The rampant increase of cybersecurity threats costs the United States economy billions of dollars yearly. The federal government has realized these threats to economic and national security as it’s an easy target for its valuable information, enticing digital thieves.
In the fiscal year 2020, President Biden’s budget reached over $17.4 billion for cybersecurity-related activities alone, with a 5% increase from last year due to some activities’ extreme sensitivity. Simply figuring out how a cyberattack happened could cost as much as $15,000. There are a few notable cybersecurity firms to choose from for government agencies. But which ones are the best out there? This post will cover the top cyber security government contractors!
Who are the top cyber security government contractors?
Federal contractors for cybersecurity are continuing to grow in response to increased risk and cyber incidents from foreign and domestic adversaries (Russia, Iran, North Korea, and China). Here are the top companies awarded government contracts in the past years:
- Raytheon has extensive experience in cybersecurity developments, including information sharing (e.g., Social Security numbers), predictive analysis, situational awareness, and forensics to address the country’s needs.
- It has over 30 years of experience working with the Department of Defense (DOD).
- It received a contract worth approximately $1 billion from the Department of Homeland Security for the full lifecycle development and sustainment support, one of the largest civilian cybersecurity orders ever.
- The U.S. government is well aware of the national security challenges, prompting the White House to take advanced measures to secure its information and networks. Along with the Homeland Security Department, more than 100 government agencies utilize Raytheon’s infrastructure.
- Raytheon is also the Network Security Deployment Division’s prime contractor working to safeguard “gov. domains” and securing hardware and software associated with the internet domain.
- Science Applications International Corporation (SAIC) is a premier technology integrator company in the U.S. headquartered in Reston, Virginia, providing federal services and information technology support. It offers other services such as high-end solutions for defense, engineering, IT, and more.
- It is one of the Department of Homeland Security’s prime defense contractors. It received the EAGLE II contract to provide information technology solutions to the department and other agencies supporting its mission.
- SAICS also teams up with small businesses to support the DHS’s needs. Further, SAIC, a Reston-based Fortune 500 defense contractor, received an award from the General Services Administration worth $878 million to provide research and development, cybersecurity, technology, and engineering services. This includes deploying capabilities to help warfighters gather critical data and information efficiently and maintain advantages in decision-making.
- Lastly, the company announced it would work with the Department of Defense to provide cyber security training for its personnel under the Defense Information Systems Agency’s (DISA) ENCORE II contract worth over $90 million. It will run for a year with four one-year options.
- General Dynamics Corporation is a defense and aerospace company engaging in provisions of rockets, tanks, submarines, fighters, electronics, and more for all military services.
- The company provides monitoring tools, mitigation activities, and diagnoses to strengthen the .gov networks’ security and combat, assess existing cyber risks, and support the Homeland Security Department’s Continuous Diagnostics and Mitigation (CDM) program.
- In February 2022, General Dynamics Mission Systems announced that it received a contract from the U.S. Army to manufacture a handheld device to facilitate transferring mission planning data and cryptographic key materials.
- Also, General Dynamics will build and design a key loader known as the Next Generation Load Device-Medium (NGLD-M). The multiple-award, IDIQ contract’s initial value is $229 million, to be done in 10 years to procure at least 265,000.
- Lockheed is one of the leading DOD contractors providing services, including sensitive data protection and cyber operations. It’s currently taking advantage of the nation’s cybersecurity necessities by strengthening its cybersecurity segment.
- For example, in 2018, it announced it would move into a 15,400-square foot cybersecurity facility at Port San Antonio as it expected to land a big contract with the DOD. In addition to efforts like these, it also has an established relationship with the federal government, giving it an edge in the cybersecurity industry.
- In 2019, Lockheed received a contract with the U.S. army worth $93 million. The Lockheed Orlando operations received it, and the work was expected to be finished by November 2021. The contract was for developing a national cyber range for the military to perform realistic cybersecurity tests and training for the DOD’s cyber mission force.
- ManTech is a national security company. The U.S. Air Force awarded a cost-plus contract to provide security services to oversee and protect mission-critical programs. It had a base period of one year with nine option years worth $407 million.
- The company is also a leading provider of innovative solutions and technologies to 50 agencies, including the Department of Defense, Homeland, State, Veterans Affairs, the FBI, health and space communities, and other federal clients. It has about 1000 ongoing contracts.
- In May 2021, the FBI awarded a contract to Mantech to support the agency with technological expertise and solutions, management, and maintenance for one year and a total performance period of five years, given all options were exercised.
- Tanium has been serving the federal government since 2007. The company has many clients from the private sector, and it has received cyber contracts from the Air Force and other civilian agencies such as the Social Security Administration.
- It won a contract worth $750 million with the Defense Innovation Unit Experimental to aid the Defense Department in visualizing network traffics, detecting intrusions, and remediating them.
- With its continued commitment to the federal government, it announced its launch of the Federal Risk and Authorization Management Program (FedRAMP). FedRAMP is a cloud-based security data platform that allows government agencies to leverage cloud-based services at scale. The federal, state, and local government can lessen the federal risk by strengthening the security of the federal government’s operations, technology, and use of cloud-based services.
- Unisys is an American consulting company and an IT services provider in Pennsylvania. The corporation has received several contracts from federal agencies, including:
- In 2018, CloudForte worth $69 million for the Implementation and validation of identity and access management cloud access broker services for the Treasury Department’s Office of the Comptroller of the Currency (OCC) to securely navigate its four cloud applications while adhering to government regulations.
- A $24.7 million contract to apply CloudForte, especially for the Veteran’s Department’s requirements. It worked to accelerate the secured movement of applications and data to the cloud.
- A contract worth $57 million from the General Services Administration to help its public buildings services to secure, maintain, and operate systems for the federal government’s track inventory and to manage and create computer-aided drawings of workspace and buildings.
- A $102 million contract from the United States Census Bureau to secure IT infrastructure support services for remote workers and the Bureau’s field offices throughout the country, aiding staff to provide accurate and timely provision of services.
- When National Security Agency (NSA) awarded a $10 billion contract to Amazon Web Services (AWS), Microsoft filed a bid protest with the GAO to handle contract disputes, which sided with Microsft but was later rejected. After reevaluation, the NSA re-awarded the contract to AWS.
- The Wild and Stormy contract in the summer of 2021 stipulated that AWS remains the sole bidder rightful for NSA’s cloud facility construction, which is a continuation of the NSA’s Hybrid Compute Initiative to address and modernize the agency’s robust processing and analytics requirements.
- Booz Allen Hamilton (BAH) won a $1 billion contract from the U.S. Homeland Security Department in 2018, making BAH in charge of 80% of the .gov enterprise.
- BAH was a prime contractor for the government-wide Continuous Diagnostics and Mitigation (CDM) Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) Program.
- The inception of the CDM program in 2012 has helped federal agencies enhance their defense against cyber threats. It’s a six-year contract covering agencies including:
- The U.S. Department of State is the oldest cabinet agency, dating back to 1789. The department has cyber operations to protect the integrity of the country’s travel documents, visas, passports, and green cards.
- The department awarded a five-year contract to Peraton worth $254 million to support the state’s diplomatic security service, including penetration testing, incident management, and threat analysis.
- The Homeland Security Department awarded Peraton a $2.7 billion contract to assist with cloud and data center services.
What are the rules and requirements for cybersecurity contractors?
Here are some rules and requirements federal government contractors must follow:
President Joe Biden’s executive orders
Contractors must be informed of President Biden’s executive order’s development to ensure compliance. For example, government agencies, including NASA, GSA, and DOD, are issuing a new subpart and contract clause on the federal acquisition regulation (FAR) for the basic safeguarding of contract information systems transmitting, processing, and storing federal contract information.
National Institute of Standards and Technology (NIST) 800-53 Security and Privacy Controls
The National Institute (NIST), which is the Commerce Department’s nonregulatory agency, published the NIST 800-53 to guide the federal information systems’ security controls and privacy.
This regulation applies to all information systems used to process, share, use, or disposal of federal contract information (FCI) not open to the public, as described by the Basic Safeguarding of Covered Contractor Information Systems.
In addition, this requires federal government contractors to exercise the 15 safeguarding controls when contractor information systems, such as servers, email systems, laptops, and desktops process, store, and transmit private FCIs.
What is the cyber incident reporting act?
The U.S. is a law that requires all companies operating critical infrastructure to report cyber incidents to the U.S. government and CISA within 74 hours and 24 hours if the hacker demands a ransom payment. Some of the sectors included are the following:
- Commercial facilities
- Chemical industries
- Food and agriculture entities
- Information technology
- Critical manufacturing
What is the difference between covered defense information and controlled unclassified information
Controlled unclassified information (CUI)
CUI is federal information not considered secret or confidential. It requires safeguarding but does not belong under Executive Order 13526 or the Atomic Energy Act. It’s information that the federal government possesses or entities create and own on behalf of the government.
Further, protecting controlled, unclassified information in nonfederal organizations is vital to federal agencies as it can directly affect the federal government’s ability to conduct successful business operations and missions.
Covered defense information
The Defense Department considers covered defense information interchangeably with covered unclassified information based on the definition National Archives provided of what makes covered unclassified information. It’s information other than the CUI, including anything that the Defense Department counts as covered, such as identifiable, military operational, and contract-sensitive information.