How the Pentagon Aims to Stop China's Cyber-Hacking of America

Given the deficit fears and budget skirmishes that are focus of the moment down in Washington, it's tough to get excited about defense-related investments right now.

Defense outlays are destined to shrink.

But there's one area where spending is slated to go up ...

And I mean go way up.

I'm talking, of course, about defense-related spending that will promote cybersecurity and combat cyber-terrorism.

Here at Money Morning, we've talked a lot about the massive surge in cybersecurity spending that's destined to unfold in the years to come. Much of our focus has been on private-sector spending - although we also said the Pentagon and the rest of the federal government would also be factors.

Over the weekend, the Pentagon gave us a hefty reminder of why we're watching the cybersecurity sector so closely.

On Sunday, defense officials said they were working on a big expansion of their cybersecurity forces - with two key objectives.

First, with the number of attacks on America's computer networks growing constantly, defense officials want to be able to counter the incursions that could cripple our economy, as well as our national security.

And, second, the Pentagon also wants to be able to take the battle back to America's digital enemies.

"The threat is real and we need to react to it," William J. Lynn III, a former deputy defense secretary who worked on the Pentagon's cybersecurity strategy, told The New York Times.

That strategy would require a 444% increase in the U.S. Department of Defense's Cyber Command - boosting its ranks from 900 now to an estimated 4,900 when the expansion is completed, The Washington Post reported this weekend. And those folks would be divided into three groups, each with a different mandate, including:

  • The "national mission" force, which will protect the computers systems that support America's power grid and other critical "infrastructure."
  • A "cyber-protection" force, which will maintain the security of the Pentagon computer systems.
  • And a "combat mission" force, which plan and execute attacks on U.S. adversaries.

Back in October, U.S. Defense Secretary Leon E. Panetta warned that America - having become the choice target of overseas hackers - was headed for a "Cyber Pearl Harbor." Some of these hackers are operating under the stewardship of militant/extremist groups, or even "aggressor nations."

When it comes to those aggressor countries, I bet you can name the prime suspects without even thinking: If you said China, Russia and Iran, you hit the bulls-eye.

The worry is that one of these groups could pull the plug on the U.S. power grid, stall our transportation system, overtax our financial system, or infiltrate a government agency. Any one of those could have catastrophic implications for the country and its economy.

And these fears aren't overblown. Insiders say that a digital boxing match is already underway - one The Times described as "an emerging shadow war of attacks and counterattacks already under way between the United States and Iran in cyberspace."

A case in point is last August's computer attack on state-run Big Oil player Saudi Aramco, an incursion that infected and even made useless more than 30,000 computers. By October, the U.S. intelligence community had become convinced those attacks had come from Iran.

While there's no "hard" evidence these attacks were sanctioned by the Iranian government, Panetta is said to have become especially concerned about this particular incident.

Here's why. Back in 2011, Iran's military created a "cyber warfare" corps of its own. The United States and Israel had launched cyber-attacks against Iran's nuclear-enrichment facility at Natanz. Iran created the "cyber-corps" unit in response - and claim that was the unit that "commandeered" and landed the U.S. state-of-the-art Lockheed Martin RQ-170 Sentinel unmanned aerial vehicle (UAV) back in December 2011. (The U.S. military disputed the claim and said the UAV crashed because of a malfunction.)

If the thought of cyber-warfare-savvy Iran has you spooked, try this on for size: That country's capabilities are said to be nothing compared to the digital-hacking muscle that China and Russia possess. And those two countries are believed to be the source of a large number of the hack attacks on U.S government agencies and private-sector companies.

(Just this week, The New York Times revealed that its computer systems had repeatedly been penetrated by Chinese hackers, who were stealing reporters' passwords and hunting for insights into the newspaper's hard-hitting expose of the $2 billion in wealth amassed by the family of China Premier Wen Jiabao. Beijing has vehemently denied the allegations, but Times Chief Information Officer Marc Frons told The Guardian newspaper that "this is business-as-usual from what we can tell for aspects of the Chinese government. It is really spy versus spy. I don't think we can relax. I am pretty sure that they will be back.")

Indeed, China's military-backed "cyber-espionage" efforts pose "an advanced persistent threat to U.S. national and economic security," the Project 2049 Institute, an Arlington, Va.-based think tank that focuses on Asian security issues, said in an October report. Groups operating from Chinese territory have been "waging a coordinated cyber espionage campaign targeting U.S. government, industrial, and think tank computer networks."

The report concludes that China's military cyber activities are housed under the "Third Department," a general-staff-level component of the People's Liberation Army (PLA) that is Beijing's version of the U.S. National Security Agency (NSA). The Third Department has strengths in such areas as signals-intelligence (SIGINT), high-performance computing, and linguistics and code-breaking. It also conducts "cyber reconnaissance," which can involve breaking into foreign computer networks in preparation for future battle or conflict, the think tank report concludes.

I remember reading Forbes piece in mid-2011 that said that cyber warfare would be a "bust" for defense contractors - and, by extension, for investors. It was a well-thought-out piece, and the arguments made some sense as far as they went. Trouble was, the author was looking at the "market" from the wrong vantage point. And, as we've seen, the situation has changed substantially since May 2011 - with the situation having become much graver.

As an investor, you don't look for the one or two big defense contractors who are poised to profit from this ... you look for the technology providers who are best-positioned to capitalize on the spending that has to take place to make these initiatives possible. This approach allows you to also factor in cyber-security spending of all types - including private sector spending - and throughout the world. That's expected to grow from $60 billion in 2012 to $86 billion by 2016, says a recent forecast from researcher Gartner Inc.

That figure includes worldwide spending on security infrastructure, including software, services and network-security appliances used to secure enterprise and consumer IT equipment. The $60 billion spent last year represented an 8.4% increase from the $55 billion spent in 2011.

"The security infrastructure market is expected to experience positive growth over the forecast period, despite risks of further economic turbulence," Gartner Research Director Lawrence Pingree said.

"Results from the 2012 annual Gartner CIO Survey show increased prioritization for security compared with 2011 and results from Gartner budgeting surveys published in June 2012 underline the fact that organizations globally are prioritizing on security budgets."

The fastest-growing security segments will be IT outsourcing (managed security services), secure-Web gateway (appliances), and security-information and event-management (SIEM) emerging as the fastest-growing security segments. Demand for cloud-based security will also experience frenetic growth, Gartner said.

Whenever there's a big trend, we look for ways for you to profit from it. And you can bet that we'll continue to do that with cybersecurity.

In the meantime, however, you might want to take a look at EMC Corp. (NYSE: EMC), a stock that we profiled in the special-investment-research report "Big Trends Equal Big Profits." Our June 29 report focused on the big gains we're expecting to see in Web traffic in the next few years - a reality that will drive the need for storage (EMC's core competency) in a big way.

Although it's a big-cap stock, it's awfully cheap right now. It's a market leader in data storage and data security. And in addition to a specific focus on cybersecurity via its RSA business unit (formerly RSA Security Inc., which it bought for $2.1 billion back in 2006), EMC is also involved in such growth niches as cloud computing.

And we believe the market is seriously undervaluing this company. If you want proof, just look at how quickly the stock rebounded from an early week sell-off. EMC reported earnings that beat expectations, but offered guidance that said 2013 looked "challenging." The stock initially dropped, but has since gained it almost all back.

Indeed, Web researcher Trefis.com puts the target price at nearly $41 - or 67% above its trading price yesterday.

Private Briefing will be back with additional recommendations as we uncover the best ones.

If you'd like to join the thousands of investors we've already helped to make big money in the markets, just click here.

Related Articles and News:

[epom]

About the Author

Before he moved into the investment-research business in 2005, William (Bill) Patalon III spent 22 years as an award-winning financial reporter, columnist, and editor. Today he is the Executive Editor and Senior Research Analyst for Money Morning at Money Map Press.

Read full bio