Like no other event in recent years, the terrorist acts of 9/11 unmasked the serious vulnerabilities of our nation’s vital infrastructure. For the first time in decades, Americans have become fearful for their security at home. As a result, we have embarked on a national quest to re-equip our public and private infrastructure for a more insecure, uncertain age. This has fundamentally altered demand and, therefore, presents a real opportunity for venture capital investment in some related technologies, products and services.
Witness the increased numbers of private sector chief information officers (not defense chiefs, mind you) who now say security is a spending priority. Since 2000, the META Group has seen a rise from 20% to 40% of the number of its clients who have dedicated computer security groups. It expects that number to increase from 60% to 70 percent. Moreover, it reported last year that 73% of companies have increased their spending on security, even though only 24% had increased their overall technology budgets.
This demand for homeland security “solutions” will likely be long-term. To date, there are no signs that the internal or external threats to our security will disappear anytime soon. As a result, homeland security investing is not a fad like.
This new demand extends to non-traditional buyers of security, making it a much larger potential market opportunity. It goes beyond the federal government. Private sector demand will equal that of the federal government, according to a Deloitte Consulting estimate, and local and state governments should add billions more. In fact, one can even claim that securing our national infrastructure is, in the end, a private industry concern, since 85% of our nation’s infrastructure lies in private hands.
This new market extends far beyond conventional security technology. Before 9/11, conventional security technology focused on walls erected to keep threats out: firewalls, intrusion detection systems, anti-virus software and physical security. But post-9/11, we have learned that security technology also involves tools that enable the early detection of warning signals, sharing and analyzing those signals and responding to them effectively. And we need to apply those tools not just to our digital communications network, but to bio-terrorism and other threats across our national infrastructure.
In a fundamental sense, 9/11 awakened us to the startling immaturity of our communications network infrastructure, which remains our basic channel for comprehending and responding to threats. Over the last 25 years, we’ve rushed to build an open IP-based infrastructure, whose chief selling points of universal inter-connectivity and remote access also turned out to be its chief weaknesses. We haven’t made the infrastructure reliable enough or secure enough to serve as a ubiquitous utility, even though many have begun to treat it as such. Going forward, we must confront the basic paradox of how to maintain openness while preventing threats from outsiders.
The Gates Challenge
In an email in January 2002, Bill Gates put forth what he considered to be the next goal for overall computing: trustworthiness. The email states in part:
“Today, in the developed world, we do not worry about electricity and water services being available. With telephony, we rely both on its availability and its security for conducting highly confidential business transactions without worrying that information about who we call or what we say will be compromised. Computing falls well short of this, ranging from the individual user who isn’t willing to add a new application because it might destabilize their [sic] system, to a corporation that moves slowly to embrace e-business because today’s platforms don’t make the grade. The events of last year-from September’s terrorist attacks to a number of malicious and highly publicized computer viruses-reminded every one of us how important it is to ensure the integrity and security of our critical infrastructure, whether it’s the airlines or computer systems.”
Another reason why homeland security procurement represents a significant opportunity for venture capital is that it marks the first step in a fundamental change in how the government obtains technology. The federal government used to develop the technology it used in-house or buy it from select private contractors. Now, the level and quantity of private sector research vastly exceeds that of the government. Consequently, Uncle Sam must obtain the latest technology from the private sector, if it wishes to stay on the leading edge. The progressive elements in the government recognize this. That’s why they’ve launched In-Q-Tel, the CIA’s venture capital arm. Venture capital will likely be an important channel in this new stage of technology transfer, and leading-edge venture capitalists are in an excellent position to catalyze the process.
In fact, venture capitalists may be uniquely positioned to contribute to homeland security. Why? Because technology companies already have a model for how to mold a networked society to respond to threats in their experience with the Internet. The Internet, as you’ll recall, was developed as a means for secure computing in the face of a nuclear/military threat. It therefore offers a model for constructing a network that can survive localized, regional threats, empowering the “first responders” at the edge with the data, knowledge and analytics of the greater whole, and mobilizing the network to serve as a vehicle for early detection of threats and rapid response.
Nevertheless, there are good reasons to be at least somewhat cautious about the prospects for homeland security investment. For one thing, homeland security can’t offer complete salvation for the tech sector-especially venture-backed businesses-during these trying times, no matter how much we’d like it to. When you look at the federal government’s actual plans, it isn’t spending that much on technology per se. It’s about $2.3 billion, though security demand from other sources should augment that. Homeland security appropriations will mostly feed big contractors, so startups won’t stand a great chance of getting contracts directly from Uncle Sam. They will have to cozy up to the general contractors for subcontracts. Moreover, the contracting period may be too long and cost too much for some of the more wobbly startups to rely on.
Accordingly, Sternhill Partners believes the appropriate stance to take is one of prudent optimism. This dovetails with the strategy chosen by In-Q-Tel, Paladin Capital Group, Patriot Venture Partners and other homeland security-specific venture capital funds. They see federal government procurement as only a part of a larger and principally commercial market for homeland security technology. VCs that succeed in homeland defense will be those whose portfolio companies own unique technologies with broad security and non-security applications, well suited for both the public and private sectors. For instance, one of our portfolio companies, ClearCube Technology, is increasingly attracting interest from the Air Force and other government operations by offering a more secure computer architecture in which the guts of standard PCs have been moved off the desktop and into the back office. We didn’t originally invest in ClearCube with homeland security in mind; however, strong public sector demand from entities with sensitive operations now complements the company’s private sector business.
There are a few technical areas where significant innovation will be necessary-and which are potentially attractive to venture investment. For example, there are tremendous opportunities for innovation in information management and analysis. Can we achieve so-called “predictive intelligence” by gleaning relevant information from disparate and non-standardized data sources? Can we derive predictions of future terrorist activity from seemingly disconnected data? One notable effort driving the need for such innovations is the controversial Total Information Awareness (TIA) project. The sheer scale of the kind of databases proposed by TIA and the ability to draw from and make sense of such databases will also require major advances in processing power and data storage and the ability to manage the IT infrastructure effectively.
Many of the technical challenges before us appear to be incremental. The following are some of the technologies both the government and industry are seeking that niche venture companies could potentially satisfy:
* Better biometric ways of identifying people before they enter our IT and other infrastructure.
* Better security technologies for keeping out threats to our communications infrastructure and providing disaster recovery mechanisms if they fail.
* Better collaborative tools for allowing people to share and analyze disparate data about threats across disparate systems.
* Better geospatial information systems (GIS) applications and wireless networks for allowing first responders to detect threats, locate them and respond to them.
* Better surveillance tools and sensors for perceiving and analyzing threats, both to our communications and other infrastructure, as well as to bio-terrorist threats, which are less quickly or easily apprehended.
Homeland security will not be an easy area to invest in. More than anything, it will require a deep understanding of the specific problems making our societal infrastructure vulnerable. What are the weaknesses/holes in our digital infrastructure that render important institutions vulnerable to attack? Where does the process of reporting, analyzing and responding to bioterrorist threats break down? How can that process be remedied? The complexity of these problems will limit success in this space to seasoned investors with solid technical credentials willing to invest for the long term. We must be careful to avoid an industry wide tendency to invest in the “trendy,” essentially turning dot-com into dot-homeland.
Still, we’re optimistic. Homeland security offers a big opportunity for venture capitalists willing to do their homework, understand the vulnerabilities of our infrastructure and identify technologies and management teams able to address them. But that’s always been the way smart VCs make money.
Bob Stearns is managing director for Sternhill Partners, an early-stage venture capital firm focused on information technology start ups. The firm, based in Houston, Texas, has approximately $100 million under management. Before co-founding Sternhill Partners in 1999, Stearns was chief technical and strategy officer for Compaq Computer. He sits on the boards of ClearCube Technology and RLX Technologies and on the advisory boards of Southwest Bank of Texas and the Center for Nano-and Molecular Science and Technology at the University of Texas at Austin.