Cyber Alliance Raises Mores Questions Than It Answers

On November 12, 14 companies that play in the cyber security business announced an alliance. Built around some well known capabilities in software (such as RSA’s in encryption), hardware, and services, the group offered itself as a  collective resource to the government and other customers.

So What? Right now, the government can draw on almost any combination of companies and universities it wants through a variety of vehicles. Funding is increasing smartly, but product and company differentiation are hard to achieve.

This alliance is purely for marketing, as well as creating some identity for upcoming cyber bids. Some of the 14 firms already team—or compete.

The 14 companies clearly believe there is magic in their assemblage, led by the biggest government contractor, Lockheed Martin. Last week LM christened a laboratory and testing facility, with capabilities that other, larger players in cyber
security, such as SAIC and Booz Allen Hamilton, already have for cyber solutions research and evaluation.

In addition, with some potentially vexing legal and business challenges to form an alliance, and the government’s  hesitance to say what incentives are acceptable between alliance members, customers  may have some reluctance to deal with the alliance.

Among the subjects that must have kept quite a few attorneys and business executives busy when forming the alliance are the following:  (1) organizational conflicts of interest identification and mitigation; (2) safeguarding national security and
proprietary information held by one alliance members from others without a need to know); (3) respective roles in opportunity management and revenue generation; (4) dealing with existing contractual and teaming arrangements with
companies in and outside of the alliance.

As they are not cornering the cyber market, there’s no particular anti-competition angle to defend against, but there may not be squawks from small business if the alliance ever makes a splash.

Further, there is an elephant-in-the-room issue regarding what is permissible to bind together companies in IT-related alliances. It is coming up on two years since the Justice Department threw a chill into IT suppliers of all sorts when it joined a whistleblower’s suit regarding the incentives IT alliance team members give each other. The suit remains
unsettled, and even firms that have voluntarily come in for settlements, such as IBM, don’t know what the government will find acceptable. The three companies being sued—Accenture, Sun, and HP—show no sign of settling.

Since many of these legal issues tend to raise red flags and yellow lights, it is one more reason to view the alliance as a trial balloon at best. The mechanics–the fall out of all the issues that need to be resolved within the collective of the 14  firms—may be of more interest to government and industry than some of the cyber capabilities being offered.

TASC’s New Ownership: Competitive Differentiator?

When Northrop Grumman’s sale of its TASC unit  closes, the new owners, private equity titan KKR and General Atlantic, tout that the stand-alone company will have unique standing, with no organizational conflicts of interest  (OCI) compared with other systems engineering and studies powerhouses.  Which companies will find the “nonconflicted” TASC more of a competitive threat?

Answer:  any that posture themselves as free of pertinent, unmitigated OCI and in a position to be objective advisers upstream of big buys of defense systems. Booz Allen Hamilton comes to mind, particularly in services like cost and economic analysis, and because it, too, is (~70 percent) owned by private equity investors, Carlyle Group.

Scanning the KKR portfolio, even a paranoid govt customer won’t find other government-contractor or overseas stakes owned by the parent that could spawn OCI worries about TASC at this time. The other TASC owner, General Atlantic, has more technology and country stakes, e.g. Lenovo/China, that could provide a wisp of worry for a few potential customers.

Carlyle, on the other hand, has had for decades full ownership or control of a variety of military hardware or government services firms (e.g., ARINC) suppliers, as well as overseas investors from the Middle East and potential-threat countries in its funds.  These other interests under the Carlyle umbrella reportedly gave pause to certain agencies when Carlyle’s purchase of BA was being reviewed.  Obviously, the government could accommodate those interests and any OCI  mitigations, which have not been publicly disclosed.

But OCI concerns remain a pop-up potential for any firms like TASC and Booz Allen owned by aggressive PEs.  It’s a  nature of the beast that they acquire aggressively, steadily diversify their portfolios, and are more open than ever to  foreign investors.

Congress may not believe the PE ownership structure is as insulating from organizational conflicts of interest, as the principals and agency customers do at this time.  It will be interesting to see how the TASC transaction refracts when it comes up in Congressional hearings, investigations, and plain old politics.

Finally, we got a kick out of the PR spin of the new TASC owners.  In their releases they speak of TASC as a national resource in the same sense that the FFRDCs,  often present themselves. But that’s for customer consumption rather than the PE investors grasping for high returns.  We doubt that MITRE and RAND are quaking.

Time will tell whether the claimed unique nonconflicted status of TASC makes a difference in the marketplace.