Morningstar l A New Direction for Defense Spending?

We see little change from the current strategy.

U.S. defense spending has generally declined as a percentage of total government spending as well as GDP over the past 60 years. Large spending spikes that occurred during World War I, World War II, and the Korean War were followed by more aggressive cuts than those after Vietnam and the first Gulf War. In our historical analysis of defense spending, the government’s willingness to spend when the nation is under threat is clear. More concerning of late is the inability of the government to make material cuts, even though cuts do occur. Based on our analysis of spending before and after the recent conflicts, our take is that deep cuts should not be expected.

On Jan. 5, President Barack Obama announced the results of the first strategic review undertaken by Secretary of Defense Leon Panetta. The study outlines missions that the military should be able to execute and principles for attaining success. The president said the base defense budget will continue to grow even while meeting the cost-reduction requirements outlined in the Budget Control Act of 2011. However, his budget will probably exclude the sequestration cuts implied by the failure of the supercommittee in 2011. Nonetheless, our base-case scenario over the next five years still calls for reductions of 3% to the overall Defense Department budget and 5% to items more relevant to the defense industry as it includes reductions in overseas contingency operations along with cuts mandated by BCA 2011 and a portion of cuts from sequestration.

The president’s updated strategy is broadly similar to the current strategy of doing more with less, in our opinion. We expect defense to be a big talking point in this election year, but do not believe draconian cuts (significantly more than our adverse scenario of $950 billion over 10 years) are in the pipeline. The largest issue in our fair value estimates for the defense companies we follow– Lockheed Martin (LMT), Boeing (BA), General Dynamics (GD), Northrop Grumman (NOC), Raytheon (RTN), L-3 Communications (LLL), Harris (HRS), Rockwell Collins (COL), Alliant Techsystems (ATK), and SAIC (SAI)–is the uncertainty surrounding the maintenance of operating margins. We would adjust our fair value estimates should our views on the industry’s ability to manage margins changes materially.

Missions
Secretary Panetta outlined a slew of missions that he believes the military should be able to complete even in the face of slowing budget growth. Following are what we believe to be the important ones, accompanied by our short interpretations of what we think they mean.

Counterterrorism and irregular warfare and operating effectively in cyberspace and space. The Department of Defense will increase spending on intelligence, surveillance and reconnaissance, unmanned aerial vehicles, and satellites.

Projecting power despite anti-access/area denial challenges. DoD will increase spending on ISR, cyber, and space-based capabilities including satellites, submarines, missile defense, and a new stealth bomber.

Maintaining a safe, secure, and effective nuclear deterrent. DoD will use a reduction in nuclear weapons as an easy way to reduce spending and still project power.

Conducting stability and counterinsurgency operations. DoD would like to reduce the number of forces in Afghanistan. We estimate more forces in the Middle East somewhere, not necessarily just in Afghanistan.

Secretary Panetta also laid out principles for success; we highlight a few of them below.

Maintaining a broad array of military capabilities. DoD budget cuts aren’t likely to be draconian, but measured.

Managing overall force. DoD will reduce personnel and increase technology.

Making the hard investment choices. The idea of reversibility was included, and we read this to represent any means by which the government could alter contracts with its providers. The government can cancel contracts at will, but we see this as a more aggressive posture. We will inquire more about this from our covered companies during and after the first-quarter earnings reporting season.

Reducing the cost of doing business. DoD desires to reduce the growth of compensation and health-care costs and cut Pentagon headquarters costs. For the defense industry, this is likely to mean more fixed-price contracts and lower-margin potential for suppliers. Health-care cost containment essentially comes down to asking our active servicemembers to pay more for their health care, and we don’t know how politically viable that is.

The president should be able to propose benign defense base budgets and still meet mandated cuts under BCA 2011. We use his proposed fiscal 2012 budget, which included explicit values for fiscal 2012 through fiscal 2016, and then use the final-year growth rate of 2.2% for the remaining years to arrive at the baseline budget that will be used for savings calculations. We use growth rates of 1.5%, 1%, and 0.5% from the fiscal 2012 base year to forecast budgets for 10 years and arrive at cumulative savings of $567 billion, $724 billion, and $877 billion, respectively. Two key values drive these results: One is the assumption of 2.2% baseline growth for the president’s budget, and the other is using the actual fiscal 2012 approved value of $530 billion instead of the proposed $553 billion. However, even if we use a 2% growth rate and the original $553 billion for the base, the savings under the three scenarios are $290 billion, $453 billion, and $613 billion, respectively.

The president has the ability to “save” sufficient sums by simply reducing the rate of growth of DoD’s base budget. The base budgets exclude overseas contingency operations, or OCO, which were approved at $115 billion for fiscal 2012, and the proposed fiscal 2013 budget will probably exclude sequestration cuts following the failure of the supercommittee. In reality, OCO is certain to decline for fiscal 2013 following the removal of troops from Iraq and the continued removal from Afghanistan. Analysts at think tanks have wondered whether the president or Congress would use OCO reductions as savings, a move that could easily meet sequestration requirements. Both OCO and sequestration cuts are likely to lead to real reductions in total defense spending, in line with our base-case scenario. Our point is that the president can deliver the mandated savings under BCA 2011 without actual declines in the base defense budget.

Implications for the Defense Industry
President Obama’s updated strategy is broadly similar to the previous strategy, in our opinion. The upcoming fiscal 2013 defense budget proposal along with the program-by-program details will help us discern impacts to the defense industry players. Although we expect defense to be a big talking point in this election year, we do not think huge cuts are in the works.

Our historical analysis of defense spending leads us to expect a contraction in overall defense spending, as has happened following major conflicts in the past. This is consistent with our forecast of average annual cuts of 3% and 5% over the next five years to the overall DoD budget and items more relevant to the defense industry, respectively. There are also ways the president’s budget proposal can meet certain savings targets by simply slowing the growth of the budget, without actually making cuts (consistent with our benign scenario). Nonetheless, we believe the market is currently discounting our base-case scenario or real defense spending cuts, not the president’s slowing of the growth rate. Should Congress not authorize defense spending cuts in future years, as it did for fiscal 2012, we believe our covered companies could trade closer to our bull-case scenario. For now, however, we are making no changes to our fair value estimates.

By Neal Dihora

February 03, 2012

Morningstar l A New Direction for Defense Spending?

Forbes.com | Faltering Defense Industry Faces New Danger: Activist Investors

By Loren Thompson
Published: 11 July 2011

Already saddled with the prospect of softening demand from its government customer, the nation’s defense industry now faces a new threat. Activist investors are stepping up the pressure on military contractors to bolster shareholder returns, even if that means abandoning strategies aimed at making companies more resilient for the long term. The spate of shareholder challenges to management teams and strategies has dispelled any notion that the coming consolidation of the sector will be a collegial affair in which like-minded enterprises reshape their portfolios. Instead, outsiders will continuously question company plans and performance, threatening to displace executives who don’t keep their share prices up.

The latest episode in this unfolding story came just before the July 4th weekend, when longtime corporate raider Carl Icahn disclosed that he had amassed a 9.5 percent stake in Oshkosh Corporation, the big military truck maker. Oshkosh faltered badly during the subprime crisis when demand for its construction equipment dried up right after the company had taken on massive debt to buy Wall Street darling JLG, a maker of lift equipment. The real-estate collapse then led to falling demand for the company’s fire trucks and emergency vehicles as municipal tax receipts plummeted. What saved the company from possible insolvency was the award of two big Army truck contracts in 2009, which boosted Oshkosh’s defense sales from less than $2 billion in 2009 to $7.2 billion in 2010.

That sounds like a positive for investors, but the first contract was a short-lived production run for the war in Afghanistan that is already winding down, and Oshkosh bid so aggressively for the more substantial second contract that now it looks unlikely the company will break even on the 23,000 trucks and trailers it must deliver. The stock had fallen 18 percent since the year began when investor Icahn burst onto the scene with his surprise announcement that he owned 9.5 percent of shares and would seek a meeting with management to discuss ways of boosting shareholder value. Other investors predictably piled into the stock, raising the share price markedly but burdening Oshkosh executives with a sizable faction of shareholders bent on realizing substantial near-term gains. That can’t be good news for a company still carrying a heavy debt burden from recent acquisitions and facing soft demand in all its major markets.

It isn’t so clear what Icahn’s game is with Oshkosh, since the company isn’t likely to fetch a big premium from suitors in its current state and any effort to break it up would impair economies of scale dependent upon integrated manufacture of diverse product lines. But what’s significant for the purposes of this commentary is that Icahn’s move on Oshkosh is just the latest in a series of hostile shareholder actions against military contractors that could significantly reshape the defense sector at a time when companies were already facing major challenges. Only days before Icahn’s disclosure, San Diego-based Relational Investors launched its own assault on L-3 Communications after amassing enough shares to become the biggest holder of the sprawling military contractor’s stock. L-3 has been steadily rolling up defense properties since it was first spun off from Lockheed Martin in 1997, growing to over $15 billion in sales last year.

However, L3 wasn’t the first big defense contractor that Relational CEO Ralph Whitworth had gone after. Last November, he proposed an outside slate of directors to pressure management at ITT Corporation, the White Plains, New York-based conglomerate that includes a sizable military electronics component among its various business lines. Whitworth argued that a weak outlook for military sales was undercutting the value of ITT’s commercial businesses, and that management should therefore sell the defense unit to enhance shareholder value. The company’s management responded to the pressure by announcing in January it would split into three companies, spinning off defense and fluid management businesses to shareholders in tax-free transactions. Company claims that a breakup had been contemplated for months and was not the result of investor pressure was greeted with skepticism, since senior executives had previously been discussing further diversification moves.

Relational Investors’ first foray into the defense sector — ITT has about $6 billion in annual military sales — was initially viewed as being about deconglomeration rather than the defense industry, and commentary about the move therefore focused on what it meant for other diversified industrial companies like Tyco and Illinois Tool Works. But now that Relational has gone after L-3 and Icahn has targeted Oshkosh, the story is taking on a different meaning. It appears that activist investors are focusing on the defense sector as an area of opportunity as companies adjust to the reality of declining defense budgets. Many of the biggest defense companies are generating strong profits and carrying billions of dollars in uncommitted cash, but the market is undervaluing shares because of what it fears lies ahead for military contractors. That sounds like a situation where sharp financiers might be able to make a killing.

Viewed through the lens of recent developments, it appears that the interest of non-traditional investors in the defense sector began in 2009 — not coincidentally, the year after military spending peaked in the final days of the Bush administration. That was the year that investor dissatisfaction with uneven results led to the ouster of Northrop Grumman CEO Ron Sugar and his replacement with a new leader committed to major change. In short order, the company sold a sizable chunk of its technical services portfolio, withdrew from a risky joint venture on aerial refueling tankers with the parent of Airbus, exited the naval shipbuilding business, and adjusted performance metrics to emphasize the efficiency with which capital was deployed over mere growth. All of these moves were aimed at enhancing shareholder value, a goal that has become the centerpiece of current CEO Wes Bush’s strategy for the future.

The Northrop Grumman changes don’t look like more recent moves because company management acted preemptively to address shareholder dissatisfaction before it could translate into outside pressure, but it is noteworthy that managers were willing to fundamentally alter the character of the enterprise in order to be more responsive to shareholders. In that regard, Northrop Grumman’s transformation resembles the bigger changes announced at ITT despite obvious dissimilarities. The subsequent moves on L-3 and Oshkosh confirm that shareholder activism will be a persistent undercurrent influencing defense managers as they seek to adapt to changing market conditions.

A related trend is the role that private equity is playing as big defense contractors reshape their business portfolios and sell under-performing or ill-fitting assets. For instance, when Northrop Grumman and Lockheed Martin sold off units engaged in providing highly classified services for spy satellites due to new conflict-of-interest rules, the buyers were private-equity firms. The significance of these buyers stepping up is that, like activist investors, players at private-equity firms typically hail from outside the defense sector and are looking for relatively fast returns compared with executives who have made their careers in military contracting.

It isn’t surprising that outsiders would be taking a closer look at the defense sector these days, because after ten years of steadily increasing military outlays, demand is softening and terms are tightening in a manner likely to generate investor frustration. In such periods of discontinuity, it is easier to convince shareholders that current management teams aren’t doing their jobs well, that strategies need to change, and that major strategic moves should be contemplated. The problem, though, is that the sector’s fortunes are being driven mainly by factors beyond its control, like receding military threats and a ballooning federal debt. So while activist investors may succeed in improving near-term returns to shareholders, that windfall could be bought by undermining the long-term success of the enterprises they target. However fashionable it may be to break up a conglomerate into “pure-play” businesses, something is lost in terms of financial resilience and flexibility.

For example, one company widely mentioned as a potential target of activists is Textron, the Providence, Rhode Island-based industrial conglomerate that builds everything from the V-22 Osprey tilt-rotor to smart cluster bombs. However, an examination of how Textron has fared over the last several years reveals different units performed strongly from year to year depending on market conditions, so that what constitutes an “under-performing” business depends on which year the question is asked. The fact Textron is a conglomerate has a lot to do with why it has been around so long, because resources can be shifted among business lines as circumstances require. That same logic helps explain the long-term staying power of companies like General Electric and United Technologies, both of which are major military contractors despite being focused mainly in commercial businesses.

Taken too far, the logic of the activists could largely dismember the defense sector during a prolonged downturn. Wouldn’t Boeing perform better if its surging commercial-transport business was separated from its under-performing defense business? Would Gulfstream serve investors better if it were a pure-play builder of high-end business jets rather than being wrapped in a defense contractor? And what exactly is the synergy between Northrop Grumman’s information and aerospace sectors? Once you start posing such questions, there’s no end to the mischief that activist investors might cause under the banner of shareholder value. At some point the government would probably step in to protect what’s left of the defense industrial base, but until that day arrives, the defense sector could be headed for a prolonged period of what economist Joseph Schumpeter called “creative destruction.”

Forbes.com | Faltering Defense Industry Faces New Danger: Activist Investors

IT World | RSA offer to replace tokens is weak if defense-industry attackers can make their own

RSA offers to replace tokens at Lockheed, L3, Northrup, following RSA breach in March

By Kevin Fogarty
June 07, 2011, 11:19 AM — RSA is offering to replace more than 45,000 SecureID tokens after confirming the “serious and sustained” attack on defense contractors last month that used cones of RSA tokens as part of what security analysts said was a complex and sophisticated attack.

Lockheed Martin took the most severe attack over the course of several days, but blocked it before losing any sensitive data, according to statements from the company. Northrupp Grumman and L-3 Communications were also hit, though Wired reports it’s not clear how successful the attacks were or how investigators knew stolen SecureID data was involved.

The clones are a direct result of an attack on RSA in March that used spear-phishing, malware and cracking techniques to penetrate the company’s security and steal data on RSA’s two-factor authentication devices, which are widely used in the U.S. defense industry.

China has been linked to the attack, but there is no evidence confirming its involvement. Chinese officials deny the charge.

As much fun as it is to pillory Sony for its miserable security and purely fictional reassurances that it had improved anything, attacks on companies that provide the core security and networking technologies on which secure systems in the U.S. government, Fortune 500 companies and the defense industry, are far more serious.

Attackers from overseas – most notably China – are already reportedly already pulling data by the gigabyte out of semi-secure systems with attacks that use spear-phishing techniques to gain initial access followed by malware and direct attacks.

Losing credit-card numbers, email addresses and other personal data on customers because you can’t be bothered to encrypt or secure it is negligence of the most odious kind.

Giving bad guys who could be military opponents rather than simple identity thieves could have much more serious consequences.

Given the size of the breach and potential impact – not to mention the level of sophistication of the attacks on both RSA and Lockheed Martin – RSA had better not stop with replacing just 45,000 tokens.

The NYT ran estimates that more than 260 million people use RSA SecureID tokens, though that seems a high estimate for IDs that are in current, regular use.

Compared to that, replacing 45,000 that were directly affected is a pretty weak response.

With as much insider knowledge as they must have gained from the RSA breach, attackers with the kind of resources available to a foreign-national intelligence agency could do more than just clone a few electronic tokens.

It could reverse-engineer SecureID’s lower-level code and build tools that would let them crack sites whose RSA tokens and security weren’t part of the loot taken in March.

Replacing a few directly compromised IDs just isn’t going to make enough of a difference.

IT World | RSA offer to replace tokens is weak if defense-industry attackers can make their own

GCN | Another major defense contractor hacked; RSA tokens likely involved

L-3 Communciations attacked on heels of Lockheed Martin breach
By William Jackson, Jun 01, 2011

Fallout from a breach at EMC Corp.’s RSA Security division earlier this year continues to cascade through the defense industry, as information taken in that breach is believed to have been used against major contractor L-3 Communications Holdings Inc. The report follows a similar attack against contracting giant Lockheed Martin.

The L-3 attack was reported May 27 by Reuters, which said attackers reportedly were able to spoof the passcode from an RSA SecurID token.

Similar data is believed to have been used in a May 21 attempt to access Lockheed Martin, which the company described as a “significant and tenacious attack on its information systems network.” A third defense contractor, Northrop Grumman, may also have been attacked. Fox News reported that the company shut down remote access to its network May 26. Northrop hasn’t commented on the report.

L-3 was formed out of 10 business units from Lockheed that were spun off during Lockheed’s acquisition of Martin Marietta.

The RSA breach, reported in March, was described by the company as an Advanced Persistent Threat that targeted information related to the SecurID two-factor authentication product. Although details of that attack still have not been released, it is believed that information about the seed numbers used by an algorithm to generate one-time passcodes on the token was taken.

In a letter to customers, RSA Executive Chairman Art Coviello said that, although “the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”

The broader attack appears to be what has happened at Lockheed Martin and L-3, according to observers in the industry.

Harry Sverdlove, CTO at Bit9, an end-point security company, said the Lockheed Martin attack apparently began with the compromise and installation of keylogger malware on a computer that remotely connected to the corporation’s network. That would let the attacker collect a log-in password and probably several one-time SecurID passcodes.

The passcodes cannot be reused and by themselves are useless. Likewise, the algorithm used to generate them is well-known, but is useless without a seed number that is used to determine what codes are generated. But if the attacker had access to several passcodes, it would be a trivial task to work through a database of seed numbers to determine which value was used to create the codes, Sverdlove said. The attacker could then use that value to generate viable passcodes that could be used with the password to log into the system.

“Whoever attacked Lockheed Martin was the same as attacked RSA or had access to information from the RSA breach,” Sverdlove said.

He said the exploit that delivered the keylogger to the remote computer likely came through a targeted phishing e-mail, the same technique that was used in the initial RSA attack and that also was used to break into systems at the Oak Ridge National Laboratory April. The series of attacks illustrates how vulnerable the most sophisticated defenses can be to a well-engineered phishing attack.

“It only took one infiltration vector to steal everything needed to defeat two-factor authentication,” Sverdlove said.

The attackers are not “one-trick ponies,” Sverdlove said. “They are raising the bar,” by building on initial successes to develop additional attacks.

Sverdlove said that “hardening” passwords used with two-factor authentication or using additional passwords provides no additional security in a system that has been compromised, because attackers are able to collect password data.

Ronald Rivest, professor of computer science at the Massachusetts Institute of Technology and originally the “R” in RSA, said there is no end in sight in the battle between attackers and defenders.

“It is not a problem you can solve,” Rivest said. “We will continue to see attacks and we will continue to see successful attacks.”

He compared cybersecurity to health care, in which new drugs and treatments are continually developed to improve health, although new germs and diseases continue to appear. Success is not determined by the ability to completely eliminate problems.

“There is no silver bullet,” Rivest said. “We must aim for steady progress, not perfection.”

Another major defense contractor hacked; RSA tokens likely involved