Lockheed Martin Corp, the Pentagon’s No. 1 supplier, said it has seen a “sea change” in demand for cyber security services in critical infrastructure areas such as energy, oil and gas, and financial institutions over the past 18 months.
Increased media coverage, more sharing of data about cyber attacks, tighter government regulations, and growing concerns about the fiduciary duties of corporate boards and chief executives have stoked that demand over the past 18 months, said Chandra McMahon, vice president of commercial markets for Lockheed’s Information Systems security services.
McMahon told Reuters in a telephone interview that Lockheed’s commercial cyber division had doubled its clients over the past year alone, and the company expected to generate double digit growth over the next five years.
“This is a marathon. We’re in this for the long term,” she said on Friday. She welcomed the increased engagement of corporate boards and C-suites, but said it was critical to remain vigilant and also to hire more skilled cyber experts.
She said part of her group’s growth was due to Lockheed’s acquisition in March 2014 of Industrial Defender, a leading provider of security solutions for control systems in the oil and gas, utility and chemical industries.
Lockheed is one of few U.S. weapons makers that is reporting success in its efforts to break into the commercial cyber security market. Boeing Co recently exited that part of the business, and General Dynamics Corp is focused more on security for government agencies, not commercial firms.
“We’ve seen a shift in boards directing independent cyber assessments, especially in the critical infrastructure areas,” McMahon said, adding that corporate directors and chief executives were taking a deeper look at their own security arrangements given the growing number of high-profile breaches.
She said that trend gathered steam last December after a cyber-related breach at a Turkish gas pipeline, and news that a 2008 incident at a German steel mill had been linked to a cyber attack rather than an equipment malfunction as initial reported.
McMahon said no such destructive attacks had been seen at U.S. infrastructure facilities, but adversaries were expanding their reconnaissance activities aimed at U.S. companies and also staging malicious software for future attacks.
She said the growing concerns had prompted some clients to adopt the Industrial Defender security system for industrial controls across an entire enterprise.
Lockheed was also picking up commercial business overseas, she said, although she gave no details.