The Internet of Things is expected to have an economic impact of up to $33 trillion a year by 2025, and opportunities abound for San Diego companies.
Representatives from the city of San Diego, Space and Naval Warfare Systems Command (SPAWAR), Qualcomm (Nasdaq: QCOM) and the cybersecurity hub presented some of the areas ripest for investment and most in need of solutions at an Aerospace Defense Forum on Thursday.
From the Navy’s perspective, securing these devices is the fourth revolution in military affairs. Social media, continuous monitoring and configuration management are particular pain points.
“I like to say that we’re living our current generation’s revolution in military affairs,” said Brian Erickson, deputy director of Navy cybersecurity at SPAWAR. “Back in WWI it was tank warfare, WWII was atomic warfare, the Gulf War was smart weaponry. Now we’re into cyber.”
He said SPAWAR’s systems were all built with stability — not security — in mind, which means that configuration management, or the ability to detect the use of devices on a given platform, such as a ship, isn’t always possible, and it needs to be. The same goes for the real-time, dynamic assessment of systems, known as continuous monitoring.
“Understanding from a configuration management perspective, understanding from a continuous monitoring perspective — those are the kind of things we’re focused on right now,” Erickson said.
“If you’re looking at services or products to be developing, those are the kinds of areas I would focus in the immediacy — that doesn’t withstand forward thinking and forward planning.”
Social media is also presenting a major challenge to the Navy in the Internet of Things and cyberspace. The vast majority of the Navy’s personnel is from 18 to 22 years old, and they expect to be able to connect both on land and at sea, far from family and friends.
The problem is twofold: Senior-level flag officers don’t typically share or understand the expectation of connection, and the geographic and time stamps of social media can pose a security threat.
“It’s an ever-present problem that we struggle with daily, to try and ensure that we’re minimizing the operational security risk to the strike group as it deploys, but allow the expected generation to have some of their social media to communicate,” Erickson said.
Continuous monitoring is also important for San Diego, which thwarts 300,000 attacks a week to its system, said Gary Haslip, chief information security officer for the city of San Diego.
“When I came in, I took a look at the networks and everything we had set up, looked at the gaps we had, set up the whole defense in depth, which is what everybody normally has, but that doesn’t really defend the kind of networks that I have,” Haslip said.
“That doesn’t defend me against the phishing attacks that we deal with and everything else. You got to deal with continuous monitoring and continuous remediation — 24/7 you’ve got to be in our network, know your data, know your people.”
Haslip said the city is funding a continuous-monitoring project for next fiscal year, which he says shows that the mayor and top staff are beginning to understand the problem and the need to prevent attacks and handle compromised systems.
“I finally got the mayor and everybody to understand breaches are going to happen. My job is to put enough controls in place to slow it down so we can respond and kill it when it does happen. And continuous monitoring is one of the key pieces that I need. So I’ve got it funded, just waiting for July 1.”
The other main challenge from the city’s perspective is one that cuts across every divide: people. Haslip said the city bought SANS Securing the Human Training and will roll it out in all departments so employees will pay attention to their computer habits.
While the city of San Diego works with three prime contractors — Atos, Xerox and CGI — Haslip said he is always looking for smaller, startup companies with technology that could fit into his plans a fiscal budget or two down the line with a request for proposal.
Kris Virtue, director of IT at Qualcomm, said his private company’s means of acquiring needed solutions is quicker than the drawn-out RFP process.
“Luckily for us, our process to acquire technology is a lot [simpler] — we pick it and we buy it,” Virtue said.
He said Qualcomm is interested in predictive analytics for enhanced monitoring of systems, and cloud-based security platforms. He said it’s easier to work with local firms, which bodes well for San Diego’s cyberscene, and said Qualcomm typically prefers to work with smaller, newer companies to be better able to tailor the product to their needs.
Darin Andersen, CEO of CyberUnited and head of San Diego’s CyberTech, said that while San Diego has many opportunities for business and growth, one of the paramount shifts of our generation should not be overlooked: the increasing importance of global trade and the rise of China.
With General Electric (NYSE: GE) selling 65 percent of its products outside the United States, and 12 percent of all Global 500 companies based in Beijing alone, getting involved in the global business of Internet of Things and security will present an increasing share of opportunities.
“We’ve seen this shift over the last two decades that has been a dramatic realignment of the large fortune companies,” Andersen said. “We still have the lead in those tech companies — there’s some 280 here — but probably that line will shift over the next 10 years, so you’re going to see a radically different environment.”
China leads the world in this movement, having deployed 29 percent of the world’s IoT devices to date. Europe follows at 27 percent, and then the United States at 22 percent.