & Moring.

For small and mid-size contractors, the commercial world can be particularly attractive, he noted.

“It’s difficult for a small business with a highly innovative solution to be able to reach the decision makers in [federal] agencies and persuade them that their product works and gets results,” he said. “They have less of a barrier in trying to sell to the commercial side.”

Companies have taken different approaches to selling commercially, but many have relied on acquisitions or partnerships. ManTech, for instance, bought cybersecurity business HBGary, which now manages the company’s commercial work.

General Dynamics is expanding its cybersecurity work, most recently with its purchase of Fidelis Security Systems. Fidelis has managed to span the two worlds; its tools, which help users monitor their networks in real-time, are sold evenly to Pentagon and commercial clients, according to General Dynamics.

General Dynamics is hardly a newcomer to the sector. It operates a cyber center near Fort Meade, and four to five years ago, was “requested by name to help some of the Fortune 200 companies … when they’d been hacked,” said Nadia Short, vice president of strategic planning for General Dynamic’s advanced information systems business.

The Fidelis deal is meant to help General Dynamics provide what she described as a more comprehensive offering.

Others have looked to commercial partners. McLean-based Science Applications International Corp. last year announced a partnership with McAfee, while Booz Allen last month announced a partnership with Bedford, Mass.-based RSA, the security division of Hopkinton, Mass.-based EMC.

“We’ve tried to build those kinds of relationships,” said Charles Beard, SAIC’s chief information officer.

Still, some are skeptical that the transition between commercial and government will be as easy as many companies hope.

Suzanne E. Kecmer, a vice president at McLean-based investment firm KippsDeSanto who specializes in cyber and intelligence, said the government and commercial businesses use different business models.

“In theory, there’s definitely interest on both sides,” she said. But “pricing is very different and speed-to-market is very different.”

Additionally, government contractors can have trouble communicating their offerings to private companies, who aren’t familiar with the terminology and don’t have government clearances.

Still, Kecmer said contractors may increasingly seek to make it work.

The likelihood of future cuts to the defense budget “is going to be a major driver for the defense companies to look elsewhere,” she said.