Makeup of Region’s Cyber Ecosystem Offers Clues to Where More Investments are Needed

Michael Hoffman is executive editor and director of marketing at Tandem National Security Innovations.

The federal government’s effort to protect its digital networks depends on the greater Washington’s cybersecurity industry for support, but a recent census shows that ecosystem could be at risk because of a preponderance of services and solutions companies versus products companies operating near the nation’s capital.

A census of the cybersecurity industry done by Tandem National Security Innovations found nearly 1,000 cybersecurity companies operating in D.C., Maryland and Virginia. However, only 5 percent of those companies focused solely on building cybersecurity products. The majority of the companies on the TandemNSI Cybersecurity Industry List provide consulting services and solutions.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

This is important because the U.S. government admittedly needs help protecting the nation’s digital infrastructure. Last week’s distributed denial-of-service attack that shut down a wide range of popular websites like Twitter, Etsy and Spotify is the latest large-scale cyberattack to hit the nation.

The government is not geographically restricted to local cybersecurity firms. But federal procurement data shows at least half of the cybersecurity companies in the greater Washington region have derived revenue from government contracts in recent years.

Government agencies depend on local companies to protect their networks. Similarly, D.C.-area cybersecurity companies rely on the government as customers. In many cases, local companies have designed their business models around the government to allow for slower acquisition cycles and required customization for limited government markets.

Government leaders—notably, Defense Secretary Ash Carter—have made a significant push to attract technology companies outside the Beltway in places like Silicon Valley and Boston to government work. Carter’s initiative with new organizations like the Defense Innovation Unit Experimental has made progress, but many tech companies have run into the same acquisition roadblocks their predecessors previously hit.

A healthy cybersecurity industry in the greater Washington region will only help the government better protect itself from quickly advancing cyber threats from nation states like Russia and the hobbyist hackers who executed the Oct. 21 attack.

The first step is understanding what type of companies and resources exist in the great Washington region’s cybersecurity ecosystem. When we searched for a publicly available list of companies, we didn’t find one. So, we reached out to businesses and organizations, collected our list and published it to establish a baseline for the local ecosystem.

“We need to have a baseline in order to understand and use the great cyber assets we have in the greater Washington region,” said Mike Daniels, former chairman of the Northern Virginia Technology Council. “We need for the U.S. government and the private sector to see the scope and magnitude of this invaluable resource to our region and our economy.”

A deeper dive into the data revealed the lack of product companies operating in the region. Product companies attract larger investors because it’s easier to scale a product versus a service company. Larger investors lead to healthier innovation hubs because startups follow the money.

It’s not to say services and solutions cybersecurity companies are not required. These companies are vital to integrate the necessary cybersecurity products that protect government networks. The distinctly unbalanced ecosystem is the concern. Better understanding the D.C.- area’s cybersecurity ecosystem can help identify what is restricting the number of product companies.

“There may be a relative lack in resources and talent related to building successful product companies and scaling them from this region,” said Rick Gordon, managing partner for the MACH37 Cybersecurity Accelerator located in Northern Virginia.

Local politicians see the cybersecurity industry as a major economic driver for the greater Washington region. Economic development agencies in Maryland, Virginia and D.C. have all made investments to attract cybersecurity startups. Many are making additional plans to inject the region with even more resources to boost the growing cybersecurity industry.

Sen. Mark Warner, D-Va., has been outspoken in his support for developing the cybersecurity industry and pushing the federal government to improve its acquisition process to allow government agencies to keep pace with advancing technologies. The senator himself has a unique understanding of the tech industry, as he helped launch tech companies before starting his political career.

“Cybersecurity is one of the most serious economic and national security challenges we face as a nation, and both the private and the public sector need to be better prepared to address the escalating threat from cyberattacks,” Warner said in June when announcing the launch of the bipartisan Senate Cybersecurity Caucus.

A healthy cybersecurity industry is required to help protect against those rapidly escalating threats. Examining the makeup of the greater Washington region’s cybersecurity ecosystem offers clues to where more investments are required and where current companies can work together.

“The regional cybersecurity community should understand they are second to none,” said Bob Gourley, former chief technology officer for the Defense Intelligence Agency and current co-founder of Cognitio Corp. “Working together, we can enhance how the entire nation defends itself.”