Hamilton: Your Best Cyber Security Stock Plays

Cyber underpins all communications, records and control systems. The definition of cyber or cyber security, such as the cyber threat, seems to be ever evolving, but the more common definition appears to relate to the protection applied to computers and networks and the information it stores/relays.

We believe, the objective of computer security includes the protection of information and property from theft, corruption or natural disaster; while allowing the information and property to remain accessible and productive to its intended users.

Is The Threat Real?

So, clearly the cyber threat relates to computers, networks and the information it stores/relays. Over the last few years there is no lac of media reports regarding cyber break-ins, identity theft and more — all going a long way to highlight/identify the problem, but in our view, representing only the tip of the iceberg.

The crux of the threat seems to be that our reliance on networks grows more interconnected every day from cell phones, email, credit cards, social security numbers and more. Ever more important, the electric grid, stock exchanges, banks, municipalities, the Pentagon and more are dependent on computer networks, making the US very vulnerable. We are not a lone voice in this regard as the DoD claims there are over 100 foreign intelligence corporations trying to break into U.S. networks.

Recently reported incidents at federal agencies have placed sensitive data at risk, including the theft, loss, or improper disclosure of personal identifiable information. In fact, according to industry experts, since 2005 there have been 300 million+ data breaches (increases every day).

Given our reliance on networks, we believe the cyber threat can present more risk than GWOT (Global War On Terror), WMD (Weapons Of Mass Destruction) and even the Russian/US Arms Race that ended a few decades ago — collateral damage can be very severe; presenting a national security threat. In fact, we believe the threat should be regarded as a rogue nation.

Despite the fact that everyone in the world has a stake, given the interconnectivity of the world, we believe the U.S. needs to lead the charge as the US seems to be the most wired nation, making the threat seem greatest here — we will outline what trails the U.S. have blazed.

What Is Being Done About It?

Despite press reports that weaknesses in cyber security are/were a widespread problem, we believe the government has been trying to deal with this issue for some time. In fact, we believe it was first thrust into the public when President George W. Bush issued National Security Presidential Directive 54 (a.k.a. Homeland Security Presidential Directive 23) on Jan. 8, 2008.

• Slideshow: Hamilton's Top Cyber Stock Picks

The directive called for the formation of the Comprehensive National Cyber security Initiative (CNCI). The Bush administration developed CNCI to improve how the federal government protects sensitive information from hackers and nation states trying to break into agency networks. CNCI included 12 components that either formalized existing cyber security processes or introduced new policies and business practices to better protect computer networks and systems. The Bush White House assembled the initiative after a string of cyber attacks on multiple agency computer systems. In addition, borne from CNCI, Defense Secretary Gates directed the establishment of US Cyber Command, a military sub-command focused on cyber security, to be based at Fort Meade, MD, which also houses (ironically or not?) the National Security Agency (NSA). On June 23, 2009, the Secretary of Defense directed the Commander of US Strategic Command (USSTRATCOM) to establish USCYBERCOM, which is an armed forces sub-unified command subordinate to United States Strategic Command. The command is led by General Keith B. Alexander.

USCYBERCOM centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes the defense of US military networks. In addition, cyber command will protect dense computer networks, coordinate all defense computer operations and provide full-spectrum support for all military and counterterrorism missions and stand by to support civil authorities and industry partners on an as-needed basis. The command assumed responsibility for several existing organizations. The Joint Task Force for Global Network Operations (JTF-GNO) and the Joint Functional Component Command for Network Warfare (JFCC-NW) were absorbed by the command.

According to Deputy Defense Secretary Lynn in January 2010, “combining offensive and defensive capabilities under a single roof and bringing those together with the intelligence we need to anticipate attacks will make our cyber operations more effective.” Also borne out of CNCI, was President Obama’s attempt at directing this fight, with the establishment of cyber czar, Howard Schmidt.

Publicly, the jury is still out on the success of this appointment as not much seems to have come of the new position. Talking to industry sources, Mr. Schmidt seems to be doing a very good job, in essence trying to get everyone on the same page.Although, the government has been making great strides with the threat (highlighted above); is it enough? Is the government the proper entity to deal with this problem?

As impressive as the CNCI, USCYBERCOM and Howard Schmidt moves have been, we believe the DoD has the impossible task of defending against asymmetric threats; which have proven nearly impossible to prevent. We believe that one needs to be extraordinarily nimble to combat the threat effectively. The government can certainly do a good job of assessing threats, identifying sources and setting precedent, but at being nimble?

An industry source explained it as “risk management”; Assess the most likely risk and invest the money and the time there.The challenges/perception to integrating/combating the cyber threat are highlighted by the recent formation of the Department of Homeland Security (DHS), in a period (post 9/11) where the threat was both asymmetric and omnipresent. DHS budgets were a top priority. As a reminder, DHS brought together several agencies (22, in particular). The opportunity from an investment standpoint seemed unlimited.

A different story was told, however by the reality — bogged down by integration issues and an undefined mission — the market did not come together as expected by the investor base which gives us some skeptiscm in looking at “cyber” names, or more specifically, investing in the names, thus the need for this report. The government has done a good job in identifying the threat and now we hope they keep funds coming!

What Is The Size/Growth Of The Market?

While the budgetary pressure on traditional weapons systems, facilities, and large-scale weapons programs is expected to become increasingly severe in current and future budget cycles, the budget and funding for cyber security solutions in the Intelligence Community is expected to continue to grow in order to keep pace with the global threat. As such, we believe investors should look at this space as a bright spot, amongst defense peers.

In fact, we believe the tight funding environment presents an opportunity given the global IT market is about $3.2 trillion, implying $100’s of billions to be spent on cyber alone, implying trillions over the next decade. In our view, that is the best we can hope for! As believers in the free market, we believe the beneficiaries will lie with the private sector and presents itself to be the silver lining in the dark cloud represented by flattish/down/tight defense budgets.For national security reasons, there are limited details available on intelligence spending or the amount directed for cyber warfare. However, the Director of National Intelligence disclosed that the 2009 National Intelligence Program budget was $49.8 billion.

The budget for US Air Force Intelligence is not separately reported within the overall Air Force budget, which was $160.5 billion for fiscal year 2010. According to the White House Office of Management and Budget, the fiscal year 2009 budget for information technology (IT), security spending was estimated to be $7.3 billion, which represents a 9.8% increase over fiscal year 2008 IT security spending. Additionally, according to INPUT, a provider of market information for US Government businesses, the federal cyber security market is expected to achieve an 8.1% annual growth rate through 2014E.

These are exceptionally impressive growth numbers given a flattish/declining defense market.

CNBC's Code Wars: America's Cyber Threat premieres Thursday, May 26th 9p | 10p | 12a | 1a ET

How To Play The Market?

The nascent and growing nature of this threat promises to be insulated from growing budget concerns; and as a result cyber has become a buzz word and many companies will claim to have cyber as higher multiples are assumed. So we will try to assess the real players in the market. We note we have been in contact with other companies we suspected had a cyber presence, but we were unable to confirm. As with most nascent markets, the growth promises to be fragmented at first and then exponential, which will take time, adding to some frustration in investing in this market. All of the companies below (not inclusive) are involved in at least one of the basic elements of cyber age operations (collection, processing, analysis and dissemination of information):

Booz, Allen, Hamilton (No Recommendation): recently IPO’d (November 18, 2010 at $17), a leading provider of management and technology consulting services to the U.S. government in the defense, intelligence and civil markets. In their role, BAH, helps clients develop/improve cyber capabilities.

Computer Sciences Corporation (No Recommendation): offers an array of IT services to aerospace/defense and many other industries. Inherent in the business is helping clients with cyber strategy.

General Dynamics (No Recommendation): offers a broad portfolio of products and services in business aviation; combat vehicles, weapons systems and munitions; military and commercial shipbuilding; and communications and information technology. Cyber appeared to represent about $11.6 billion of 2010A revenues or about 35% of total revenues.

Intel (No Recommendation): world’s largest semiconductor chip maker, but is on our list for the $7.7 billion acquisition of McAfee. As a perspective, INTC’s 2010 Revenue (excluding McAffee) was $43.6 billion and in 2009 (last full year before acquisition McAfee’s revenues were $1.9 billion). McAfee is a provider of security products and services that help secure systems and networks. McAfee’s offerings include endpoint security products, system security products, consumer security products, network security products, and risk and compliance products. We believe that this more of a commercial use of cyber, but cyber none-the-less.

The KEYW Holding Corporation (No Recommendation): this recently IPO’d ($10, September 30, 2010) company provides mission-critical cyber security and cyber superiority solutions to defense, intelligence and national security agencies. Current customers include: the National Security Agency (NSA), other intelligence agencies, the Department of Defense (including major agencies and branches within the Department of Defense) and other federal defense and law enforcement agencies. With revenues of about $108 million in 2010 this appears to be one of the smaller players, but most, if not all of that revenue is related to pure cyber activities.

Lockheed Martin (No Recommendation): is a global security company that is principally engaged in the research, design, development, manufacture, integration, and sustainment of advanced technology systems and products. LMT also provides a broad range of management, engineering, technical, scientific, logistic and information services. Cyber activities represent about 22% of 2010 sales, or about $10 billion.

Northrop Grumman (No Recommendation): provides technologically advanced, innovative products, services, and solutions in aerospace, electronics, information systems and technical services. Cyber accounted for roughly 24% of 2010A revenues, about $8.4 billion. Palantir (private company): is a company centered on how groups analyze information. The company was founded in 2004 by a handful of PayPal alumni and Stanford computer scientists. The company offers two products: Palantir Government and Palantir Finance. Both are platforms for integrating, visualizing, and analyzing the world’s information. Palantir’s products are built for real analysis with a focus on security, scalability, ease of use, and collaboration.

Symantec (No Recommendation): is a global provider of security, storage, and systems management solutions that help businesses and consumers secure and manage their information.

Our Stocks – EarlyBirdCapital Universe of Coverage

The names listed above are names we do not cover from an official research standpoint. That said, we have a unique and robust list of cyber pure plays a large concentration with customer concentration among the Federal government. We believe this exposure positions our stocks better than many as the money for cyber will be directed form the federal government; directing our universe of coverage.

Boeing (Recommendation: BUY, $90 Target): is a leading aerospace company and the largest manufacturer of commercial jetliners/military aircraft combined. Additionally, BA designs and manufactures rotorcraft, electronic and defense systems, missiles, satellites, launch vehicles and advanced information and communication systems. The company also provides numerous military and commercial airline support services. We would argue, cyber is a small component of BA’s, but a focus none-the less, especially with the recent acquisition of Argon ST (completed August 2010). Management estimates that cyber activities account for about $1 billion of revenues. Clearly we do not consider BA a cyber pure play, but is a significant player in cyber none-the-less, within our universe of coverage.

CACI International (Recommendation: BUY, $66 Target): provides information systems, and technology and professional services to the U.S. government, agencies of other governments, state and local governments, and commercial enterprises in North America and internationally. This is an example of a name where cyber runs through most of everything the company does.

Dynamics Research (Recommendation: BUY, $17 Target): provides management consulting, engineering, technical, and information technology (IT) services and solutions to federal and state governments. Cyber is expected to be about 4% of 2011E revenue, or about $11 million.

ManTech International (Recommendation: BUY, $60 Target): leading provider of innovative technologies and solutions for mission-critical national security programs for the intelligence community; departments of Defense, State and Homeland Security; the Department of Justice and the Federal Bureau of Investigation; the space community; the National Oceanic and Atmospheric Administration; and other U.S. federal government customers. MANT’s expertise includes command, control, computers, communications, intelligence, surveillance and reconnaissance (C4ISR) lifecycle support, cyber security, global logistics support, intelligence/counter-intelligence support, information technology modernization and sustainment, systems engineering, and test and evaluation. Cyber here runs less than 10% of total revenues or about $200 million per year.

NCI (Recommendation: BUY, $27.00 Target): provides information technology (IT), engineering, logistics, and professional services and solutions to federal government agencies. This is an example of a name where cyber runs through most of everything the company does.

SAIC (Recommendation: HOLD): provides scientific, engineering, systems integration and technical services and solutions to various branches of the U.S. military, agencies of the U.S. Department of Defense, the intelligence community, the U.S. Department of Homeland Security and the other U.S. government civil agencies, state and local government agencies, foreign governments, and customers in select commercial markets. SAI estimates cyber work runs at about $750 million to $1.5 billion of annual revenues.

SRA International (Recommendation: HOLD): provides technology and strategic consulting services and solutions to national security, civil government, and global health sectors in the United States and internationally. SRX is currently in the process of being taken private by Providence Equity Partners, implying we will see this name again in some shape in about 3-5 years. Cyber revenue is hard to measure as it is such a large component of most contracts, but we estimate about 10-15% of revenues are cyber, or about, or about $270 million.

Conclusion

As demonstrated, there are many interesting ways to play this threat and we are confident this will not be our last update. Opportunities will present themselves, especially, as many of the core elements of cyber (data mining, security, etc) are hard to isolate out of the cyber component as it represents the backbone of most technology companies.