The race to build the Silicon Valley of cybersecurity
Loading...
Dozens of businessmen filed off luxury tour buses, huddling around the Army colonel who commands the sprawling Fort George G. Meade, Md., base that鈥檚 home to the听National Security Agency and the US military's cyberwarfare command. He told them protecting the country from adversaries over computer networks is now just as crucial as on land, in air, sea, and space. It was hard to hear him over the sound of bulldozers and cranes clanking and screeching, building what will become a 750,000 square foot data center.
Yet this cacophonous scene was exactly what Jim Dinegar, chief executive officer of the Greater Washington Board of Trade, wanted the the 82 presidents of banks, construction magnates, realtors, and mortgage brokers he invited on his summer 鈥淐yber Bus Tour鈥 to see: That the US government is taking the threat so seriously that the base is razing the rest of its cherished 36-hole golf course to make way for more computing power for its missions.
Mr. Dinegar hopes the military's double-down on cybersecurity听will convince the businessmen it鈥檚 worth supplying the influx of thousands of听specialists to the relatively sparse Maryland area with everything from homes to dry cleaning and office moving services. After all, Dinegar鈥檚 top mission is to bring jobs and business to the District of Columbia, Northern Virginia, and suburban Maryland. He wants boomtowns. Cybersecurity, he says, will be the region鈥檚 golden ticket. 鈥淚t鈥檚 an opportunity that鈥檚 bigger than anything I鈥檝e ever seen.鈥
But Dinegar is facing stiff competition. He鈥檚 not the only one equating the country鈥檚 cyber insecurity with dollar signs.
While California鈥檚 Silicon Valley is the US technology capital, cities and states across the country are vying to dominate the booming market for actually securing that technology and information.
鈥淲hat鈥檚 the next Silicon Valley for cybersecurity?鈥 asks Peter Singer, a strategist who focuses on cybersecurity at the New America think tank in Washington. 鈥淭his is one of the fastest growing industries 鈥 not just in the tech sector, but in the world.鈥
The global cybersecurity market was $67 billion in 2011 and is projected to grow as high as $156 billion by 2019, according to premium market research firm听. It will expand as more giants such as Sony Pictures Entertainment, Target, and Home Depot are hacked, consumers demand more and better security, and businesses grow more aware of the potential cost to their sales and reputation if they do not provide it.
Seeing a window of opportunity, state governments and pro-business groups from California to Texas and Florida are positioning themselves to win federal contracts and score venture capital investment. Some are going to extraordinary lengths to build what they call 鈥渁 cybersecurity ecosystem.鈥 They are commissioning economic impact studies, developing tax incentives to attract companies to their regions and even hiring PR firms to devise branding strategies. They are competing over government contracts, even investing in startups with money from state coffers. With as many as 300,000 cybersecurity jobs across the country unfilled last year,听security company Symantec, they are crafting academic programs for public universities to win research grants and generate the next crop of highly skilled workers poised to make six figures鈥 and stay local.听
While cybersecurity 鈥渋s about digital systems and processes,鈥 Mr. Singer adds, 鈥渢here are still people behind it. The people, and companies they work for, have to physically be somewhere ... . Where will these people and firms be located? It鈥檚 not yet shook out where it will be.鈥
DC Metro: The federal government advantage
In a competition for cybersecurity business, the area around the nation鈥檚 capital has a huge advantage with the alphabet soup of government agencies, and concentration of military installations. For starters, there鈥檚 Virginia鈥檚 CIA and Pentagon; the District's FBI and Department of Homeland Security; and Maryland鈥檚 Fort Meade and the Defense Information Systems Agency.
Here鈥檚 the true power of geography in the beltway: Contracting. Federal contracts with the NSA, for instance, often have requirements that companies be within a few miles of their government customers paying them, Dinegar says. 鈥淪ilicon Valley is a little bit more than five miles away,鈥 he quips, noting that proximity requirements for contracts is a large part of why the National Business Park 鈥 some 2.3 million square feet of office space in Maryland听鈥 has been fully occupied and continues to grow. 听
So even as the traditional defense budget shrinks at the end of a decade of war in Iraq and Afghanistan, federal money for cybersecurity is increasing. The Pentagon鈥檚 requested $5.5 billion for its cybersecurity operations next year is up a whopping 30 percent from just two years prior; the department is on track to spend around $23 billion on it within five years. (The exact amount the intelligence agencies spend on cyber is unknown because it鈥檚 classified, but strategy consulting firm Avascent estimates the federal government spent $13 billion on cybersecurity-related contracts with companies for just the last fiscal year 鈥 and over half that was delegated by the intelligence community.)
And the flood of federal dollars is a strong factor as to why the Washington, D.C., area posted for more than 23,400 cybersecurity jobs last year 鈥 dramatically more than any other region, including the 12,700 posted in the San Francisco/San Jose area, according to a from Burning Glass analyzing aggregate job postings.
Cybersecurity, says Jeffrey Wells, Maryland鈥檚 director for cyber development, 鈥渋s just a piece of what Silicon Valley is doing, whereas here it鈥檚 our core ecosystem.鈥澨
There are some metrics that support this. In the ratio of cybersecurity jobs to residents by state, Virginia is No. 1, with 25 postings for cybersecurity jobs, ranging from network and information security to cryptography and malware analysis, per 10,000 residents.听
Maryland is second highest, with 18 posts per 10,000 residents.
To be a more formidable 鈥淐yber Capital,鈥 however, the two states and the district should band together, Dinegar argues, because right now each state鈥檚 respective assets 鈥渃ancel each other out鈥 as national leaders.
Silicon Valley, for instance, even has a catchy moniker, but 鈥渢he Greater Washington region,鈥 Dinegar says, does not 鈥渞eally roll off the tongue-- and [people] couldn鈥檛 really say anything about here other than that it is the home to government.鈥
To conquer the branding challenge, Dinegar hired a communications firm, Washington-based APCO Worldwide, to develop a comprehensive list of the entire region鈥檚 assets and develop a clear marketing plan to promote the region as, collectively, the national home for cybersecurity.
鈥淗ow do you cut through the clutter and say, 鈥榃ell, if you鈥檙e landing at BWI airport, then you鈥檙e minutes away from the heartbeat of Cyber Command, and if you land at Dulles Airport, you鈥檙e minutes away from the Northern Virginia technology corridor鈥?鈥 Dinegar wants to know.
Economic and business organizations in the three states want the government to spend around $300 million to extend the routes of Maryland and Virginia鈥檚 commuter trains to allow more direct access between more traditionally remote tech hubs. Without a better cross-border transit system, Dinegar believes it may be difficult encourage the desired boom of highly-educated, young 20- and 30-somethings to live comfortably out in the suburbs, or commute in their apartments in big cities. The Greater Washington Board of Trade is trying to arrange uniform tax incentives across the Maryland, Virginia, and D.C. to attract new business to the region, either for companies that would relocate to the region or local startups that want to expand. Since they all have different tax structures, that also will be no easy feat.
Maryland & Virginia: Battle to claim the cybersecurity mantle
But the biggest obstacle to those pushing a Greater Washington cybersecurity domination plan may be that elements within the state governments themselves are, by many accounts, obstructing this kind of kumbaya approach.
To them, it鈥檚 clearly a competition. 鈥淲e are correct in calling Maryland the epicenter for cybersecurity,鈥 says Mr. Wells, the听Maryland director of cyber development,听pointing to his state's 鈥淐yber Maryland鈥 initiative. Launched in 2010, it was the country鈥檚 first state-coordinated approach to harness federal, state, and local governments, private businesses, and academia to promote cybersecurity opportunities. But Karen Jackson, Virginia鈥檚 secretary of technology, does not believe her neighbor has it in the bag. 鈥淰irginia will come out on top,鈥 Ms. Jackson says. 鈥淲e鈥檙e nationally ranked as the best place to do business. That鈥檚 a national ranking that says we鈥檙e better than everyone else.鈥
Maryland and Virginia are busy luring jobs and contracts that could make them each No. 1. Jackson says she personally is working hardest on scoring the 鈥淐ivilian Cyber Campus鈥 that would be a new center that would consolidate civilians from the Homeland Security and Justice Departments onto one campus. Obama鈥檚 budget for next year requested $227 million for the center, though the location has not been named. 鈥淲e are going to actively pursue any and all opportunities to bring additional cyber assets to the Commonwealth,鈥 Jackson said.听
Compared to Silicon Valley, suburban Washington is not exactly known for its entrepreneurial spirit. But private businesses are crucial to create a successful cybersecurity business ecosystem. Some very successful security companies have sprouted up locally, including the Virginia-based Mandiant, which was acquired last year by FireEye for $1 billion last year; and the Maryland-based Sourcefire, which Cisco bought for $2.7 billion the year before. But East Coast cybersecurity companies are typically focused on providing services, not building products 鈥 and their returns tend to be far lower than on the West Coast. They are a little defensive about it. 听
鈥淪ilicon Valley values return on investment much differently than we do on the East Coast,鈥 says Wells. If big companies such as Facebook are going to spend roughly $19 billion for social media apps like WhatsApp but 鈥渟pend $2 billion on a cybersecurity product that saves billions a year,鈥 Wells said, 鈥渢here鈥檚 a skewed proposition.鈥
This translates into more cross-border competition for companies. Maryland raised $84 millionearly stage technology 鈥 including $5 million for cybersecurity 鈥 and offers a total of $4 million worth of tax breaks specifically for cybersecurity startups already in the state or who agree to locate there.
The competition scales down even to the county or city level. Montgomery County has created its own tax credit similar to the one at the state level. For instance, Maryland鈥檚 Montgomery County $100,000 to lure a small Virginia cybersecurity startup, Mobile Systems 7. Representatives from the Arlington, Va., economic development council are staking out cybersecurity trade shows for companies looking to relocate, talking up the incoming secure dark fiber lines and geared toward attracting high tech firms with tax incentives.
Since Maryland and Virginia have each set aside millions of taxpayer money to bolster the creation of cybersecurity companies in their states, the competition is perhaps not so surprising. Each state wants to see return on their investment. 鈥淥ur funders care very much about it, and they do look at it as zero sum,鈥 says Rick Gordon of Mach 37, an accelerator designed to make local cybersecurity startups succeed, funded in part with $4 million in Virginia state money over two years. 鈥淚f Maryland gets one of our businesses, they look at it as a loss.鈥
In the broader national competition, however, these competing incentives could prove counterproductive to unity advocates like Dinegar. 鈥淲e鈥檙e like, 鈥楽top! Stop arguing with each other! We鈥檙e collectively the home of cyber here in this region,鈥欌 Dinegar says. The competition between states, even counties, leaves the door open for other regions to steal business, he says. 鈥淔rankly, if we worked better together, we wouldn鈥檛 have Silicon Valley eating our lunch, or Austin, Texas, emerging as strong as they鈥檙e emerging. We are already home to cyber. I would say it鈥檚 ours to lose ... There鈥檚 plenty for everybody, so let鈥檚 not be greedy.鈥
San Antonio: Forget 'Alamo City.' This is 'Cyber City USA'
San Antonio's leaders have already claimed the title 鈥淐yber City USA." And John Dickson wants to cement its position as other regions vie for the title.
That鈥檚 why Mr. Dickson, who chairs the cybersecurity task force at San Antonio鈥檚 Chamber of Commerce, went door-to-door in the halls of Congress this February to lobby senators and representatives from Texas to bring his city more business. San Antonio's military presence has created a critical mass of cybersecurity operations in the area. The Air Force鈥檚 Cyber Command; the unit charged with electronic warfare; and the NSA鈥檚 Texas Cryptologic Center, that鈥檚 now a sprawling intelligence center, call the city home. Combined, the three centers are estimated to have a mission force of more than 6,000 personnel, making cybersecurity is a huge driver of the local economy.
So Dickson and six other San Antonians moonlighting as cybersecurity lobbyists had a clear set of asks for Congress. A principal at the Denim Group, a fast-growing firm in the city and a former Air Force officer himself, Dickson wants the military and NSA to delegate authority to local military and intelligence stations to be able to hire their own contractors.
Current contracting policy, Dickson says, means companies 鈥渉ave to make a pilgrimage to Maryland to win contracts, so it gives an advantage to contractors in the D.C. area.鈥 More contracting authority locally, he says, would 鈥渓evel the playing field.鈥 Also on the long-term wish list: A Department of Homeland Security regional center in the San Antonio area.
San Antonio's history with cybersecurity spans all the way back to the mid-1980s, when computer networks were just developing and the military stationed some of the earliest cybersecurity personnel in the city. Over time, the outflux of skilled personnel leaving the military and staying local has in part led to some advantages for the city:听Close to 100 cybersecurity-oriented companies operate out of the city, according to听a study by Deloitte听肠ommissioned by the San Antonio Chamber of Commerce to assess the city's cybersecurity assets. And听San Antonio听has the second-largest concentration of Certified Information Systems Security Professionals in the US,听according to that report, an internal document previewed to Passcode.听
鈥淐ybersecurity as an industry is still in its infancy, and San Antonio is among the elite locations poised for growth," the Deloitte report found. "Albeit lacking the youthful vibe of an Austin, San Antonio鈥檚 entrepreneurial strata, including cybersecurity, other information technology and biosciences, is sizable and growing. Local entrepreneurs claim the ability to entice essential employees from desirable employment centers like the D.C. area."听
The trick, Dickson says, will be figuring out how to make San Antonio stand out. 鈥淚n all likelihood, McAfee and Symantec aren鈥檛 going to move to San Antonio in our lifetime,鈥 he says. Nor will research and development work migrate from Silicon Valley and Boston. 鈥淲hat we do have is a lot of talented practitioners ... . There鈥檚 an entire squadron in the Air Force that does nothing but malware analysis. Those folks are starting to leave [the military] now.鈥 The next evolution of the recruitment strategy, Dickson says, should be to encourage big companies to set up security network operations centers in the city and hire locals.听Deloitte recommends San Antonio consider creating a dedicated cybersecurity economic development staffer to entice business and investment.
Meanwhile, the state of Texas is looking to San Antonio as a model for its bigger ambitions: An initiative called Cyber Texas. Brian Engle, the state鈥檚 chief information security officer who stepped down in February just before this piece published, says instigated a more coordinated approach to 鈥渉oist鈥 itself into the national competition since October 2013. Texas already has for academic excellence in cybersecurity, but lacked a coordinating initiative 鈥 even Mr. Engle鈥檚 own job did not exist.
Over the next three years, 90,000 veterans will return to the state, and Texas is building incubators for them to leverage their skills into cybersecurity jobs, especially through programs like Cyber Aces, developed by the SANS Institute, to train them in coding and network defense. Veterans, Engle says, 鈥渁bsolutely come with a skill set that is really highly related to cybersecurity, the understanding and protection of information and compartmentalization."
But the state鈥檚 big sales pitch revolves around taxes. 鈥淭he lack of a state income tax makes living here very attractive for an individual,鈥 Engle says. 鈥淭he cost of living is dramatically lower.鈥 Governor Rick Perry, who was replaced in the last election, toured the country to talk about how his state is 鈥溾 鈥 which caught the ire of other players trying to build their own empires.
鈥淗e went up to Maryland and talked about how Austin was strong on technology鈥 [saying] 鈥榃e don鈥檛 charge taxes, and you should move out of Maryland鈥,鈥 Dinegar says. 鈥淚t was a pretty audacious move.鈥
The trick, Dickson says, will be figuring out how to make San Antonio stand out. 鈥淚n all likelihood, McAfee and Symantec aren鈥檛 going to move to San Antonio in our lifetime,鈥 he says. Nor will research and development work migrate from Silicon Valley and Boston. 鈥淲hat we do have is a lot of talented practitioners ... . There鈥檚 an entire squadron in the Air Force that does nothing but malware analysis. Those folks are starting to leave [the military] now.鈥 The next evolution of the recruitment strategy, Dickson says, should be to encourage big companies to set up security network operations centers in the city and hire locals.听Deloitte recommends San Antonio consider creating a dedicated cybersecurity economic development staffer to entice business and investment.
Meanwhile, the state of Texas is looking to San Antonio as a model for its bigger ambitions: An initiative called Cyber Texas. Brian Engle, the state鈥檚 chief information security officer who stepped down in February just before this piece published, says instigated a more coordinated approach to 鈥渉oist鈥 itself into the national competition since October 2013. Texas already has for academic excellence in cybersecurity, but lacked a coordinating initiative 鈥 even Mr. Engle鈥檚 own job did not exist.
Over the next three years, 90,000 veterans will return to the state, and Texas is building incubators for them to leverage their skills into cybersecurity jobs, especially through programs like Cyber Aces, developed by the SANS Institute, to train them in coding and network defense. Veterans, Engle says, 鈥渁bsolutely come with a skill set that is really highly related to cybersecurity, the understanding and protection of information and compartmentalization."
But the state鈥檚 big sales pitch revolves around taxes. 鈥淭he lack of a state income tax makes living here very attractive for an individual,鈥 Engle says. 鈥淭he cost of living is dramatically lower.鈥 Governor Rick Perry, who was replaced in the last election, toured the country to talk about how his state is 鈥溾 鈥 which caught the ire of other players trying to build their own empires.
鈥淗e went up to Maryland and talked about how Austin was strong on technology鈥 [saying] 鈥榃e don鈥檛 charge taxes, and you should move out of Maryland鈥,鈥 Dinegar says. 鈥淚t was a pretty audacious move.鈥
California: Developing a cybersecurity-specific sales pitch
While California has military installations, too, which garner government contracts, its real advantage over the East Coast comes from its lineup of commercial power players, from McAfee in Santa Clara to Symantec in Mountain View. 鈥淪ilicon Valley is the hub for enterprise cybersecurity, where big businesses are coming up with better firewalls, because there are a lot of big tech businesses out there,鈥 says venture capitalist John Backus.
The East Coast, explains Backus, the founder of New Atlantic Ventures, is the hub for research and development 鈥 cybersecurity work听that鈥檚 still classified and may not show up inside the enterprise world for years 鈥 while the West Coast is the hub for commercialization. They specialize in taking small companies and making them, well, really big. When it comes to venture capital in security, California dominates the rest of its challengers, according to figures provided to Passcode by the National Venture Capital Association. In 2014, the highest-ever VC spending in the cybersecurity industry, California ate up $1.5 billion of the total $2.1 billion in cybersecurity dollars.听
This year, California's cybersecurity ecosystem got a big push on the academic side when the William and Flora Hewlett Foundation awarded the University of California, Berkeley, and Stanford University each with $15 million last fall to jumpstart cybersecurity policy analysis and new ideas in this field. In another boost for California's cybersecurity narrative, President Obama spoke at Stanford's summit in February, where he signed an executive order encouraging the private sector to share cyberthreat information with the government and other companies.听
Still, state officials know they have a long way to go to be universally considered the nation鈥檚 cybersecurity capital. California gets so much VC spending in large part because it is the center for venture spending听overall, not necessarily because it has a unified cybersecurity sales pitch.
鈥淭here was a thought that companies were being recruited out of California, because there was nothing 鈥 no narrative 鈥 about cyber in California,鈥 says Louis Stewart, who is California鈥檚 deputy director of innovation and entrepreneurship. So Gov. Jerry Brown, he says, commissioned a task force to 鈥渢ell that story.鈥
The task force, led by the Department of Emergency Services and the Department of Technology, is working on a proposal for how to unify the state鈥檚 efforts on cybersecurity 鈥揳nd, of course, recommend a dollar figure to invest in it. One idea on the table: Talking to insurance companies to have them look at the level of cybersecurity in place at a company 鈥 and then offer them lower rates.
As the task force figures out how to harness its assets to woo cybersecurity businesses, the city of San Diego is not waiting around for its recommendations; it鈥檚 already making a strong play for the Cyber Capital title.
Ken Slaght, a former head of the Navy鈥檚 Space and Naval Warfare Systems Command, located in that city, has retired from the military to co-chair the San Diego鈥檚 Cyber Center for Excellence. It鈥檚 a public-private partnership to accelerate the city鈥檚 economy by harnessing its cybersecurity assets. Slaght, a retired rear admiral, says more than 6,600 people work in the cybersecurity industry in San Diego, including some 3,100 from his former military command, which administers hundreds of millions of dollars in contracts in this space. More than 100 small to medium size cybersecurity companies call the city home 鈥 but some local groups, Admiral Slaght says, estimate that number may actually be more than triple that size.
The San Diego center has made a running start. It鈥檚 entered into a formal partnership with the airport authority in San Diego to ensure the local airport complies with government-recommended NIST cybersecurity standard. Though 鈥渢hat takes a significant amount of work,鈥 Slaght says, the center is doing its consulting 鈥渁ll pro bono鈥 鈥 a model for partnerships that might expand to other parts of the state. The corporate members of Slaght鈥檚 center will soon be able to post openings in a cybersecurity-specific jobs portal, likely through job site Career Builder, to attract talent from universities and companies to fill their openings.
This, too, the state government may replicate. 鈥淭he state Cyber Task Force has already said, 鈥榃e鈥檙e going to let you run the pilot, and if it works well we鈥檙e going to expand it to the state, and let agencies post jobs鈥,鈥 Slaght said. So, after an expected $75,000 investment, the portal should be up and running by summer.
The investments, Slaght hopes, will pay off. The total economic impact of cybersecurity workers last year on San Diego was $1.5 billion 鈥 equivalent to the boons from hosting more than 3.3 Super Bowls or 8.5 Comic-Cons, he says. 鈥淭hose are huge tourism drivers here,鈥 Slaght says, 鈥渂ut if you add up what cyber could do, they almost pale in comparison.鈥
Florida: From 'sunshine state to 'cyber state'
Yes, he bolded, italicized and underlined that prefix for special emphasis, in the title of a report asking for $16.1 million every year from Florida鈥檚 board of governors to establish a center for cybersecurity. 鈥淥ne of a handful of states will emerge as the leader in cybersecurity and become the magnet that attracts the billions of dollars of private-sector and military spending that will be invested in this emerging field,鈥 Mr. Sridharan wrote in the pitch, submitted to the board in December 2013. 鈥淔lorida can become this leader.鈥
The sales pitch worked. With an initial investment $5 million investment from the state, Sridharan now directs the Florida Center for Cybersecurity, up and running since June. Headquartered at the University of South Florida, the center connects the state鈥檚 12 public universities and its experts under one umbrella to expand academic curricula and score government grants in cybersecurity. The center will offer the state鈥檚 best resources 鈥 people and locations 鈥 when they submit proposals for contracts, instead of competing one against the other for the pot of cybersecurity grant money.
According to Sridharan at least, the NSA and DHS were into the idea: 鈥淭hey phrased it, 鈥楾hat鈥檚 a winning model.鈥 鈥
Sridharan is well aware of the Greater Washington region鈥檚 squabbles over contracts and installations 鈥 and hopes it will work to his advantage. Government officials told Sridharan, in meetings to discuss collaborating with Florida on cybersecurity initiatives, that 鈥渢here is this struggle and tug-of-war taking place鈥 in the nation鈥檚 capital, he said. 听鈥淭hat is one of the reasons why, when we presented our business model to them, it really resonated with them,鈥 Sridharan says.
Already, the new center hosted a big workshop 鈥 loaded with Washington types 鈥 to discuss the NIST roadmap for improving critical infrastructure cybersecurity in October. The university hosted 400 guests after it was selected by the White House as one of the locations to stream President Obama鈥檚 speech at Stanford University in February. Shuttling between Tampa and Washington, Sridharan is using these conferences and exercises led by the government to build relationships with various agencies with the expectation he will earn contracts in the future.
Companies can鈥檛 hire cybersecurity grads fast enough to fill the job deficit, and Sridharan wants them to pluck employees from Florida. Dubbed a center for academic excellence in cybersecurity, program enrollment has doubled from the first semester to the second. With thousands more certificates in cybersecurity predicted across the state under the new initiative, these Florida graduates, Sridharan expects, will enter the workforce prepared for six-figure-salary jobs 鈥 and the state predicts return on its investment through federal and industry R&D expenditures, patents and licensing revenues, and startup companies.
This is just the beginning for the Florida center鈥檚 state-of-the-art facility, replete with a screen that shows cyber attacks in real time. Sridharan is asking for a phased-in investment of $36.6 million to build it, complete with a government-approved secure facility to protect classified military or intelligence information and labs and its own data center. After all, Sridharan wants to collaborate with the military鈥檚 Special Operations Command and Central Command and other local military hubs.
Florida, at the outset, seems an unlikely contender to dominate the cybersecurity market; nine of the top 10 cities in the country known as hotbeds for identity theft are in Florida. Government officials often note, Sridharan acknowledges, 鈥渨e have largest number of crooks in the entire country.鈥 But he insists the fraud actually helps his case. 鈥淲e really need [the Florida center] to address this problem in a big way.鈥听
Massachusetts: Leveraging academic brainpower
Massachusetts is a hub for security research and academic study across its many universities, from Harvard and Worcester Polytechnic Institute to MIT, the third recipient of the Hewlett Foundation's $15 million cybersecurity grant. An academic powerhouse, Massachusetts is the natural home for analysts and thought leadership in cybersecurity. Like California, Boston has the benefit of being an existing venture capital hub. Over the last five years, Massachusetts consistently falls just below California in terms of VC investment in cybersecurity firms, with anywhere from around $100 to 300 million spent per year. And the city of听Boston alone came in seventh in the top 10 cities for cybersecurity job postings, according to the Burning Glass report.
There had been little indication that the state will take on a role in coordinating an umbrella network for public and private cybersecurity business,听脿听la Maryland, but that could change soon.
Launched in 2011, the Advanced Cyber Security Center is a nonprofit consortium of universities, local government, and industry. ACSC's membership spans financial services such as the Federal Reserve Bank of Boston to pharmaceutical companies such as Pfizer Inc., and health insurance companies such as Blue Cross Blue Shield of Massachusetts. And the ACSC wants to build a Center for Excellence. The vision: Graduate and post-doctoral students, supervised by faculty, would work with cybersecurity companies on research products aligned with industry interests. It would include a physical center likely in downtown Boston and virtual capabilities to enable multiple universities to join in.
Charlie Benway, ACSC鈥檚 director, says industry partners have already promised they would triple whatever the state contributes to the project. To launch, the project will likely need around $10 million. Kickstarting this plan earlier this month,听肠omputer security company RSA's Brian Fitzgerald听presented a broader plan for government investment in cybersecurity听to the new governor, Charlie Baker. ACSC hopes it will invest millions of dollars into cybersecurity like the previous Massachusetts administration invested in life sciences.听
鈥淲e certainly think we have the resources and capabilities to be one of those centers of gravity [in cybersecurity],鈥 Benway says. 鈥淲e think we are one of the centers of gravity. We do have the right mix of assets and resources to be a national leader in cybersecurity.鈥
The challengers: Washington, Georgia, and Alabama
There鈥檚 also a smattering of other cities and states that could prove to be dark horses in the national cybersecurity race.
Washington State, for instance, boasts big companies in the Puget Sound area, starting with Microsoft and Amazon, and a constellation of defense installations and contractors. These are creating an outgrowth of cybersecurity startups in Seattle, says Ben Vaught, the communications director for the state鈥檚 chief information officer. 鈥淚f you鈥檙e going to start a cybersecurity company, Washington state is the best place to do it, in terms of workplace availability and proximity to other folks working on similar issues,鈥 he says. 鈥淭here鈥檚 more people here that have cybersecurity experience than most of the other places in the nation.鈥
There鈥檚 also Georgia, which is a powerhouse in information security, a sector that generates a hefty $4.7 billion in annual revenue there. Home to the US Army Cyber Command and a National Security Agency cryptological center, the state has more than 115 information security companies 鈥 and major players like IBM and Dell SecureWorks have a significant presence or are headquartered there. Georgia is currently working on developing a cybersecurity tax incentive plan to attract more business, according to the Deloitte report commissioned by its competitor San Antonio.
Cyber Huntsville, a nonprofit organization of industry, government, and academic institutions, is an initiative by this Alabama city to, , make 鈥淗untsville and the Tennessee Valley region a nationally and internationally recognized cyber leader.鈥 The plan calls for Huntsville to focus on cybersecurity in the context of economic development, but it appears to be a far cry from the business attraction efforts already established or brewing in other states.
For now, Cyber Capital USA is anyone鈥檚 title to win.
Being a first mover does not necessarily mean a city or state will have a definitive advantage, New America鈥檚 Peter Singer said.
鈥淧hiladelphia is, ultimately, the home of the computer, but Silicon Valley is the winner of the computer [industry],鈥 he says.
There鈥檚 precedent for this as far back as the turn of the century. 鈥淎utomobiles were made everywhere, from Long Island to Richmond, Va," Singer says.听"Detroit is the winner of that revolution.鈥
Until one region comes out the winner, this will be the gold rush of the Digital Age 鈥 and not, necessarily, pushing out West.
Does your city or region have a plan to be the next hub for cybersecurity? Write the author at sorchers@csmonitor.com or tweet @.