Biotech, mobile, tourism, craft beer — San Diego is at the forefront of these industries and its business community is defined by them, but who says there isn’t room for one more? Thanks to a wide-reaching public-private partnership, the Cyber Center of Excellence opened March 20 with the goal of adding cybersecurity to the list of homegrown success stories.
“We identified more than 100 cyberfirms that employ at least 3,500 private-sector employees,” said Michael Combs, research manager at the San Diego Economic Development Corp., which spearheaded an initial assessment of the cybersecurity industry.
“And then we also consulted with SPAWAR to find how many cyberemployees SPAWAR has, which is 3,095 cyberprofessionals. … And so when you talk about the economic impact of that, the industry impacts more than 13,000 jobs in San Diego, which yields over a $1.5 billion total economic impact in the region, which is the equivalent of hosting about three Super Bowls every year.”
The EDC joined with companies and politicians including Sentek Global, ESET, Mayor Kevin Faulconer and Rep. Scott Peters to create the nonprofit CCOE, which aims to harness these already-high numbers and increase the cybersecurity business, a sector that is expected to outperform general economic growth.
“Economists project the San Diego economy will grow anywhere from 1.5 to 2.5 percent or so depending on how conservative or bullish you are,” Combs said at a recent Daily Transcript executive roundtable.
“We asked cybersecurity firms how much they expect to grow, and they said by 13 percent employment. Then we asked about the cyberspecific workforce, and they expect that to grow by more than 25 percent — 10 times the rate of even the most bullish estimates of San Diego’s economy.”
So what, exactly, will the CCOE do to accelerate that? Executive Director Holly Smithson said the organization will focus on increasing collaboration between cyberfirms, and serve as a go-to point for companies considering entering the space here in San Diego.
She said being an information-sharing point is key, and the center will help companies better understand cyberthreats, disseminate information to those who have been compromised to know what steps to take, and help new cyberbusinesses better understand the San Diego business, talent and tech landscape.
“That’s where the Cyber Center of Excellence, I think, is really going to play a key role — becoming that one point of contact we can go to for everything going on in cyber,” said Eric Basu, CEO of Sentek Global.
“So a company wants to form a startup here in San Diego, they’re going to come to the Cyber Center of Excellence and get a database of talent, which will draw from both the military and commercial sides. They get the different venture capital groups that will go ahead and fund you, the different government grants that are out there — all these sorts of things. Because right now if you wanted to do that, you’d have to go to the Internet and figure it out yourself. You can do it, but it takes a long time.”
Andrew Lee, CEO of ESET, sponsor of the executive roundtable, elaborated on the importance of CCOE acting as a protected space for comparing threats, which doesn’t exist now.
“Right now, if Microsoft got hacked they would not put it out and let anyone know, yet the mechanism by which they got hacked could be critical to protect someone else,” Lee said. “So what this really does is it basically creates a safe environment for people to share and benefit from that information.”
This is particularly important given the increasing threat landscape and an infrastructure unable to effectively deal with perpetrators.
Tony Nufer, general manger for the southwest region of Vector Planning and Services Inc., said cyberthreats come from nation states, rogue states, organized criminal groups and individuals just wanting to get into mischief.
Lee added that when he started in the industry, all of the viruses in the world could fit onto one standard floppy disk. Now, that number stands at 1 billion unique samples in 2013 alone.
Aside from the sheer scale of attackers and threats, another problem is the lack of punishment for perpetrators. Lee said the very first step of this process, identifying the attacker, is still difficult — given how the Internet works and the ability for people to conceal their identity — but is made easier through collaboration between law enforcements of different states and countries. Even when perpetrators are identified, the challenge isn’t over.
“It’s still very, very hard and there’s not enough money to prosecute everybody,” Lee said. “So they’re really going after, first of all, the big, hot button for law enforcement, which is child pornography and child protection and human trafficking. So when they see that those things are being involved in the threat, then yes, there’s a big incentive now to go out and get these guys.”
Lee said there isn’t a need for new legislation, as many of the crimes break existing laws, such as fraud and theft. He said the key to increasing the percentage of perpetrators caught and convicted lies in greater collaboration, both between law enforcement in different regions, and between the private sector and law enforcement.
“What we need to do and I think what we can do here in San Diego where we already have a very good relationship with law enforcement, with the FBI, with our local police department who have been absolute champions of cybersecurity and in particular in the region of child defense and helping break down pedophile rings and online stalking — what we can do is, I think, highlight how these models work elsewhere, and give them that information. Because very often the information just isn’t available.
“So while industry is not law enforcement — we’re not the police — we can offer a lot of the information … but we can also provide connections,” Lee said. “We have to help them build cases by saying, ‘look this activity over here that we’re saying is definitely related to this activity here, and this is in your jurisdiction so you can start looking at it.’”
While there is certainly cause for concern and a need to exercise caution online just as in the physical world, the message from the roundtable was clear: The “good guys” are on the job.
“The reality is, and I’m always very keen to point out that we shouldn’t project this as a sky-is-falling scenario, because I think there is way too much fear and doubt and uncertainty in the world as it is,” Lee said. “The reality is, though, that we have to learn to live in a digital age and we haven’t done that yet.”
Related video: Eric Basu, Holly Smithson on cybersecurity
* Eric Basu, CEO, Sentek Global
* Michael Combs, Research Manager, San Diego Regional Economic Development Corp.
* Andrew Lee, CEO, ESET (sponsor)
* Chad Nelley, Vice President of Operations, ESET (sponsor)
* Tony Nufer, COO and General Manager, Southwest Region, VPSI
* Holly Smithson, Director, Cyber Center of Excellence