Calculating the Cybersecurity Economy
By David Hodes
There is a new race underway to secure the country. And it’s a race that this country has to win.
One of the events that triggered the race was the attacks of September 2001. But the Eric Snowden NSA leak event has added even more fuel to the fire and more attention to cybersecurity efforts across the country.
Where this business has settled is on the East Coast, positioned logically in the corridor of Maryland, Virginia and West Virginia that sit amid billions of dollars of Department of Defense assets and research and development infrastructure.
This part of the country, with deep intellectual capital and a strong pipeline for workforce to keep the development of all things cyber firing on all cylinders of the area’s economic engines, has become the new promised land for companies pursuing cybersecurity business.
“I think one of the strongest economic engines in Virginia is technology,” says Jim Duffey, Virginia’s Secretary of Technology. “And I think within technology there are certain areas that are going to be drawing faster than others. And we believe cybersecurity and modeling simulation are two of the areas that are really going to grow faster than other areas.”
Duffey says the state did an inventory of assets that could identify as cyber related. “And in the first cut of the inventory, we found that there were about 500 companies in Virginia that are focused on what we would call cybersecurity.”
There are other vital assets in the state, such as the Virginia Tech Research Center and Deloitte’s Center for Cyber Innovation, both in Arlington. “That, plus if you take a look at the tech community that has either a headquarters here or a substantial cyber operation in Virginia, you’ll see all the big players are here,” Duffey says, referring to Lockheed, Raytheon, Northrop Grumman, SAIC, General Dynamics, Booz Allen Hamilton and more. “All of them have portfolios that include cyber. I think cyber has already been a priority and will continue to be a priority. And we see reasons for that every day.”
The U.S. Department of Defense spent around $8.5 billion on cybersecurity development in 2010, Duffey says, and projects spending more than $13 billion in 2015. “We think that particular area is going to be growing about 9 percent a year,” he says.
He points to the friendly business climate in the state as a reason startups should consider creating a cyber business in the Virginia, including the state’s capital gains exemptions and the state’s angel technology investment tax credit.
The state is also launching Mach37, a cybersecurity startup business accelerator, where the state will give businesses money as they develop products or services through stages.
One of those companies that found the state well suited to their cybersecurity needs was General Electric, based in Fairfield, Conn. The company recently opened its Information Security Technology Center in Glen Allen, just north of Richmond.
Deneen DeFiore, executive IT leader, GE Information Security Technology Center, says that the company was taking a look at what was happening in the world — compromised companies, new risks — and found that being protected from cyberattacks took a higher priority. “We needed to keep up with that trend,” DeFiore says. “So all the way down from the board level to the senior leaders, we knew that we needed to build a resources center and really put the priorities and development capabilities into cybersecurity functions.”
She says that they chose to put the center, which is the hub of cybersecurity for the company, in Virginia because of the proximity to those particular resources and skills set that are unique to the region. “Plus we have been able to partner with colleges on a local level here, influencing curriculum in their undergraduate program and doing internships with students so that they can not only pursue their education in engineering but get the practical skills that they need for cyber functions and potentially be interested in getting a job with us when they graduate,” DeFiore says.
The Snowden incident, while not directly affecting GE because its cybersecurity is focused on the company and its customers, has alerted the company to be more determined to get ahead of the game to protect themselves and their customers the best they can. “We are going to ramp up,” DeFiore says. “We already have 130 or so security risk professionals at the center now, and want to be up to 200 by 2015.”
While Virginia asserts a certain logistic dominance, Maryland finds itself in an interesting spot as well, says Patrick Tonui, program manager for Security Information and Technology at the Maryland Department of Business and Economic Development. “We are trying to make ourselves the hub of security,” he says. “That is an aspirational statement, but when you look at the government side of things, both the civilian and the military, it’s a statement of fact.”
Tonui says that the big focus in cybersecurity in the state centers around Fort Meade, where, as part of the BRAC process, the U.S. Army stood up its Cyber Command in 2009, charged with centralizing command of cyberspace operations and strengthening the Department of Defense cyberspace capabilities.
According to the Abell Foundation’s “Cyber Security Jobs Report” about Maryland released in January, the number of job openings and active recruitment for cyber related jobs was 20,000. With about 13,000 of these job openings in Baltimore City, the study findings indicate, that the city is now third nationally for cybersecurity jobs behind Palo Alto and San Francisco in California.
Venture capital can come from the InvestMaryland investment program initiative, funded by $84 million in state funds, and the Innovate Maryland Program, with a pool of $5 million from the state and five state universities to support innovative research and commercializing discoveries made at universities labs.
Usually not on the radar for cybersecurity but definitely in the mix of East Coast corridor developments, West Virginia’s cybersecurity history actually began with the development of a leadership role in biometrics in 2005.
The biometric initiative then had a lot of early success, says Deana Keener, president of the I-79 Development Council, but lost government funding in 2009.
Inside the biometrics industry — used for identification by measuring and evaluating characteristics and traits of people — was technology that could be used as an identification process related to cybersecurity on the state and national level.
So the state began to rethink what they could do with the technology that supported biometrics and could also support cybersecurity development.
“As biometrics was kind of ruled out as a new technology, we had strong forensics and cybersecurity development and strong data analysis and data management prospects,” Keener says. “So we were rethinking all of this and trying to get the most synergistic approach that we could. We decided that we had the platform that we would put all of this on and roll it back out. Because there is all this cross-pollination in this industry.”
The former West Virginia Biometrics Initiative was renamed and relaunched as the Identification Intelligence Group, and is now in the formative stages of creating awareness of what they can and will do.
The group began the process of reworking their biometrics assets in January, where they have several technology parts in place already inside the 400-acre I-79 Technology Park. Here, there are already 30 businesses with 1,500 employees, many with government or Department of Defense connections, such as ManTech International Corp. and Northrop Grumman, along with smaller startup companies.
The boost in economic vitality that technology and cybersecurity can bring to an area is beginning to draw attention from other states in the country. One such state is Alabama.
Guntersville, Ala., is just a stone’s throw from Huntsville, home of the U.S. Space & Rocket Center. The city is in the early stages of developing a 400-acre business park, Conners Island Business Park, which is currently home to the corporate headquarters of Duckett Fishing, its first tenant, and Central Dynamics Inc., a continuous indoor wave pool exercise builder.
Grant Demuth, director of economic development for Guntersville, says that they have been working for the last year with Cyber Huntsville Corp., a Tennessee Valley initiative, and other related businesses in cybersecurity to attract the Microsofts and Intels and other businesses, plus other smaller ones that may not want to be in the center of the action in Huntsville.
DeMuth says that they are one of the seven state Tennessee Valley Authority’s (TVA) primary data center locations. Data centers are a target market for the TVA because of the huge need for energy that data centers use. “We have good fiber connections to the park and good power connections,” he says. “And the park is pretty much just waiting for the right businesses to come here.”
DeMuth adds that the economic development company participated in two cyber conferences last year, doing a regional approach to attracting cyber companies that are looking for space. “These big guys, like a Microsoft or Intel, are going to look at a place where they have a larger area to spread out,” he says.
Protecting assets has always been a priority in any business. But today, more and more assets are digital bits and bytes, with more going to the cloud, and can be easily compromised without the diligence of a dynamic cybersecurity operation.
Now more than ever, a business must keep up with the moving target of staying ahead of the bad guys — or suffer the consequences.
For complete details on the organizations featured in this article, visit:
Illustration by Victor Habbick at Free Digital Photos.net