Catching cyber criminals
Virginia’s IT industry set for growth as government and businesses try to protect data
- February 28, 2011
Could the computer systems that run the nation’s civilian infrastructure be compromised in cyberspace? Is it really possible for an Internet virus to disable the nation’s economy in a flash?
It may sound like the plot from a drugstore novel, but Virginia’s information-technology companies know that such drama is not exaggeration. In fact, information security is a growing concern among companies and government agencies. The recent WikiLeaks’ scandal involving the publication of classified diplomatic and military cables that embarrassed the U.S government was the result of a person expropriating data.
Far more sinister is the prospect of terrorists or rogue nations exploiting vulnerable computer systems to bring down power grids, nuclear facilities, financial systems, water supplies and transportation networks. Such events would be cataclysmic, bringing the country’s commerce — not to mention people’s everyday lives — to a standstill.
“If those systems are compromised, our country would have a major national security issue on its hands,” says Christopher Fountain, president and CEO of SecureInfo Corp. in McLean.
Fountain’s company does most of its work for the federal government. However, Fountain says more and more private companies are coming to his firm for help. Among them is a Wall Street financial services company and several U.S. nuclear-power producers. “We see the commercial side as an emerging growth area,” Fountain says.
In fact, hardening civilian infrastructure is expected to be an even bigger opportunity than serving government agencies since most of the infrastructure remains in the hands of private industry.
Be it government or private business, Virginia technology companies are ramping up to serve the white-hot market for cyber security. It encompasses a variety of disciplines, including information assurance, network and database security, specialized software, and modeling and simulation, among others.
While the commonwealth’s economy has long been strengthened by robust federal contracting for IT services, these firms are under a new and intense pressure. Their mission: anticipate, identify and neutralize potential threats from creative and determined cyber criminals.
“Cyber security is analogous to fighting the war on terror. The bad guys only have to be right one time. As cyber-security providers, we have to be right 100 percent of the time,” says L. William Varner, president of Fairfax-based ManTech International’s mission, cyber and technology solutions group.
ManTech and other Virginia firms already play a leading role in cyber security, and it’s expected to be a growth area in the future. “Our universities are churning out people trained to do this kind of work. That’s why we expect Virginia to have dominance in this area,” says Keith Boswell, a managing director with the Virginia Economic Development Partnership.
It is a timely field in which to shine. The federal market for cyber security products and services is expected to grow at a rate three times higher than that of the overall IT sector, according to Input, a Reston-based research firm. A new study from Input’s analysts says that demand for vendor-furnished services by the U.S. government will increase from $38.1 billion in 2010 to $51.7 billion in 2015.
With the specter of WikiLeaks still fresh, other Virginia companies hope to pick up some new business. Officials at Raytheon Trusted Computer Solutions in Herndon are redoubling efforts to market their cyber-security portfolio more broadly to federal agencies. Among its tools is network-monitoring software that detects insider threats, plus a thin-client desktop containing neither ports nor a hard drive, thus preventing users from expropriating proprietary data.
The company says only a portion of government agencies use these technologies now. “Either one or both could have prevented that kind of thing,” COO Ed Hammersla says, referring to the WikiLeaks breach.
The clustering effect
Virginia added two defense-contracting giants to its IT sector in recent years. Northrop Grumman Corp. is relocating its corporate headquarters from Los Angeles to Fairfax County this summer. The news, announced last year, followed on the heels of the 2009 decision by Science Applications International Corp. (SAIC) to shift its corporate offices from San Diego to McLean.
The government’s desire to harden information security has led to a 13 percent spike in Northrop Grumman’s cyber business, says Tim McKnight, its vice president and chief information security officer. In response, the company is investing a “tremendous amount of money” to research new technologies, including tools that strengthen user authentication and predict attackers’ behaviors.
“Organizations are asking us for help in defending against cyber attacks that are growing more frequent and more sophisticated. They want to stem the loss of intellectual property,” McKnight says.
To implement its state-of-the-art technologies, McKnight predicts Northrop Grumman will need to hire “thousands of cyber-security experts” in Virginia during the next two decades.
As part of its managed services, McLean-based SAIC provides round-the-clock network monitoring, examining data packets for malware or viruses and “correcting them on the spot,” says senior vice president Larry Cox. The holistic approach combines tools for Internet security, data protection, behavioral psychology “and a whole bunch of other disciplines” to stymie threats from cyberspace.
Although it would not disclose long-term job projections, SAIC said it is seeking to fill about 100 cyber positions this year. It is unclear how many may be in Virginia, but Cox predicts the long-term economic growth from cyber security will be significant for the region. He likens it to the growth sparked by the space industry on the Route 267/Interstate 66 corridor west toward Chantilly.
“It changed a rural area of the state into high-tech heaven. Cyber is doing the same thing for the I-95 corridor” in Virginia, extending to Pennsylvania, says Cox, who oversees SAIC’s newly opened Cyber Innovation Center, based in Columbia, Md.
Loudoun County wants to develop a public-private cyber security research and development center. The idea is being pitched by the county’s Economic Development Authority, although it doesn’t yet have funding or a location.
The intense focus on cyber security has led to a fourfold increase in business at Herndon-based NetWitness Corp. Its “see everything” network-security technology is used by 70 percent of federal agencies and a growing number of Fortune 100 companies, says President Nick Lantuh
NetWitness closed the 2010 fiscal year by posting its 11th consecutive profitable quarter. The sustained growth creates a need for talent. Already at 100 employees, NetWitness plans to add 40 to 50 cyber jobs in 2011, according to Lantuh, and the company will move to larger offices.
Thus far, companies say they aren’t encountering shortages as they seek to fill new positions. Northrop Grumman says it has hired graduates from 21 colleges and universities in Virginia as cyber-security professionals. Four state schools — George Mason University, Virginia Tech, James Madison University and the University of Virginia — rank among the company’s top 10 sources for new hires, according to spokeswoman Marynoele Benson.
In addition to those schools, other state colleges are deeply involved in “training the next generation of cyber workers,” Boswell says. Virginia Commonwealth University, Norfolk State University, the College of William and Mary and Old Dominion University have each established cyber-related curricula, covering information systems, information assurance, computational intelligence and similar fields.
In a related move, Fairfax-based George Mason University two years ago launched the International Cyber Center to foster technology innovation and promote collaboration between private industry, law enforcement and government.
Job prospects appear promising for those who enter cyber-related fields. Employment of network and computer-systems administrators is expected to jump 23 percent by 2018, according to the federal Bureau of Labor Statistics.
Such heady growth bodes well for Virginia. According to a report last year by TechAmerica, a trade group in Arlington, 95 of every 1,000 private-sector workers in Virginia were employed by high-tech firms at the end of 2008. That reportedly is the highest concentration in the country.
In addition, the state ranks second nationally in computer systems design and related services employment — jobs with average annual salaries of nearly $90,000, Boswell says.
Virginia isn’t the only state eager to convert cyber security into a jobs-producing, investment-generating industry. Earlier this year, neighboring Maryland unveiled an initiative that Gov. Martin O’Malley said would make his state “the nation’s epicenter for cyber security.”
Maybe. For the foreseeable future, though, Virginia’s foothold in cyber security seems more than secure.