By Mike Denison, Capital News Service
7:13 PM EDT, March 16, 2014
High-profile cyber attacks on organizations such as Target and Neiman Marcus have drawn increased attention to the cybersecurity industry — an industry that continues to thrive in Maryland, and specifically in Howard County.
Local cybersecurity experts who aim to thwart hackers say they are always being challenged, and at times seem to work from a disadvantage.
"We have to be right 100 percent of the time," said Jim Close, federal account manager for Sourcefire, a Columbia-based network security company acquired by Cisco in October. "[Hackers] only have to be right once."
While malevolent outside forces are a key concern, Chad Carroll, vice president of information operations at Chiron Technology Services, also in Columbia, said most data breaches are the result of user error.
Remote exploits, in which a hacker breaks through a gap in network security from outside the network, are "few and far between," he said. Mere curiosity, he said, can lead an employee to open a suspicious email attachment or click a link to a malicious site.
"Not everybody is technically savvy, and not everybody is able to maneuver around a computer," Carroll said. "They rely on others to be security-savvy for them.
"Too many times, the folks that defend the network … think like a defender," he said. "And you can't. You have to think like an attacker."
Cyber attacks can deal significant damage. Greg Smith, cyber technical adviser for the Alabama-based Camber Corporation, said that in 2013, there were an average of 122 successful cyber attacks on businesses each week. In all, cyber attacks cost businesses nationwide an average of $11.56 million per year.
Smith, who spoke recently at the Cybersecurity Innovation Forum in Baltimore, said $4 million of that could have been mitigated by proper cybersecurity practices.
As technology becomes more advanced, relying on software to prevent and manage breaches may seem like a sound strategy. But Carroll said having humans involved is a critical component of cybersecurity.
"Any time I hear the word 'automated,' I instantly assume you're … removing the human aspect of it. And that's not necessarily the right thing to do," he said. "Somewhere, there's a hacker who's going to get around that. And you have to have that human element when you're doing network defense."
If there is a silver lining to recent breaches like those at Target and Neiman Marcus, Carroll said, it's an increase in security awareness. High-profile hacks tend to encourage companies to revamp security programs and policies to make sure they won't be easy targets.
As that happens, Howard County officials say, local firms are working to be at the forefront of the field. This month, County Executive Ken Ulman and officials from the Howard County Economic Development Authority attended the RSA Conference — an annual cryptography gathering in San Francisco. The conference brings the nation's top information security experts together to address cybersecurity issues.
Ulman participated in meetings to discuss specific expansion plans of two cybersecurity firms in Howard.
Columbia-based Tenable Network Security, which has more than 20,000 customers worldwide ranging from the Department of Defense to Fortune 500 companies and SMBs, confirmed employee growth of 60 percent in the last year, and expects the growth to continue in 2014.
Additionally, Chris Fedde, president of Hexis Cyber Solutions, confirmed plans to open an office in Howard County this spring. The East Coast product development team for Hexis will occupy 10,000 square feet of commercial space and bring more than 50 jobs to the county by the end of the year. Hexis also has a Silicon Valley campus.
"There is a hotbed of cyber activity in Howard County, and we are continuing to attract more companies that are looking to expand and thrive in the Mid-Atlantic," said Lawrence F. Twele, chief executive officer of the Howard County Economic Development Authority. "And it was very rewarding to see companies in our region showcase their skills, products and services on such a high-profile stage."
Close, of Sourcefire, said his company benefits from being in Maryland because of the proximity of government technology and the availability of government contracts.
Experts say with industry leaders such as the National Security Agency nearby, there is plenty of cybersecurity brainpower to go around.
Jeffrey Wells, executive director of cyber development at the Maryland Department of Business and Economic Development, said the industry benefits when NSA employees leave to work in the private sector, unleashing intelligence and innovation otherwise that "may have been trapped for years" in the agency's secretive environment.
Wells said the combination of government intelligence and top-tier colleges has resulted in "explosive" growth in the field in Maryland.
Even so, there are plenty of holes to fill. A report released by the Baltimore Cyber Technology and Innovation Center last year found that 19,000 cybersecurity job openings remained in Maryland alone.
Baltimore Sun reporter Jim Joyner contributed to this article.
Copyright © 2014, The Baltimore Sun