In 1961, President Kennedy declared that it was America’s intention to send a man to the moon, and within eight years, we had done it. His aim wasn’t simply to gain bragging rights – instead, he and many others believed that our national security was at stake.
We need President Obama to deliver such an address now, this time about cybersecurity and the risks we face to our national defense and our economy if we fail to better protect our IT infrastructure.
To be sure, VCs and startups are already attacking the cybersecurity problem aggressively. Investors poured $1.4 billion into 239 cybersecurity startups in the past year, according to market researcher CB Insights. These companies are working on mobile app security, threat intelligence, data encryption, cloud security, and other market sectors.
But this is a scattershot approach based on perceived market opportunities. The threats we face due to bad guys – you might even call them cyber-terrorists – are much broader than investors and startups can address by themselves.
What we need is a comprehensive framework from our leaders, both in the U.S. and globally, for securing the foundation of our digital economy. Government is likely to be “a day late and a dollar short” with overly prescriptive mandates – given the speed with which cyber threat evolve. But government can provide a roadmap that allows for sharing of expertise and threat intelligence, standards for security assurance, incentives for high risk groups that pursue aggressive initiatives to ensure cyber integrity, and suitable standards of accountability for those that don’t.
Armed with this information, I’m confident that the private sector will respond with innovations and solutions that governments will applaud and private industry will adopt. In that sense, the future development of the cybersecurity industry will parallel the 1960s and 70s growth of the microelectronics industry, which was fueled by demand from defense contractors building NASA’s spaceships.
Experienced cybersecurity investors understand this, which is why the role of government was a key topic at a recent SINET cybersecurity panel I moderated in Silicon Valley. Other venture capitalists that joined me included Corey Mulloy of Highland Capital Partners, Ted Schlein of Kleiner Perkins Caufield & Byers, and Yanev Suissa of SineWave Ventures.
The panel noted that unlike consumer apps or even enterprise apps, cybersecurity solutions need to address both private sector challenges and public infrastructure vulnerabilities at the same time. A key difference in IT security is that it is adversary-based, forcing security vendors and customers to play cat-and-mouse with rogue operators as they try to stay a step ahead of their adversaries. No other IT sector experiences such rapid change.
Many excellent startups are addressing the cybersecurity opportunity, but the panel specifically mentioned four to watch: FireEye, which offers threat protection solutions and recently went public; vArmour Networks, which is in stealth mode but has said it is developing software defined security (and is backed by Highland), Bromium (also backed by Highland and others), which offers advanced malware solutions to enterprises, and Shape Security (backed by Kleiner Perkins, Venrock, Allegis Capital, Norwest, and Google), which is building a “botwall” to defend against automated cyber attacks.
Schlein of Kleiner Perkins, who has invested in several companies such as AlienVault (threat management), and ENDGAME (security intelligence and analytics), is focused on investing now in areas such as breach monitoring management and virtual firewalls.
The panel also discussed the need for crowdsourcing cybersecurity, pulling together bright minds who want to be part of the solution to this global problem. They agreed that there are many more “good guys” than “bad guys,” but it would be good to bring together the thoughts of the “white hats” who are often deep inside large enterprises working on individual projects. Given that 70+ percent of cyber breaches have an “insider” element, solutions to monitor insider activities for anomalous behavior as well as solutions to ensure secure communication were also on the list of areas to watch for innovation.
To speed up development of these and other solutions, the panel concluded that government has to modernize its approach, making contracting and procurement easier and faster so that cybersecurity startups and their investors can forecast returns in a reasonable timeframe. We’ve seen some movement in this area, with efforts such as the Intelligence Advanced Research Projects Activity (IARPA) and the Homeland Security Advanced Research Projects Agency (HSARPA), but these are the exceptions rather than the rule.
For cybersecurity to truly become the moonshot of the 21st century, we need leadership in the highest places.
Bob Ackerman Jr. is the founder and a managing director of Allegis Capital, an early stage Silicon Valley venture capital firm that invests heavily in cyber security.