According to an article in today’s Wall Street Journal, “U.S. agencies from the Pentagon to the Department of Homeland Security have experienced major cyber-break-ins in recent years, even into classified systems. Cyberspies also have siphoned off critical data from Pentagon contractors, including one breach that cost a major aerospace contractor $15 million.”

Annual U.S. losses from cyber breaches are estimated to be in the billions of dollars, and there is legitimate concern that a nuclear power plant or subway line could be hacked via the Internet; or data being breached at the nation’s larger financial firms.

According to the WSJ, “Anticipating the demand, defense companies are bolstering training, buying smaller firms and hiring former top government officials. The move into the cyber-security field could offer new revenue streams for the contractors and help offset declines stemming from budget pressures on the Defense Department’s traditional weapons systems.”

However, third-party contractors also need to watch their own network security, said Tom Kellermann, a vice president at Core Security Technologies, citing a Verizon report last year that found 39% of cyber breaches implicated contractors and other third parties.

The bottom line is that, in order to provide true value in the cyber security arena, Government Contractors must not only provide technology solutions, but also ongoing training and education.

After all, “technology tends to be a reactive measure… Technology is a great thing once we’ve understood the processes, policies, and procedures that we want to use… but you can’t start with technology… If you [do], you’re bound to fail”- John Pironti, BankInfoSecurity Interview, 11/6/07.