As data breaches and cyber attack threats continue to rise, it’s clear the cybersecurity market is booming. But with cyber legislation still stalled on Capitol Hill and an executive order from President Obama still looming, everyone from government officials to government contractors and corporate executives alike are considering their own measures to manage cybersecurity.
In a new, special report, the Washington Post took a deeper look at emerging cybersecurity opportunities, policies, procedures and threats for both the public and private sectors.
As federal budgets get sliced across the board, government technology contractors have started exploring new sales opportunities outside of their typical federal territories.
With approximately 85 percent of the nation’s critical infrastructure owned by the private sector, contractors like ManTech International and Booz Allen Hamilton are now offering commercial cybersecurity products and services, expanding their reach to health care, financial, energy and utilities industries, according to the Post report.
“Cyber can’t be solved by the government alone, nor can it be solved by private industry,” Mark Gerencser, executive vice president of commercial business at Booz Allen Hamilton, told the Post.
But while accommodating both sectors may seem profitable and ideal for some government contractors, others worry that selling commercially could complicate pricing and violate terms of government clearances.
With hackers continuously finding new tools and techniques to exploit vulnerabilities, many companies are considering training programs for employees to prevent them from falling victim to phishing schemes and other attacks, according to a separate article within the report.
“The weakest link has always been the individual,” Dave Papas, chief operating officer at QinetiQ North America’s Cyveillance, told the Post. “Once I can compromise one individual within an organization, I then can potentially compromise everyone.”
But beyond employee training, it’s cybersecurity expertise that’s in high demand, according to the cyber special.
With too few qualified cybersecurity professionals, many government contractors and companies are being forced to fork over larger salaries to compete for new cyber hires, particularly for candidates with security clearance.
“The need for cyber professionals across all industries is likely to continue to surge in the near future, hiring professionals say, and so, too, is the imperative to vie for talent,” the report suggests.
Defense is also becoming a key component in stacking the cyber deck. As nation states hack into networks to gain classified government information and corporate trade secrets of their enemies and allies alike, the U.S. Defense Advanced Research Projects Agency (DARPA) is looking at new programs and IT platforms to better defend itself in the event of cyberwar.
Known as Plan X, the Post report advised that DARPA is working with experts from industry and academia to craft “high-level mission plans” and working to build cyber “battle units” should a cyberwar arise.
The “new frontier,” as the Post deems it, is also causing government to evaluate its own cyber offensive capabilities in a hack-before-hacked approach.
But Richard Clarke, former White House cybersecurity advisor under President George W. Bush, told the Post, “At the end of the day, the obligation of the U.S. government is to defend first and, until we get that right, we shouldn’t be running around attacking other people.”
While the threat of cyberwar may be on the horizon, some cyber experts are taking up new opportunities as “ethical hackers,” according to an article within the report titled: “To catch a hacker, it pays to think like a hacker.”
Taking courses to learn the lingo and tricks of the trade of the “bad guy” hackers, ethical hackers are able to identify unforeseen holes and vulnerabilities before they are exploited and, in some cases, are able to catch suspected culprits before they do the hacking.
“It’s a cat-and-mouse game,” Frank Bentz, an ethical hacker and chief information security officer at Sandy Spring Bank told the Post. “You’re always trying to figure out where this is headed next.”