Even as troops return from the Middle East, the U.S. faces a new and expanding threat: cybersecurity. Chances are this is not much of a surprise to you. Stuart Shea, the COO of SAIC mentioned at a recent event that cyber attacks are up 44% and there are more than 75 million pieces of malware on the net. They have found my computer and I'm sure that they have found yours. For every group hacked, another 100 don't know.
As the world becomes more digital, wireless, and interconnected, the threat becomes greater. Movies are filled with plotlines where hackers take control of the air travel system, trains, and stoplights or transfer billions of dollars into anonymous overseas accounts. The line between fiction and fact is not that far off. Recently hackers showed that they could enter computer networks by remotely accessing a building's computer-controlled thermostat and 'unknown' sources have been able to hack into Iran's nuclear facilities.
Iran, China, and Russia have been linked to the main sponsors of cyber-crimes with publicized attacks having taken place at the Department of Defense as well as at NASDAQ, Google, LinkedIn, the NY Times, Sony, and the Hong Kong Exchange, to name but a few.
Is it any wonder that Mike McConnell, a former director of the National Security Agency believes a Cyber 9-11 is imminent and that Melissa Lee, a host on CNBC reporting on the subject, stated that cyber attacks are quickly becoming the terrorist weapon of choice.
To combat this the U.S. Department of Defense, expanded its definition from the traditional military fronts of air, sea, land, and space to reflect the cyber threat; launching a Command operation designed to analyze and combat these threats. As assaults rise, the Washington Post reported that U.S. banks have turned to the National Security Agency for technical assistance in protecting their digital assets.
The Office of Management and Budget (OMB) recently stated that the U.S. government spends around $14 billion a year, including $4 billion of which is classified. Additional billions are being spent by private companies to guard against DDoS (distributed denial of service) attacks, which overwhelm web servers with traffic, to the actual theft of data.
So how do investors play this?
It can be difficult to figure out where the government spends money in this area as cyber activities tend to be bundled inside larger government contracts, only a portion of whose activities relate to cyber.
Some of the specialized companies mentioned at a recent Cowen & Company investor event include SAIC (SAI), CACI (CACI), and Key W Holdings (KEYW). Large defense contractors such as Lockheed Martin (LMT) and Raytheon (RTN) because of their knowledge in developing large command, control, information systems and data networks also play a significant role in this area.
Exchange Traded Fund plays
When it comes to ETFs, there is no pure-play security fund; SPADE Indexes developed an index to track the sector, but it has yet to be licensed by a fund manager and brought to market. Of products currently available to investors, there are a number of computer and IT-related funds, but an investigation into the holdings reveals that most are too diversified to provide adequate exposure to cyber security, offering only a few constituents and most focused on B2B and computer software for consumers. In looking at the government-focused ETFs, only the Powershares Aerospace & Defense ETF (PPA) provides access to the previously mentioned firms which receive cybersecurity contracts from the U.S. government.