Defense Cybersecurity – Demand for Internal Skillsets Challenges Market Opportunities

In keeping with October being National Cybersecurity Awareness Month we have been looking at the various trends and drivers in this market segment with a view to releasing a new market forecast in the coming weeks. In an industry impacted by the yearly delays and uncertainties of federal budgets causing disruptions and reductions in many technology programs, cybersecurity has been one area where agencies and contractors see growth opportunities, due to increased threats and growing dependence on technology.

The Department of Defense is front and center in this segment, spending billions of dollars to protect its systems and data. The need for improved security is certainly there, especially in an age where electronic or cyber-warfare continues to grow in prominence. So as I listen to those inside and outside government agencies about their cybersecurity challenges and needs and I consider what impacts growth prospects within the defense cyber- market, I am sensitive to aspects of this market that impact contractor addressability – the portion of the market that is addressable by contractors.

Workforce issues continue to be a challenge. The need for a growing and well-skilled cyber-workforce is a common theme with both industry and agencies, which means they are competing for talent. The one possible exception to this is the uniformed services that are building a cyber-workforce among their active duty personnel. While the Pentagon has its challenges with building and sustaining their IT security and cyber-warrior workforce (not everyone makes it a career and personnel often move with promotions) that doesn’t simply mean that contractors dominate this area. The fact remains that the majority of those in the DoD performing information security functions are in uniform or are government employees. And the stated goal of each component within CYBERCOM is working to build its internal uniformed and government-internal cyber-workforce.  Even though the Pentagon spends upwards of $10+ billion on cybersecurity – and the vast majority of it is for people to do the work of security – the personnel make-up translates into nowhere near that in contractor addressability.

Another hot topic is the area of cyber-warfare and offensive cyber-capabilities and weapons. Since much of what is currently called cybersecurity has its roots in traditional areas like identity and access management, information assurance and others, the whole area of cyber-warfare skills and tools is a bit intriguing and a perceived potential growth area. Yet, it’s my sense that most of this will be people-centric activities, rather than existing software tools, and that most (but not all) of these activities will be done by government personnel rather than contractors, especially in the DoD.  For these kinds of disruptive tools (e.g. malware) to be most successful they need to be built in-house and kept secret until you need to use them, verses using existing tools, much of them available by open-source. I guess I see a limited opportunity for a (reputable) cottage industry for malware.

There is still a big opportunity in defense cybersecurity, but much of it is embedded in ongoing network support programs and traditional information assurance, as many who work in the space already know. But other areas that are not intrinsically cybersecurity-centric, like the move to the JIE, data center consolidation, cloud computing, and mobility, have direct security implications that will drive some demand.