RealTime IT News

Homeland Security A Boon for Tech?

Protecting information and the data networks upon which it travels will take a combination of private and public efforts, a top Bush administration official said. Some of those in the private sector, though, say working for the government doesn't make much business sense.

Paul Kurtz, the senior director for national security under President Bush's Critical Infrastructure Protection Board -- part of the National Security Council -- spoke on Thursday at a homeland security investment symposium in Washington, D.C. During his keynote speech, he said information technology (IT) now connects "practically everything" in the country, and that systems are now so interdependent that an attack on one infrastructure can have a cascading effect on others.

Kurtz said that government does not have the answer, and that no one government agency can solve the problem. What's more, "there will be no one silver bullet to solve the problem."

The answers, according to Kurtz, "are in the private sector" -- specifically, a combination of technology, people and policies.

What needs to be done, according to Kurtz, is ask if everything possible is being done to identify critical information systems on both the government and private sides of the coin. Then, the vulnerabilities in those systems -- especially in the Internet -- need to be understood to be fixed.

Government May Not Be Good for Business

Dealing with the government, though, may not help a business, according to several experts on the private industry side of the equation. Mark Lister, the managing director of Rosettex Technology and Ventures Group, said that IT opportunities in homeland security are "woefully small," mainly because the amount of money going to homeland security gets divvied up among a lot of federal agencies. He's also fearful that private industry will not make many inroads into the federal government unless companies can pool their technologies to put together what he called "real solutions."

Venture capitalist Jonathan Silver, the founder and managing director of Core Capital Partners, said that investing in companies that also deal with the federal government can be difficult, because "traditional venture capitalists and firms don't have policy goals -- they want to make a profit." Some government projects don't make good business, because a particular niche may be very small or Uncle Sam may be the only market for a particular product, he also said.

If a company needs capital and wants to sell to the government at the same time, Silver said it can go to someone like In-Q-Tel, a private "venture catalyst" created by the Central Intelligence Agency (CIA) that invests in firms developing information technologies that can be used for U.S. national security interests.

During Thursday's conference, In-Q-Tel Chief Operating Officer (COO) Ronn Richard went as far to say that he's not concerned about return-on-investment (ROI) -- although he admitted that "it would be good to give back some of our money to Congress." While his organization does a lot of what most VCs do, the hardest part of the job is determining if the technology will transfer into the CIA's architecture. Companies have to go through several review boards to determine if their technology is compatible with the spy agency's systems.

Of the 2,000 proposals In-Q-Tel has received, the group has made 20 investments to date, he added.

Infrastructure: Target or Weapon?

Another speaker, meantime, took Kurtz to task for saying that the nation's tech infrastructure will be a future target for terrorists. French Caldwell, vice president and research director for knowledge management at Gartner, said that the U.S.'s infrastructure will not be a target -- it'll be a weapon. "Look at how the mail was used for the anthrax attacks," he said.

Until now, concerns about transaction security or privacy have driven innovation in the IT market, Caldwell said. Now, fear of terrorism and political/ideological-based attacks will add to the need for electronic security. While the market will respond to new threats, "no one yet knows exactly what they're responding to," he also said.

Protecting Against Terrorism

When it comes to protecting against terrorism, meantime, Caldwell said that companies may have to choose to guard only certain systems, because walling all of them off would be difficult. He also said that companies should share information with one another about cyberattacks, so all can learn and protect themselves -- an idea echoed by other speakers at the symposium.

Individuals, meantime, should install personal firewalls and take other security precautions so that their computers are not unwittingly used without their knowledge in attacks, better known as a "zombie."

As for government, Caldwell agreed with Kurtz in saying Washington should lead by example and involve industry in solving IT security problems. But the feds "should not stifle the private sector," and should lead a "Manhattan Project" on knowledge management for homeland security, he added.

Two companies wanting to help protect both individuals and companies from security risks demonstrated their wares at the conference.

Aurora Biometrics Inc. of Rockville, Md., uses facial-recognition technology for its hardware and software systems. Its products include a system that eliminates unauthorized access/use of proximity/swipe cards for use at facility entrances and authorized areas, and a hardware/software solution that protects a PC from unauthorized access.

Swivel Secure America Inc., meantime, was showcasing its new electronic user authentication system. With the protocol, a customer can use one-time, temporary authorization codes that are activated by a predetermined PIN, and entered via an interface that doesn't use a keyboard or display the numbers on a screen.