Montgomery County will be home to the first federally funded research and development center focused solely on advancing cybersecurity technology, a facility that officials recently said will be operated by McLean-based Mitre and Maryland’s top research universities.
The creation of the research center, which will be part of the two-year-old National Cybersecurity Center of Excellence in Rockville, is yet another boon for greater Washington as economic development officials here aim to establish the region as a cybersecurity hub.
The all-too-common reports of cyber attacks afflicting big-name businesses, including Target, JPMorgan Chase, Home Depot, Citigroup and Neiman Marcus, have many companies clamoring to buy software that fortifies their networks and fends off hackers.
This fast-growing field of civil cybersecurity presents a multibillion-dollar business opportunity for technology companies and a powerful new economic development engine for the jurisdictions where those companies establish their headquarters.
Few parts of the country are as flush with potential as the Washington region. Maryland, Virginia and the District are home to the nation’s top defense and intelligence agencies, including the United States Cyber Command at Fort Meade, as well as the constellation of contractors that have guarded the federal government’s networks for years.
But the region is not without deficiencies that officials say must be overcome if it is to become a cybersecurity hotbed, and a growing number of public and private sector initiatives have taken shape in recent years to address those shortcomings.
“If we can get over them, we’ll really have something,” said Jim Dinegar, president and chief executive of the Greater Washington Board of Trade. “I’ve never seen a bigger and faster emerging opportunity than cybersecurity.”
The National Cybersecurity Center of Excellence in Rockville aims to solve one of cybersecurity’s toughest challenges: getting companies to speak honestly about the threats they face and the steps they’re taking to thwart them.
“The timing is right for various stakeholders to collaborate because they all see a need and they’re all scared of the implications of security breaches and data breaches,” said Joseph Jaja, a professor of computer and electrical engineering at the University of Maryland, College Park.
“That’s not an easy task, I realize this,” Jaja said. “But unless we come together and try to develop a set of best practices and shared experiences, we really won’t have an effective solution.”
The federally funded research center also aims to increase awareness for technology that is already available and meets the cybersecurity standards that policymakers have begun to establish, said Gary Gagnon, senior vice president and chief security officer at Mitre.
“We’re optimistic that the people who have cybersecurity challenges can see what the vendors are offering and more readily adopt those solutions,” said Gagnon, who will serve as director of the federally funded research and development center.
But cyber crime is a shifting target, and the software that’s available today could be bested by threats that emerge tomorrow. For that reason, industry experts say it is important to nurture young companies with innovative ideas.
“There’s a lot of money going into cyber right now. A lot of new start-ups, a lot of new ideas. At this point I think that’s healthy because from these start-ups new innovative ways of thinking will come out,” Gagnon said.
A cluster of those companies can be found across the Potomac River in Herndon, where a business accelerator called MACH37 has been working with cybersecurity start-ups for the past year.
When Marcus J. Carey applied to MACH37, it wasn’t to improve his technical chops. A former Navy cryptologist who also trained federal agents in computer forensics, Carey has “been around the block a few times when it comes to cybersecurity,” he said.
But he had never started a business until earlier this year when he founded FireDrillMe, a company whose software simulates cyber attacks so that customers can practice how they would respond to a real-life breach.
MACH37 takes burgeoning entrepreneurs such as Carey and teaches them the basics of finance and accounting, how to court prospective customers and how to raise money from investors.
“I would have had to pick up all these things myself,” Carey said. “So what they’ve created is almost a cookie-cutter approach where these are the things you need to do to be a successful company.”
A lack of business acumen among some of the smartest minds in cybersecurity is one of the challenges facing the burgeoning sector, said Rick Gordon, MACH37’s managing partner. Essentially, those with the best ideas for new cyber technology may not know how to turn it into a viable business.
“Those are skill sets our guys don’t have, and we can either teach them or find them strategic partners or mentors who can do that for them,” Gordon said. “These are individuals that are technologists by affinity. They break things or reverse engineer things to see how they can make them better.”
They may also be plugged into large and active communities of security professionals, Gordon said, but typically lack exposure to early stage investors who can provide financial and strategic support. That’s another problem that could hold the sector back, he said.
“The seasoned investor communities invest in what they know and people who have made them money before,” Gordon said. “But that’s not where a lot of the [cybersecurity] innovation is happening.”
More from the Capital Business Cybersecurity issue: