The Most Promising Security Start-Up in 2008 is TRX Systems

Disruptive Indoor Tracking Solution Wins Global Security Challenge 2008

TRX Systems was awarded a $500,000 grant sponsored by TSWG of the U.S. Government for winning the 3rd annual Global Security Challenge (GSC) today. Six security startups, who were chosen out of hundreds of entrants, pitched their inventions at an event hosted by London Business School.

A Judging Committee comprised of leaders from government, venture capital and industry selected this year’s most promising security startup in the world.

TRX Systems, a spin off from the University of Maryland in the USA is a leading innovator in the development of personnel tracking solutions. TRX Systems created an advanced personnel tracking system that provides first responders with accurate and real-time locations of individuals deployed inside a building. TRX’s technology is self-contained, requires no pre-existing infrastructure and can even create virtual floor maps in real-time. (www.trxsystems.com)

GSC Security Technology Summit in London - 13 November 2008

The GSC Grand Final will occur on November 13th 2008 at London Business School.

It is a full-day event with speakers from government, industry, venture capital and startups. The event allows great networking opportunities with the world's leading security venture capital funds and technologists.

Confirmed Speakers Include: Chris Darby, CEO of In-Q-Tel (CIA's venture capital fund) John Reid, MP and former UK Home Office Secretary Stephen Dennis, Technical Director of HSARPA, U.S. Department of Homeland Security Colin Matthews, CEO of BAA Paul Wiles, Chief Scientific Advisor, UK Home Office General Victor Renuart, Commander of U.S. Northern Command, US Department of Defense Ronald Noble, Secretary General, INTERPOL

New Venture Capital fund in Europe focused on security technologies: Spuukie Venture Partners

We just heard the rumor that a new venture capital fund is currently fundraising for a pure-security technology fund: Spuukie Venture Partners [spooky]

This new fund is established by industry veterans who aim to invest in early stage companies, typically in Series-A rounds, worth $500K - $2m. While no geographic restrictions apply, the fund's partners mentioned to us that they will concentrate initially on the European countries and Asia as the VC/funding infrastructure in the USA is already highly developed for security start-ups, with VC funds as Paladin, NovakBiddle and In-Q-Tel.

Will keep you up-to-date with any news we hear about "Spuukie Venture Partners" also let us know if you know more than us about it. One thing is for sure, starting a security startup in Europe is going to get more excited now!

GSC Online Community Went Live: tools for security entrepreneurs

Today, the new Global Security Challenge Online Community went live.

Free Collaboration Tools for Entrepreneurs

The GSC online community is based around free collaboration tools for security entrepreneurs to ease access to VCs, to find partners and team-mates and to collaborate with each other.

Venture Capital Matching Tool

The VC Search Tool is based on our database of VCs dealing with security startups. It compares the information you've given us about your company and will make suggestions for potentially interested VCs. Here is an example:

New Global Security Challenge Webpage Goes *LIVE*

Exciting News: After two years of using our first webpage, the new, advanced webpage for the Global Security Challenge went online today!

Check it out, we think its pretty cool and are eager to hear your comments.

The URL is the same one as always: www.globalsecuritychallenge.com



Interaction & Research
The new GSC homepage aims to be very interactive and includes the following features:

• our blog articles with research on security that we publish twice a week
• an online application system for the competition's entrants
• information on our advisory services
• ... and soon an online community for security startups.

Some government backed innovation still misunderstood

The MoD’s recent move to open a "pilot centre for defence enterprise" has come under fire within the press. Evidently this new centre for incubation will be located in the Harwell Science and Innovation Campus in Oxfordshire. The proximity to Cambridge and Oxford is not lost although less for university spinouts for security technologies but perhaps more for serial entrepreneurs and investors (angels and otherwise) who can get involved in growing these baby companies.

The purpose of the centre will be to bring together groups of people (investors and innovators) that have been working together in non-defense related curricula for years. The goal is to better support the UK armed forces with novel technologies and there will be inbuilt incentives for individuals, SMEs, and academics to engage with MoD.

It sounds like the MoD is really trying to think outside of the box. "We have worked hard to remove barriers to innovative concepts and change ideas," said Baroness Taylor, the Minister for Defence Equipment and Support. Adding “Industry, big and small, academia, inventors, entrepreneurs, engineers and investors all have something to offer in developing the next generation of military technology. The Centre for Defence Enterprise will provide a vehicle for exposing these opportunities."

We at the Global Security Challenge are firm believers that enabling innovators will not only save money in the long term but it will make us safer. This opinion is not shared by everyone. Lewis Page of the Register argues that any time you try to foster innovation through a business environment you must somehow be greasing palms. His comments on the MOD incubator is that "these baby companies will be so flush with cash by the time they exit a government incubator that they will be the equivalent of flying pigs.”

Mr. Page is fundamentally mistaken in his assumption that governments can only muck things up. Incubators are an important part of creating and sustaining viable businesses. Your correspondent believes in the necessity of supporting security entrepreneurs particularly as they tend to face a more difficult path than others

German Government Provides €29 Million in Funding for Explosive Research

Germany’s Federal Ministry of Research is providing €29 million in funding for 16 new collaborative projects for the detection of toxic and explosive substances. Altogether 73 partner entities are involved in these 16 projects, ranging from universities, scientific institutes, defense companies and the police. From what is mentioned in the ministry’s public statements it seems that unfortunately no start-ups are involved in these projects.

One interesting and potentially breakthrough technology example is the project with the easily memorable project name IRLDEX, which aims to be used against Improvised Explosive Devices (IEDs) through a new infrared laser that takes advantage of the unique absorption rates of explosive materials. The project leaders for this invention are the renowned Fraunhofer Institut and the Bundeskriminalamt (German Federal Police). Interestingly enough are the remarks of project manager Dr. Oliver Ambacher, who is thinking about future possible commercial applications of this technology for identifying food-diseases (Gammelfleisch) and pesticides in textiles. While the question arises of how to spin-off such a technology from this public-private mission, IRLDEX might become another powerful example of a technology developed firstly for security that later addresses commercial needs and earns healthy returns in the marketplace for its investors and founders.

The ministry’s other research projects focus for example on the early and reliable identification of biological pathogens that cause epidemics. They also concentrate on the detection of noxious drinking water contaminants. There are also some projects that focus on researching the use of terahertz technology in security technology applications. More information on BMBF's website

The DHS Inspector General Takes a Look at Airport Security

The Office of the Inspector General at DHS recently released an unclassified summary of its undercover testing of airport screening, entitle an Audit of Airport Passenger and Checked Baggage Screening Performance. The OIG evidently sent in undercover agents to an undisclosed list of airports from May to August of last year. (you can read report here DHS OIG report)

The report doesn’t get in to the specifics of the experiment but you get a sense that if the IG presented TSA with six recommendations then there was probably something they could be doing better. TSA responded by thanking the OIG for it’s thoughtful oversight and replied that in April of 2007 they implemented

“the Aviation Screening Assessment Program to create a more systematic framework to assess the effectiveness of the screening process and provide statistically sound data. This program performed thousands of covert tests at airports nationwide in 2007. Under separate training programs, TSA conducts over a thousand covert tests for IED’s and almost 70,000 electronic image tests— every day.”

A lot of people are claiming this is primarily a people problem, that you must make screeners happier in their jobs and they will do a better job. If you take into account that 1.1 million people enter the US every day and there are rumours flying of a goal for screeners of 200 people/hour this is as clear a case as I have ever seen for an increased reliance on technology.

How could we expect any person to have the focus and the vigilance for 100% perfect screening while trying to cut down on queuing times? What we need is better technology that is less reliant on human manipulation. We wouldn’t use a calculator to manually fill in a spreadsheet, right?! We would use excel. So why do we rely so heavily on manual labour in airports? Because the technology just isn’t there yet.

Apparently in TSA agrees, and stated in the audit that in 2008 they will be introducing an improved screening checkpoint that focuses on three initiatives: “(1) improving hostile intent detection by reducing routine travel “noise” and focusing on telltale behavior; (2) deploying proven technology to screen for explosives on passengers and carry-on bags; and (3) reducing congestion and engaging passengers at more points in the journey—directly or indirectly.”

Standoff Detection - what are the benchmarks for such technologies?

One of the most difficult problems to solve in security technologies in the ability to know whether a person holds or a vehicle contains explosives. As we discuss standoff technologies today let’s first make sure that we are talking about the same thing.

Remote detection technologies allow personnel to respond to the threat of a suspicious object by taking a sample or a ‘sniff’ up close. This affords the luxury of getting results from a safer, remote distance. These remote detection technologies are not the technologies we’ll talk about today. While very important, today we are looking at situations where both the responder and the technology are removed from the situation.

There are many options in designing a standoff detection system. Should the sensor sniff for chemicals (in any stage of life) or should it rely on detecting different parts of the bomb such as wires or triggers. Also should it be ground based system or what about an air borne platform?

Last month TSWG posted requirements of its explosives subgroup. Their requirements should be a good benchmark for what standoff detectors should meet if they will bring innovation to this area. Here are the goals listed for explosive detection in vehicles:

And TSWG's requirements for explosives carried on someone’s person:
If your technology meets or exceeds these requirements you should enter the Global Security Challenge 2008.

Exit Opportunities for Security Startups Look Bright

VC Money is Sign of Healthy Exits
We blogged last week about the availability of VC money for security startups. The selected entrepreneurs who made it to the final rounds of the Global Security Challenge collectively raised over $19 million following their participation. In a recent article in Red Herring, Cassimir Medford confirms the vitality of fundraising for security technology citing the example of Proofpoint -- an email security startup. This is a good sign for healthy exit opportunities in this market, because VCs typically only invest in startups they believe will earn them exit with a return of at least 10-x-cash,.

IPO as a Viable Exit Opportunity?
While current market conditions for an initial public offering are difficult for any startup, security startups have had a mixed scorecard. The fingerprint and hand-scanning company Cross-Match withdrew its filing for an IPO in January 2008, citing an unfavorable market environment. Broadview Networks, whose solutions ensure protection of critical data and networks, is still on track for its IPO in 2008. It filed for an IPO on Nasdaq in November, aiming to raise $288m. Sourcefire experienced a fast path to a successful IPO. The network intrusion detection startup was founded in 2001 and just 6 years later completed its IPO, generating $86.3 million.

M&A the More Attractive Alternative?
It is every entrepreneur’s dream to take his idea to IPO, but realistically the recent corporate acquisitions of security startups show a very active market that may prove the better route for security entrepreneurs.

Lately a bunch of acquisition deals for IT-security startups have happened with high valuations and hence nice payouts for the founders and investors. Cisco Systems spent almost a billion dollars last year for acquiring IronPort ($830m) and Securent ($100m). Not surprisingly, Google also went on a shopping tour and bought the on-demand web security firm Postini for $625 million last July.

However, IT-security startups are not the only hot acquisition targets as physical security technologies, such as biometrics and video surveillance, appear on the buying lists of industry leaders. In January 2008, L-1 Identity Solutions bought the finger-scanning company Bioscrypt for $44million. Neither are these deals contained only to the US, as the Israeli video surveillance company NICE bought Actimize for $280 million in July 2007 – a nice pay day for an 8-year old startup, no?

UMD is named American Partner University of the Global Security Challenge 2008

We are happy to announce that the University of Maryland is the 2008 host of the American leg of the Global Security Challenge. The University of Maryland is a world class institution widely recognized for its work in the areas of national security. It is ranked among the nation's top 20 public research universities, and its close proximity to DC makes it a convenient starting point when you want to reach some of the most influential decision-makers in security technology.

Last week we blogged about IARPA moving to UMD. Senator Barbara Mikulski commented on that by saying, "I can think of no better place than the University of Maryland for IARPA's headquarters. Its innovative academic research, world-class facilities and proximity to federal intelligence agencies make it an excellent choice."

To name a few reasons for its well deserved reputation, the university performs research within its campus against different aspect of national security:

• Center for Advanced Study of Languages - the nation's largest foreign language laboratory


• Center for Information Policy and Electronic Government (CIPEG) – projects will include those devoted to emergency response technologies


• M-Square, UMD’s research park, is also home to the National Foreign Language Center; NOAA National Weather and Environmental Prediction Centers; the FDA Center for Food Safety; the Maryland Center for Food, Nutrition, and Agricultural Policy; and the USDA Animal and Plant Health Inspection Service.

We echo the words of Congressman Ruppersberger, who as chair of the House Technical and Tactical Intelligence Subcommittee, stated "…the University of Maryland will continue to be a center for technology and innovation that will keep our country safe."

This is exactly the type of forward thinking we support and we applaud the University of Maryland’s focus on national security-related research. Stay tuned for an announcement of the date of the GSC’s American Regional and for details about how you can attend.

Global Security Challenge's finalists raise over $19 million in new capital

The Global Security Challenge (GSC) is proud to announce that our finalists and winners from the last two annual competitions have subsequently raised $19.6 million in new venture capital, grants and angel investments. This is in addition to the important grant that TSWG of the US Government awarded last year’s winning entrepreneurs.

Our top-selected startups also have secured large contracts with government clients, such as the US Department of Energy, the US Navy and the US Department of Defense, and with industry behemoths, such as Siemens and Bayer AG from Germany.

There is clearly the potential for a company to accelerate it’s growth timeline via involvement in the GSC. The success of our entrants validates our global competition. Two recent examples illustrate this intricate relationship between the Global Security Challenge and “our” startups.

Vumii – a video surveillance software and finalist of 2006 raised $3.9m in funding last year and contributed a lot of its success to the GSC. The CEO of Vumii, Randal Foster confirms this by saying: “As a direct result from our participation in the GSC, Vumii acquired increased global credibility and benefited from greater global brand recognition from the investment community, security solution community, and potential employee population."

As reported in the press, the GSC winner of 2007, NoblePeak Vision, announced last week that they raised $12 million in a funding round, led by Chart Venture Partners of New York. With Matt McCooe from Chart Venture Partners being an active supporter of the GSC for years, we are extremely pleased about this startup-investor match. (Picture below shows Matt McCooe on the left as a panelist at last year’s GSC conference in London)

Cliff King, NoblePeak’s Founder and COO, told us "Customer interest in our night vision technology soared from the publicity we received after winning the 2007 GSC. As a direct result we are now developing new camera systems with major OEM's and systems integrators for market launch at the end of 2008".

IARPA... Open for Business

It has been called the spy-version of DARPA, but the Intelligence Advanced Research Activity Project or IARPA has opened on the campus of the University of Maryland, a partner university of the Global Security Challenge. IARPA (pronounced EYE-ar-pah) is charged with developing groundbreaking technologies for the U.S. intelligence community. Right now it’s housed within UMD’s Center for Advanced Study of Languages but is planning on moving into its own building (being built on campus) by 2009.

This research agency consolidates the National Security Agency's Disruptive Technology Office (previously called the Advanced Research and Development Activity), the National Geospatial-Intelligence Agency's National Technology Alliance, and the Central Intelligence Agency's Intelligence Technology Innovation Center.

Surprisingly (or perhaps unsurprisingly because it’s DC) there are mixed opinions about IARPA. It does appear as one more way in which the CIA’s power is being subsumed, but on the other hand if IARPA can be more effective why not give it a try?

Back when Steve Nixon who is the current Deputy Associate Director of Science and Technology in the DNI’s office, was the acting director of IARPA he said in reference to the technologies coming out of IARPA, “The world has changed in dramatic ways with globalization of technology. These are the things that might not get done otherwise."

The good news for the new director of IARPA, Lisa Porter, is that she will report to Steve Nixon in the DNI’s Office. So straight off the bat she knows she’ll be reporting to someone who understands and supports her agency. Your columnist has been searching the web for a sense of the competence of Ms. Porter and found mostly positive comments left on blogs by those who have come into contact with her. (to read some the comments, click here)

One thing that is sure is that centre is located in on the campus of a university that is very much linked into this area. More about UMD soon…

German spy software gets a limited ”Go“

The Constitutional Supreme Court of Germany (Bundesverfassungsgericht) decided last week that the online investigation of a suspect’s computer is permissible under the German constitution. Technology-wise, this would mean that the police can purposefully infect a suspect’s computer with spy software (a so-called Trojan) that would relay information on that person’s hard-drive back to the police.

The Ministry of the Interior will soon implement this decision into the criminal code of law and the police’s investigative practices. The court’s decision does not give the police ”carte blanche“ to spy on people. Instead they deemed that this type of cyber spying is a violation of privacy rights and is only acceptable in exceptional cases and only under the supervision of a judge. As reported by Spiegel, Wolfgang Schäuble, the German Minister of the Interior, already tried to calm the public’s fears by saying this new instrument will be applied in only a “few, but critical cases”.

Yesterday, he again reminded the public in an interview about the imminent danger Germans face, underscored by intelligence agencies who concluded that Germany is a target for Islamic terror and that Al-Qaeda’s leadership has made the decision to prepare for attacks against Germany.

The BBC pointed out the irony of this advanced but intrusive technology to be applied in a country that has “a historic fear of state intrusion, dating back to the Stasi secret police in the East and the Nazi-era Gestapo.” According to the BBC, this new law makes Germans “the most spied upon people in Europe”.

Rail Security – the Slow Metamorphosis of Trains into Airliners

Many aviation experts continue to complain that security controls at airports are inefficient and ineffective. Their arguments are only strengthened by the fact that testing the system usually reveals breathtaking gaps. Nevertheless, terrorists are known to be adaptive by nature and have responded to increased vigilance and technological improvements at airports by switching their ’loci operandi’ to trains, as the attacks in Madrid ('04) and London ('05) and the averted plots in Germany ('06) painfully illustrated.

The need to beef up train security is apparent and two interesting examples below show different approaches and success rates:

German police authorities (BKA) put facial recognition to a test at the central train-station in Mainz in 2007 – with mixed results at its best. They tried to recognize 200 registered commuters (so people purposefully took a designated picture at the beginning of the test). However even in these artificial conditions they reached a recognition success rate of only about 60% during the day and less than 20% at night. These results were so disappointing that the BKA chief said he could not recommend facial recognition, at least at its current level of maturity, for wider use by the federal authorities.

Last week Amtrak – the US train behemoth – announced the implementation of airport-like security checks. Now some travelers will be exposed to checks before they board trains by technologies like Smiths Detection’s portable explosive detection devices. Amtrak did however, stop short of installing fixed metal-detectors, which would trigger lengthy cues and erase the last benefit that trains have over airlines – that of convenience. This columnist believes though that as long as rail security remains significantly lower than airlines, it will remain a target of convenience for terrorists.

A Look at Defence Investing: Funding from Asia

As it becomes more and more important to find and fund cutting edge technologies, we see countries turning to the venture capitalist route. Singapore is one of those countries and today we’ll look at the fund established there and how it helps defence and security innovators.

Defence Science and Technology Agency (DSTA), is very involved in defence and security research and development at universities in the region through Temasek Laboratories at both the National University of Singapore (NUS) and the Nanyang Technological University (NTU).

They have now gone one step further to help bring to market innovative ideas that can be used in Singapore’s defence initiatives and have therefore set up a technology innovation fund. This fund is administered by Cap Vista, a strategic partner of the Global Security Challenge competition.

DSTA committed S$20 million to invest in early-stage technology startups around the globe (capped at around $2 million per investment). The current portfolio companies from the website of CapVista are:

• Ascendent Technologies Pte Ltd, a Singapore registered company, was formed in March 2007. It specializes in the research and development of CERMET (metal infused ceramics) processing technology, and the subsequent performance and packaging customisation for armour system integrators. It aims to be a key global supplier and consultants for advanced protection materials


• DenseLight owns and operates an indium phosphite-based manufacturing facility, with the ability to design, manufacture, package and test photonics devices. These devices are used in a wide range of sensors such as fibre-optic gyroscopes, chemical sensors and remote sensing devices.


• Rosum Corporation is based in Mountain View, Silicon Valley. It is a location technology company in the business of augmenting traditional GPS solutions through the integration of TV-based positioning systems. Rosum TV-GPS, provides reliable and accurate position fixes indoors, outdoors, and in dense urban locations where GPS signals are completely denied.

As you can tell via the investments above, you don’t need to be in Singapore or even in Asia to get an investment from CapVista. In fact they have built a robust network centered on partnerships around the world and have established Defence Technology Offices (DTO) in the US and Europe. So if you are in Europe, fear not! the DTO (Europe) office is located in Paris. This office helps to organize and build links in places such as France, Sweden, and the UK. Perhaps not surprisingly, in the last few years DSTA was the third largest defence R&D partner after Germany and the UK.

Web 2.0 – New Terrorist Threats or Security Opportunities?

The (ab)use of emails by terrorists has been a well known issue in the intelligence industry. In the averted train-plot in Germany last year, terrorists tried to (unsuccessfully) outsmart authorities’ surveillance of email traffic by not actually sending out emails but placing them as draft messages in their account with all parties commenting on the drafted messages.
This tactic illustrates how different online tools are used now and tactics anticipating standard surveillance. The US Government acknowledges the potential dangers of social networks by saying that: "Unfortunately, what started out as a benign environment where people would congregate to share information or explore fantasy worlds is now offering the opportunity for religious/political extremists to recruit, rehearse, transfer money, and ultimately engage in information warfare or worse with impunity."

Therefore the US Intelligence Community has started analyzing “Second Life“ type communities and NSA reportedly “is funding research into the mass harvesting of the information that people post about themselves on social networks.” (New Scientist)

What is the Role of Web 2.0 Tools in Government?
Lewis Sheperd, a former senior technology officer at the US Defense Intelligence Agency and now CTO at Microsoft’s Institute for Advanced Technology in Governments, described in a podcast the deployment of social networks in government. The US Intelligence Community already started using wikis; in particular an IC-wide tool called “Intellipedia” has been massively used and deemed a success, as measured mainly by satisfaction of intelligence end-consumers, such as policymakers. Also the creation of internal blogs and RSS feeds has helped to improve quality of information as well as speedy delivery. Through an impressively fast integration of an open source tool (gallery.menalto.com), they even created an intelligent Flickr-like photo sharing platform in-house. Mr. Shepherd’s main tip for integrating web 2.0 tools by other governments was to develop these applications side by side with technologists and end-users.


Cutting Edge Technologies to Police the Web
What have we seen in this space? Three specific technologies come to my mind immediately that can be helpful in securing internet platforms from malicious behavior:

• Carified Networks from Finland is developing a collaborative intelligence tool: at the heart of the system is a wiki portal that visually represents the technical and social actors and their linkage in the scope of terrorist and criminal investigations.


• As criminals and terrorists continue to take advantage of the anonymity of virtual platforms, such as 2nd Life and online social networks (Facebook), a potential solution could be to identify users by their unique typing rhythms. The German startup, Psylock , has developed a log-in software using a typing algorithm - but perhaps a future version of this kind of technology could run in the background of chat-rooms and forums to identify suspicious users.


• Another problem of the immense data flood that is contained in forums, chat-rooms and virtual lives is instant analysis and prioritization of data – especially when written in a different language. Intuview, a cool Israeli startup tries to tackle this problem with its artificial intelligence Arab translation software. Their Arabic language NLP engine is tailored to the idiosyncratic neo-classical Arabic used by Islamic terrorists.

More Statistics about Funding Security and Defence Startups

We thought we’d share some remaining statistics about the innovators that entered the GSC last year. Approximately 51% of the startups that entered were self-funded while nearly 30% had been funded by VCs. The remaining 19% had a mix of grant or angel funding.

Of those that were funded the majority (approximately 65%) received less than $1 million, with 23% receiving $1-5 million. At the top end – those receiving more than $5 million in VC funding – comprised about 12% of our entrants. Hopefully this number increased after their involvement in the competition.

Now if we take one cross-section of entrants, for example just those who entered from the US, we see a similar pattern to the world-wide statistics. The majority of entrants (44%) are boot-strapping their companies. The next largest group, coming in at 31% of the total, is being funded with VC money. With nearly 25% startups receiving grants there is a bit of a bump over the global average. Is this because the US Government is forward leaning in supporting research and development?

Opportunity For Investors
The good news for investors is that there are a lot of unfunded security startups around the world. The Global Security Challenge 2008 will be a great place to interact with startups and to learn more about the security innovation landscape.

Cyber Defence – warfare of the future?

With the heavy reliance of military, banks and even civilians on the Internet today, it’s no surprise that criminal and terrorist activities are focusing their efforts on reeking havoc on the web these days. While it used to be individual hackers who stole credit cards and brought down webpages such as the New York Times’ site in 1998 and the White House’s page in 2001 (allegedly by Chinese hackers), now the latest attacks are much more coordinated and can be directed to attack the critical infrastructure of an entire country, as the recent cyber-attack on Estonia in 2007 showed. The sophisticated attackers used a distributed denial-of-service technique, in which “hackers infiltrated computers around the world with software known as bots, and banded them together in networks to perform these incursions. The computers become unwitting foot soldiers, or “zombies,” in a cyber attack” (New York Times)

As a result of the attack in Estonia, nearly all government ministry networks and two Estonian banks were knocked offline. Many say this was the first example of a cyber-war we have seen. The fact that the Internet often forms the critical backbone of a country’s infrastructure is also illustrated by the rumors currently circulating Cairo’s streets. After the recent destruction of an underwater telecommunication cable by a ship in the Mediterranean Sea that disrupted Cairo’s Internet access, the initial rumors interpreted this to be the first step of the USA for an attack of Iran, according to our Egypt Correspondent (M.S.).

So where is our Cyber Defence?

In 2003, the US government created the National Infrastructure Advisory Council that operates within DHS to produce the National Strategy to Secure Cyberspace, which among many other points stresses the importance of: “performing and funding research and development along with other agencies that will lead to new scientific understanding and technologies in support of homeland security.“

Following this report’s point about looking at the private sector for solutions, we can confirm the validity of working with scientists and entrepreneurs to tackle problems like this. One prime example is Iviz, an Indian startup company that has developed an artificial intelligence technology to simulate intelligent human hackers. They were selected amongst the top-6 security startups in the world by the Global Security Challenge 2007.

The Balance of Military Spending in 2008

According to IISS’s annual assessment of world-wide military capabilities and expenditures, Military Balance 2008, as the world gets richer more money is spent on defence. During times of economic prosperity it is easy to justify growing defence spending as GDP increases.

According to the heritage foundation, military spending as a percent of GDP reached a pinnacle during World War II at 34%. But right now the US spends just over 4% of GDP on defence. The percent increase President Bush asked for in this year’s budget comes to about 7.5%. Contrast this with increases of 20% and 25% year on year for China’s military spending. (Keep in mind even when you allow for the difficulty in summing up the true numbers there is still an order of magnitude difference in the billions spent by these countries.)

This amount of money gives the US a fair amount of breathing room to be creative and to try innovative methods to improve its defense technology, such as through the funding of groups like the Technical Support Working Group and DeVenCI.

Even with President Putin’s latest warning that a new arms race might break out and the dramatic increase in military spending by China is there a possibility for a dramatic uptick in percent spending for defence by the US? Excluding the significant unexpected event, unlikely. With the addition of a new administration heading to 1600 Pennsylvania Ave and the growth of entitlement programmes such as Medicare, Medicaid, and social security (numbers being thrown around suggest growth at the rate of up to 300% year on year) it’s very unlikely we’ll see a boost in the budget. It’s also unlikely we’ll see a dramatic decrease in spending. Even when we see a troop reduction in Afghanistan and Iraq, the US will replace and retool a lot of its equipment.

It appears that somewhere around 4% is the magic number that the US has found and it will be interesting to see how innovative the US will continue to be if forced to restrain its military outlay.

The EU Counter-Terrorism Strategy: how is technology involved?

The Counter-Terrorism Coordinator
After the Madrid bombings in 2004, the EU appointed its first Counter-Terrorism Coordinator, Gijs de Vries, with the ambitious mission to facilitate exchange of information about border control, the security of travel documents and to promote police and judicial cooperation.
After three years, Mr. de Vries’ resigned in spring 2007 with the International Herald Tribune stating that a “disagreement over both the mandate and competencies of the job is believed to have been a significant underlying cause of his decision to leave”.

Then in fall 2007, the EU High Representative Javier Solana, appointed Mr Gilles de Kerchove as the new Counter-Terror Czar of Europe to “coordinate the work of the Council of the EU in the field of counter-terrorism, maintain an overview of all the instruments at the Union's disposal, closely monitor the implementation of the EU counter-terrorism strategy, and ensure that the Union plays an active role in the fight against terrorism.” (EU webpage)
Solana commented that the changing priorities of this role would not amount to an expansion but rather a deepening of the post (according to the IHT).

EU Counter-Terrorism Strategy
The EU’s counter-terrorism strategy was adopted in December 2005 and commits “to combat terrorism globally while respecting human rights, and to make Europe safer, allowing its citizens to live in an area of freedom, security and justice”. (EU webpage)

Similar to most CT strategies, the EU’s strategy rests on four pillars: Prevent, Protect, Pursue and Respond. Here are a few points where these strategies touch technology and thus are related to the efforts of the Global Security Challenge.

Prevent:

• Develop common approaches to spot and tackle problematic behaviour, in particular the misuse of the internet;

Protect

• Improve the secure nature of EU passports through the introduction of biometrics;
• Make best use of EU and Community level research activity.

Pursue

• Tackle terrorist access to weapons and explosives, ranging from components for home-made explosives to CBRN materials;
• Provide technical assistance to priority third countries in order to enhance their own counter-terrorism capabilities.

Respond

• Develop risk assessment as a tool to help inform the building of capabilities to respond to an attack;

Science and Innovation as a part of the UK’s Counterterrorism Strategy

Maintaining a culture of innovation is difficult under the best of circumstances and within very big organizations and governments it is probably easier to through up your hands in frustration than to build in a system that properly finds, funds, and rewards innovators.

The role of science and innovation in the UK’s security and counter-terrorism strategy takes two forms.

"The first is about forging an environment that fosters creativity and innovation in
order to generate the knowledge and technologies that can reduce the risk from
terrorism. The second is about providing the best available scientific evidence and
advice to support Government’s aims. Science and innovation provide support, both at the strategic/policy level (Government departments) and at the end-user tactical level (e.g. emergency responders)." (UK Security & Counter-Terrorism Science & Innovation Strategy)

The UK has a strategy to use developments in science to fight terrorism that utilizes four pathways:

• Expanding a cross-departmental analytical approach to identifying Government’s research priorities;



• Horizon-scanning for future threats and new scientific developments and inventions to counter such threats;



• Working more effectively with business and academia to ensure that research is delivered and exploited through the cultivation of a strong and innovative counter-terrorism research market;



• Collaborating with international partners, allowing increased sharing of knowledge and technology.

Implementation
The Research, Analysis and Development Working Group (RADWG), has responsibility for the coordination and delivery of this strategy. The UK knows that the best way to approach this is through the cross-departmental Counter-Terrorism Science & Innovation Programme. This programme focuses on using to the fullest extent inter-Governmental research. International partnerships also enable the UK to meet its goals and a number of exchanges and groups meet to tackle this challenge together. Here are some recent examples of how the UK is using science and innovation to combat terrorism:

• Facial recognition technology;



• The development of hand-held devices for the rapid detection of chemical and
  biological warfare agents;



• Research into explosive blasts in tunnels and other confined spaces, in order to
  mitigate the effect of terrorist attacks on the London Underground.

EU View: "Technology alone cannot guarantee security, but security without technology is impossible”

The GSC team just came back from a trip to Brussels where we met with leaders of the European Commission, The European Council and European Defence Agency. We will report on a few insights about how the EU has positioned itself in terms of security and anti-terrorism. Today’s blog is about how the EU Parliament is structured to deal with security and defence issues and where any technology aspects lie within:

European Security Defence Policy (ESDP)
The idea of a common European security and defence policy mirrors the development of the Union itself as it evolved from a purely economic union to a more political union. In the Maastricht treaty of 1993, the EU incorporated the objective of a "common foreign policy", which expanded to the Common Foreign and Security Policy (CFSP) of the European Union. In 2003, the EU adopted a common European Security Strategy (ESS) that identified five key threats to the future security and stability of the EU: terrorism, the proliferation of weapons of mass destruction, regional conflict, state failure and organised crime.

Subcommittee on Security and Defence (SEDE)
The European Security Defence Policy falls under the responsibilities of the EU Parliament’s Committee on Foreign Affairs. Specifically, a Subcommittee on Security and Defence (SEDE) deals with the areas of defence and security matters, which is currently chaired by Karl von Wogau. He argues the reason why 69% of the European public is largely supporting a common European security policy “is because they are aware that they all face the same threats, such as terrorism, organised crime or regional conflicts, and they feel that the answer can only be a European one.“ (click here for his full remarks)

However, Mr. von Wogau is unhappy how the ESDP is administered and controlled. Currently all military operations are exluded from EU budgetary control and thus limit the classic parliamentary control over the executive branch. He said in the ESDP Newsletter: “this situation is not satisfactory as one should bear in mind that it is becoming increasingly difficult to distinguish between civilian and military expenditures when the EU carries out crisis management operations which make use of both civilian and military instruments. Furthermore, the principle of “costs lie where they fall” is not fair, because the EU countries are not put on an equal footing as far as military operations are concerned: some countries are willing to participate but cannot really deliver, while others are not willing at all.“ (quote)

The Role of Technology in the EU’s Security Policy?
There is a great quote by the former European Research Commissioner Philippe Busquin about how security policy and technology has to interact in order to work. In 2004, he summaried that relationship succinctly by saying: “Technology alone cannot guarantee security, but security without technology is impossible.”

Office Expansion for start-ups: a look at the office market through Porter´s Five Forces

As some of you may know, the GSC is growing and therefore needs new office space. I have had the luxury of experiencing something that most entrepreneurs must face– the dreaded office search. I am now convinced the way to make money in London is to rent offices, which the following – slightly humorous – analysis of that office-real estate market shows.

Supplier Power: High, Buyer Power: Low
Firstly, and most importantly, there is no clarity of search in London. Here there is no central location you can turn to in order to see everything that is available in the market…so they have created a high “buyer´s burden”. I´ve spoken with at least fifteen letting/leasing agents and have no good indication that I have seen most of the options that are available to us.

Competition: High, Substitution: Low
Unfortunately we´ve been told that we are looking for space at the wrong time. Because the forecast for the economy is poor a lot of companies are breaking their long term leases and renting short term “plug and play” offices. These ready to move in offices are serviced so the hassle factor is low…but as we all know, when services are involved the flexibility is increased but the prices skyrocket. As we grow we need the flexibility and can no longer work from London Business School (or out of our garages!)…so substitution options are low.

Barrier to Entry: High
If we had the money we would enter this market

I know this post is a bit unusual but we just wanted to say to all of you out there who have been through this stage of office expansion—we feel your pain.
We´d be interested to hear from any of you. How much of a burden/time spent is office expansion for a start up?

Emerging Technology Outlook: 2nd generation biometrics

As organizers of the largest innovation competition in the security world, one of the Global Security Challenge’s tasks is to map emerging innovations, such as 2nd generation biometrics. Below is a quick overview of where we stand with 2-gen biometrics such as typing behavior, gait analysis and odor sensing.

TYPING
I would describe typing biometrics as the 21st century version of the good ‘ole signature analysis. Today’s typing algorithms have been developed by converting a person’s typing attributes such as speed, rhythm, agility, corrective behavior and use of shift keys into a unique identifier. These systems are pretty advanced with heir inventors claiming their software to be keyboard-independent and continuously adapting to slightly changing typing habits. There are a couple weaknesses that remain including for example the time difference it takes to type a sentence instead of a short 6-letter password onto your PC’s log-in screen. In addition, its accuracy levels are still disputed by some government experts with whom we discussed this technology. Nevertheless, this technology is on a fast track to maturity and could have tremendous impact on commercial and intelligence sectors.

GAIT ANALYSIS
The University of Southampton has positioned itself as one of the front runners on gait-biometrics. Their prototype identified people by the way they walk with a success rate of over 90%, under perfect lab conditions. According to Computing.co.uk, the university recently built a tunnel-like system that consists of eight digital cameras, which register persons’ movements and generates 3D-models of their walking behavior. See below for a graphic representation of such a modeling, based on Professor Nixon’s research
Having reached high accuracy rates in their lab, the university is currently planning to take its system from the lab into the real world to test it under real-life conditions. Such real-life tests will be helpful to stress-test popular challenges against gait-biometrics, such as whether our walking style is affected by illness, injury or even just stress. For instance, will the system accurately recognize me while running to catch my plane as well as casually strolling through the airport lounge?

ODOR SENSING
The idea of identifying people by their smell is nothing new as we humans apply it daily (subconsciously) and even use it to find criminals taking advantage of dogs’ advanced noses. The attempt to create an electronic nose, dubbed in the industry as ENose is by creating a chemical sensor that detects the small quantities of molecules that evaporate from our body. The limitations of the current systems is that the human nose has over 10.000 sensors to detect these molecules that are processed by about 10 million sensory neurons in our brain, while ENoses in contrast operate with only 10-20 sensors and proportionally smaller number of artificial neurons. (perhaps we ask Steven Jobs to create an iNose?)

The current state of odor-sensing technology is nicely summarized by Daniel Lee, a bioengineering scientist at the University of Pennsylvania, who said in 2003: "We have cameras that can see outside the spectrum of the human eye and microphones that can detect a vibration a mile away, but in terms of chemical sensing, we are far away from what biology can do." Below is a picture of a prototype of electronic nose, by the University of Pennsylvania.
2nd Generation Biometrics – An Endangered Species
It has taken some of these technologies over a decade to get from research to a working technology, so it is crucial for disruptive technologies, such as 2nd generation biometrics, to have enough time to improve accuracy and reliability. Thus, funding is crucial now for them to overcome this first valley of dearth on the road of commercialization. An alternative to external funding is to first target commercial clients with not-so sensitive data to protect, which in addition to bootstrapping the company would act as a real-life testing bed for their beta technologies.

About the UK’s Counter-Terrorism Strategy

Laws alone will not stop terrorism, but since we must be prepared to deal with terrorism, the United Kingdom devised a strategy in 2003 (known within Government as CONTEST) for countering terrorism. With it, the UK aims to reduce the risk from international terrorism, so that people can go about their daily lives freely and with confidence. The strategy affects multiple branches of the UK government.

They base their strategy on four pillars: Prevent, Pursue, Protect and Prepare.

Prevent is meant to show people that Brits are not that bad. They plan to win heart by:

• tackling disadvantage and supporting reform by addressing structural problems in the UK and overseas that may contribute to radicalization, such as inequalities and discrimination
• deterring those who facilitate terrorism and those who encourage others to become terrorists by changing the environment in which the extremists and those radicalising others can operate
• engaging in the battle of ideas by challenging the ideologies that extremists believe can justify the use of violence, primarily by helping Muslims who wish to dispute these ideas to do so

Pursue is meant to take away the option to harm the UK and its interests by:

• gathering intelligence and improving our ability to identify and understand the terrorist threat
• disrupting terrorist activity and taking action to frustrate terrorist attacks and to bring terrorists to justice through prosecution and other means, including strengthening the legal framework against terrorism
• international co-operation by working with partners and allies overseas to strengthen our intelligence effort and achieve disruption of terrorists outside the UK

Protect is meant to reduce the vulnerability within the UK and of its assets by:

• strengthening border security, so that terrorists and those who inspire them can be prevented from traveling here and we can get better intelligence about suspects who travel, including improving our identity management
• protecting key utilities by working with the private sector
• transport; reducing the risk and impact of attacks through security and technological advances
• crowded places; protecting people going about their daily lives
  

Prepare is meant to ensure that the UK can mitigate the effects of an attack and can find the perpetrators:

• identifying the potential risks the UK faces from terrorism and assessing their impact
  building the necessary capabilities to respond to and attacks
• continually evaluating and testing our preparedness, including through identifying lessons from exercises and real-life events

Next week we will report on how innovation and technology fits into this strategy for combating terrorism. To read the full version of the official strategy document, please click here: Countering International Terrorism

An Innovative Way of Funding Startups: Israel's Chief Scientist

The Office of the Chief Scientist (OCS) is part of the Ministry of Industry, Trade & Labor of the State of Israel. Several other ministries also have a Chief Scientist - such as the Ministry of Defence and the Ministry of Public Security (MOPS) – who might be of the interest to security start-ups. However, it is really the Chief Scientist of the Trade Ministry who is the main player for startup funds as he holds a significant budget of ca. $300 Million and runs several programs to support entrepreneurs in Israel. Israel’s current Chief Scientist is Dr. Eli Opper, who combines a career in venture capital (Tel Aviv’s Giza Ventures) with long experiences in industry at RAFAEL, a quasi government company that develops military technology.

"Through grants and loans, the OCS has been delivering critical seed funds to select Israeli R&D companies; allocating more than NIS 1.2 billion [$300m] in 2006 alone", as reported by JPost.com. However, the budget has been under pressure in the last few years and lowered to $279 million in 2006 from its highest level of $440 million in 2000. (see graph below)


As pointed out by David Anthony, a member of Israel’s VC community, the OCS grants to not only provide financial help to the entrepreneurs, they act also as “a source of validation for new technologies. Governments conduct rigorous due diligence and other criteria tests prior to handing over any money. Investors understand this fact and naturally prefer a technology that a local government body has committed to financially.“

A novelty in the area of governmental funding of innovation is that the OCS can actually make profits with its grants (of “The R&D Fund”) as they receive royalties on sales if a startup becomes a commercial success. These royalties received are then used to fund future grants. In other words, the OCS uses the proceeds of its investments to fund its own programs, not just relying on governmental finances.

Overview of The Main OCS Programs

1. The R&D Fund:

• open to all Israeli registered firms wishing to engage in technological research and development
• annual budget of $250 million is spent on about 800 projects being undertaken by 500 companies
• grants are provided as a percentage (up to 50%) of the total approved R&D expenditures
• grants are a 'conditional loan' – in case of a technological and commercial success, it is subject to royalties (3% – 5% of the sales); in case of non-commercialization no repayment is required.

2. Technological Incubators:

• to enable novice entrepreneurs with innovative concepts to translate those ideas into commercial products and to establish their own company
• there are 24 technological incubators in Israel with approximately 200 R&D projects being carried out at any given moment
• program has an annual budget of $30 million
• grants provide 85% of the approved R&D expenditures (budget of $350,000 to $600,000 for two years), with the remainder to be invested by the incubator itself.
• grants are soft loans to be given back by the incubators, in case of commercial success only.

3. Pre-seed Fund – the TNUFA Program:

• encourages and supports technological entrepreneurship and innovation by assisting individual inventors and start-up companies during the pre-seed stage.
• support includes assistance in evaluating the concept's technological and economic potential, patent proposal preparation, prototype construction, business plan preparation, establishing contact with the appropriate industry representative, and attracting investors
• Grants are up to 85% of approved expenses are available to a maximum of $50,000 for each project.

Additional Programs for Generic R&D
The OCS also runs several programs that support basic and applied research in generic technologies. These programs, such as MAGNET, MAGNETON and NOFAR, are normally conducted together with academia and research institutes and industrial players.

The above information is taken from the 2007 report “The Intellectual Capital of the State of Israel“

NaCTSO’s November 2007 Statistics on Business CT Needs

A Closer Look at the UK Home Office’s NaCTSO

NaCTSO, which is funded and operated by the Association of Chief Police Officers, is the National Counter Terrorism Security Office. These brave souls are charged with partnering with the Security Service to reduce the impact of terrorism in the UK.

The UK’s Counter Terrorism Strategy (or CONTEST) focuses CT efforts around four pillars – those of Prevent, Pursue, Protect and Prepare. NaCTSO apparently focuses on the latter two pillars. According to the Home Office website, NaCTSO aims to:

• Raise awareness of the terrorist threat and the measures that can be taken to reduce risks and mitigate the effects of an attack,
• Co-ordinate national service delivery of protective security advice through the Counter Terrorism Security Adviser (CTSA) network and monitor its effectiveness,
• Build and extend partnerships with communities, police and government stakeholders,
• Contribute to the development of national and international Counter Terrorism policy and advice.

NaCTSO Statistics Imply Good Business Interaction
NaCTSO released statistics taken from a questionnaire sent to MLEs . Of those surveyed some very interesting data for security entrepreneurs arose regarding opportunities in the UK. They asked:

• Is your business currently undertaking any counter-terrorism protection measures in relation to areas with high concentrations of people?
  29% of the respondents said No and an overwhelming majority of 71% replied Yes
• Are you undertaking these measures in consultation with parties outside of your businesses?
  71% Yes
  5% No
  24% Don’t know
• Please specify the general nature of these measures:
  Building protection 57%
  Personnel protection 43%
  Business continuity 65%
  Security perimeter 47%
  Vehicle Barriers 31%
  Staff training 56%
  Glazing protection 34%
  Protected space 21%
  CCTV 59%
  Other 13%
  

Help for (security) SMEs by European Commission

Financial Support for Security Research

Last year the European Union recognized the need and importance of helping innovators in the security sector, by announcing that as part of its EU Framework 7, €1.4 billion would be set aside to fund security research. The specific areas of technology solutions to be highlighted include civil protection, bio-security, protection against crime and terrorism.

Goal to Encourage Security Entrepreneurs
Also, under the EU's current Competitiveness and Innovation Framework Programme (CIP) that runs until 2013, the need to support innovations AFTER they leave the research lab and enter the start-up phase was rightly recognized. “With regard to technological innovation, SMEs should be encouraged to become involved in high-technology sectors such as space and security“ (full programme online here) Unfortunately it is not clear how exactly the EU (in particular the Commission) plans to assist SMEs in the security sector.


General EU/EC Support for SMEs
On the positive side though, the European Commission’s Directorate General for Enterprise and Industry has already done a lot of work to support entrepreneurs in general - sector independent. In addition to creating an online portal with information for entrepreneurs (click here for the SME Portal at EC), it created a specific investment fund and offers grants and advice. The current CIP allocated a budget of over one billion Euros for SMEs, "...which should leverage around 30 billion euros of new finance for SMEs.” (more info on CIP)

Analysis of Existing Programs and Gaps
So, there are many effective EU-supported programs that help entrepreneurs. However when you look at an analysis we conducted last year (see chart below), it becomes apparent that there is a gap in support for pre-VC entrepreneurs in the security sector. Security innovators operate in a market that has its own specific barriers and they need access to sector specific advice and financial support.

GSC Conference Trailer (2007)

We opened the GSC 2007 with a short "James Bond" spoof to acquaint the audience with our project in a short and hopefully humerus way. In our short clip, M. and 007 discuss the Global Security Challenge. Enjoy! Click here to watch the clip

GSC in the News Roundup

The Global Security Challenge received great press coverage in the past few weeks. Here is a quick summary with a few soundbites:

Mission for James Bond's Q: seek venture capital ´

"...MBA students at London Business School staged the inaugural security challenge last year, when British start-up Ingenia Technology took the $10,000 first prize for an anti-counterfeit laser-scanning device. Such was interest in the competition that the U.S. government's Technical Support Working Group raised this year's prize to $500,000"

(by Mark Trevelyan, Reuters, 26.11.2007) Click here for full story

Business Competitions - Where Big Ideas Bring Big Bucks

"Specifically designed to help start-ups in the booming post-September 11 security field, the second annual competition increased the prize money from $10,000 to $500,000 (thanks to the Technical Support Working Group at the U.S. Defense Dept.) making it "the biggest business plan competition in the world ..."

(by Alina Dizik, November 2007) Click here for full story

The Global Security Challenge

"The Technical Support Working Group, a technology coordinating organization co-chaired by the U.S. Departments of State and Defense, is a co-sponsor of the Global Security Challenge (GSC), a competition managed by MBA students at London Business School..."

(Office of the Spokesman, November 6, 2007) Click here for full story

Some of the GSC Startups Mentioned in the Press Recently:

"iViz, recognized as one of the Asia's top 5 security startups in the Global Security Challenge held by London Business School in September 2007," (Red Herring, January 2008)

"NoblePeak Vision Win’s Grand Final of Global Security Challenge 2007" (Security Magazine, November 2007)