With the recession gripping the country, cybersecurity is emerging as one of the hottest, lucrative sectors of the U.S. economy, with dramatic growth likely to be fueled by new spending by the Obama administration, industry officials and lobbyists say.
Officials with private firms and technology associations say they have high expectations that the new president and his administration will do more to protect federal electronic networks, secure critical infrastructure and improve information sharing.
Homeland Security Secretary-designate Janet Napolitano told senators at her confirmation hearing last week that cybersecurity is an area she intends "to plow very deeply, very quickly."
"I think we are, in some important respects, at the beginning of attacking the attacks," she said. "I know that [President-elect Obama] has said several times that this is an area where he wants to get a national strategy and a national coordinated plan going."
And outgoing Director of National Intelligence Mike McConnell told reporters last week that cybersecurity "is the soft underbelly of this country."
To that end, industry officials expect spending on the so-called Comprehensive National Cybersecurity Initiative to exceed an original $30 billion estimate over the next seven to 10 years.
"It's a lot of money and if you're in government IT it's a growth area and you need to be there." said Jeremy Grant, a Washington-based senior vice president of Stanford Group Co., which analyzes market trends and advises investors. "And if you're not there you're probably going to be missing out on some business,"
Eye on the Prize
Industry officials do not expect Obama to make any sudden changes to the National Cybersecurity Initiative, which debuted last year under the Bush administration. And, at least for now, they have more questions than answers regarding what Obama will actually do.
But the technology sector hopes to see more transparency for different aspects of the initiative, along with more collaboration between government and industry as policy decisions are being made, said Liesyl Franz, a former Homeland Security Department cybersecurity official now in charge of information security programs with the Information Technology Association of America.
"I would say that cybersecurity is definitely one of the top priorities for the ITAA membership and industry in general," she said.
Companies are preparing to launch a lobbying blitz if the new administration and Congress try to pass legislation that creates onerous or questionable cybersecurity mandates on private industry in an attempt to monitor and protect the Internet.
They also are not wasting any time positioning themselves to win rich government contracts.
For example, prominent firms that do extensive government business in defense electronics -- such as Lockheed Martin Corp., Harris Corp. and Raytheon Co. -- recently established business units dedicated to cybersecurity.
"We're entering this area more aggressively than we have in the past because we believe it's essential to the future of our business," said Lee Holcomb, a vice president at Lockheed and former Homeland Security chief technology officer.
Harris established its cybersecurity center in conjunction with the Florida Institute of Technology. Together, they are in the process of writing grant proposals to obtain federal funding for research.
"There are already indications that there will be requirements for constant, ongoing vulnerability management of federal IT systems -- taking a proactive approach towards information security by closing the holes before they can be exploited," said retired Air Force Maj. Gen. Dale Meyerrose, now vice president for cyber and information assurance at Harris.
Meyerrose was named to the post last week after previously serving as chief information office for the director of national intelligence.
The technology industry also is not short on recommendations for what the Obama administration should consider when crafting cybersecurity policy.
ITAA, for example, put its recommendations in a paper given to Obama's transition team. The association said Obama should appoint a cybersecurity advisor in the White House, build upon the National Cybersecurity Initiative, develop international coordination for cybersecurity efforts, and, of course, improve public-private partnerships.
The nature of what to protect through cybersecurity is also changing, Meyerrose said. Securing networks has been the primary focus for the government. But Meyerrose believes network protection is going to become less important as other practices evolve, such as cloud computing, which is shared computing over the Internet.
With that, the focus of cybersecurity efforts will be on data handling and protection, Meyerrose said.
He also believes the new administration needs to discuss whether average citizens should be required to use security measures, such as anti-virus protection, to access the Internet - similar to requirements placed on government employees.
Such a debate would likely stir contentious privacy and civil liberties debates. "I am hopeful that the incoming administration will force that discussion," Meyerrose said. "In the cyber world, a risk taken by one is one shared by all."
The Obama administration should also recognize that cybersecurity is an international issue, so it requires alliances and collaboration with other countries, said John Osterholz, who heads the technical council of the nonprofit Network Centric Operations Industry Consortium.
"This is inherently an international issue," said Osterholz, who is also a vice president at BAE Systems. "We think that the Obama administration is going to pay attention to that."
The new administration must also take into account how cybersecurity vulnerabilities could paralyze companies that rely on just-in-time inventories, especially in the pharmaceutical industry and for owners of critical infrastructure, Osterholz added.
"The Obama team has articulated very clearly that they want to go forward with implementation of information technology that increases transparency and increases the responsiveness and timeliness of services to citizens," he said. "Given that that's the case, there has to be an environment that supports that."
Watching the Hill
While the technology industry is eager for contracting work, it is also keeping a keen eye on cybersecurity legislation that the new administration and Congress is expected to craft.
Companies will oppose what they view as costly or bad federal mandates or standards on their industry, or mandates that they believe wrongly restricts what federal agencies can do.
"Industry will support carefully crafted and specific legislation as the basis to deal with the issue of cybersecurity," said Matthew Eggers, manager for national security and emergency preparedness at the U.S. Chamber of Commerce. "We're looking forward, frankly, to having a good relationship with the new administration."
For now, there is little information on what Congress might do, especially since Rep. Jim Langevin, D-R.I., recently stepped down as chairman of the House Homeland Security Emerging Threats Subcommittee. He is considered one of the most proactive and informed lawmakers on cybersecurity issues in Congress.
But any legislation that does move is likely to be caught in turf battles among competing congressional committees, such as Homeland Security, Judiciary, Commerce and even possibly Armed Services, industry officials said.
One industry official recalled the battles fought over the 2007 legislation to implement unfulfilled recommendations of the 9/11 Commission. "Imagine having to go through that again with cybersecurity legislation," the official said.