- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Page 2 of 2
Many of the tools the company uses are the same as the commercially available ones used by corporations. If commercial products don't meet the need, the company will develop its own, but doesn't market them, Cole says.
That's not to say that government-developed technologies don't emerge into commercial markets. BBN's Kent cites firewalls, intrusion-detection systems and certain types of encryption such as SMIME as being the product of government research.
Sometimes such technologies are kept secret by government but later developed independently by private researchers. Famously, the Diffie-Hellman cryptographic key exchange was developed by a British intelligence agency but kept classified even after it was published publicly.
Cole says that Lockheed doesn't market its security expertise separately, but has seen more government requests for proposals for data-loss prevention, handling threats and methods of performing penetration testing. "Down the road as this area continues to grow, we might move into that," he says.
The flip side of this is that sometimes government contractors buy up commercial security firms for their expertise but continue to sell the commercial products. This is the case with Raytheon's purchase of Oakley Systems in 2007, which still sells its SureView network monitoring and forensics software.
The software was developed to discover insider threats in defense networks, says Derek Smith, president of Raytheon Oakley Systems. "When we joined Raytheon, the idea was to take lessons learned in the defense environment into the critical infrastructure providers in the fortune 100 and say 'here is military-grade insider-threat technology.'"
Some of the government work falling under the cybersecurity umbrella is for implementing industry standard security measures, Kent says. This can be done by contractors known as body shops because they can provide the bodies needed to carry out tasks agencies choose to outsource.
Much of the government's cybersecurity work will be implementing what are considered industry best practices that might not yet be adopted in government networks, IP Architects' Pironti says. It will go a long way toward improving security, but won't require radically new technologies. "It's not as 'Mission Impossible' as you might think it is," he says.
Read more about security in Network World's Security section.