Monday, March 31, 2008

The DHS Inspector General Takes a Look at Airport Security


The Office of the Inspector General at DHS recently released an unclassified summary of its undercover testing of airport screening, entitle an Audit of Airport Passenger and Checked Baggage Screening Performance. The OIG evidently sent in undercover agents to an undisclosed list of airports from May to August of last year. (you can read report here DHS OIG report)

The report doesn’t get in to the specifics of the experiment but you get a sense that if the IG presented TSA with six recommendations then there was probably something they could be doing better. TSA responded by thanking the OIG for it’s thoughtful oversight and replied that in April of 2007 they implemented

“the Aviation Screening Assessment Program to create a more systematic framework to assess the effectiveness of the screening process and provide statistically sound data. This program performed thousands of covert tests at airports nationwide in 2007. Under separate training programs, TSA conducts over a thousand covert tests for IED’s and almost 70,000 electronic image tests— every day.”

A lot of people are claiming this is primarily a people problem, that you must make screeners happier in their jobs and they will do a better job. If you take into account that 1.1 million people enter the US every day and there are rumours flying of a goal for screeners of 200 people/hour this is as clear a case as I have ever seen for an increased reliance on technology.

How could we expect any person to have the focus and the vigilance for 100% perfect screening while trying to cut down on queuing times? What we need is better technology that is less reliant on human manipulation. We wouldn’t use a calculator to manually fill in a spreadsheet, right?! We would use excel. So why do we rely so heavily on manual labour in airports? Because the technology just isn’t there yet.

Apparently in TSA agrees, and stated in the audit that in 2008 they will be introducing an improved screening checkpoint that focuses on three initiatives: “(1) improving hostile intent detection by reducing routine travel “noise” and focusing on telltale behavior; (2) deploying proven technology to screen for explosives on passengers and carry-on bags; and (3) reducing congestion and engaging passengers at more points in the journey—directly or indirectly.”

Monday, March 24, 2008

Standoff Detection - what are the benchmarks for such technologies?

One of the most difficult problems to solve in security technologies in the ability to know whether a person holds or a vehicle contains explosives. As we discuss standoff technologies today let’s first make sure that we are talking about the same thing.

Remote detection technologies allow personnel to respond to the threat of a suspicious object by taking a sample or a ‘sniff’ up close. This affords the luxury of getting results from a safer, remote distance. These remote detection technologies are not the technologies we’ll talk about today. While very important, today we are looking at situations where both the responder and the technology are removed from the situation.

There are many options in designing a standoff detection system. Should the sensor sniff for chemicals (in any stage of life) or should it rely on detecting different parts of the bomb such as wires or triggers. Also should it be ground based system or what about an air borne platform?

Last month TSWG posted requirements of its explosives subgroup. Their requirements should be a good benchmark for what standoff detectors should meet if they will bring innovation to this area. Here are the goals listed for explosive detection in vehicles:
And TSWG's requirements for explosives carried on someone’s person:
If your technology meets or exceeds these requirements you should enter the Global Security Challenge 2008.

Monday, March 17, 2008

Exit Opportunities for Security Startups Look Bright

VC Money is Sign of Healthy Exits
We blogged last week about the availability of VC money for security startups. The selected entrepreneurs who made it to the final rounds of the Global Security Challenge collectively raised over $19 million following their participation. In a recent article in Red Herring, Cassimir Medford confirms the vitality of fundraising for security technology citing the example of Proofpoint -- an email security startup. This is a good sign for healthy exit opportunities in this market, because VCs typically only invest in startups they believe will earn them exit with a return of at least 10-x-cash,.

IPO as a Viable Exit Opportunity?
While current market conditions for an initial public offering are difficult for any startup, security startups have had a mixed scorecard. The fingerprint and hand-scanning company Cross-Match withdrew its filing for an IPO in January 2008, citing an unfavorable market environment. Broadview Networks, whose solutions ensure protection of critical data and networks, is still on track for its IPO in 2008. It filed for an IPO on Nasdaq in November, aiming to raise $288m. Sourcefire experienced a fast path to a successful IPO. The network intrusion detection startup was founded in 2001 and just 6 years later completed its IPO, generating $86.3 million.

M&A the More Attractive Alternative?
It is every entrepreneur’s dream to take his idea to IPO, but realistically the recent corporate acquisitions of security startups show a very active market that may prove the better route for security entrepreneurs.

Lately a bunch of acquisition deals for IT-security startups have happened with high valuations and hence nice payouts for the founders and investors. Cisco Systems spent almost a billion dollars last year for acquiring IronPort ($830m) and Securent ($100m). Not surprisingly, Google also went on a shopping tour and bought the on-demand web security firm Postini for $625 million last July.

However, IT-security startups are not the only hot acquisition targets as physical security technologies, such as biometrics and video surveillance, appear on the buying lists of industry leaders. In January 2008, L-1 Identity Solutions bought the finger-scanning company Bioscrypt for $44million. Neither are these deals contained only to the US, as the Israeli video surveillance company NICE bought Actimize for $280 million in July 2007 – a nice pay day for an 8-year old startup, no?

Wednesday, March 12, 2008

UMD is named American Partner University of the Global Security Challenge 2008

We are happy to announce that the University of Maryland is the 2008 host of the American leg of the Global Security Challenge. The University of Maryland is a world class institution widely recognized for its work in the areas of national security. It is ranked among the nation's top 20 public research universities, and its close proximity to DC makes it a convenient starting point when you want to reach some of the most influential decision-makers in security technology.

Last week we blogged about IARPA moving to UMD. Senator Barbara Mikulski commented on that by saying, "I can think of no better place than the University of Maryland for IARPA's headquarters. Its innovative academic research, world-class facilities and proximity to federal intelligence agencies make it an excellent choice."

To name a few reasons for its well deserved reputation, the university performs research within its campus against different aspect of national security:

We echo the words of Congressman Ruppersberger, who as chair of the House Technical and Tactical Intelligence Subcommittee, stated "…the University of Maryland will continue to be a center for technology and innovation that will keep our country safe."

This is exactly the type of forward thinking we support and we applaud the University of Maryland’s focus on national security-related research. Stay tuned for an announcement of the date of the GSC’s American Regional and for details about how you can attend.

Monday, March 10, 2008

Global Security Challenge's finalists raise over $19 million in new capital

The Global Security Challenge (GSC) is proud to announce that our finalists and winners from the last two annual competitions have subsequently raised $19.6 million in new venture capital, grants and angel investments. This is in addition to the important grant that TSWG of the US Government awarded last year’s winning entrepreneurs.

Our top-selected startups also have secured large contracts with government clients, such as the US Department of Energy, the US Navy and the US Department of Defense, and with industry behemoths, such as Siemens and Bayer AG from Germany.

There is clearly the potential for a company to accelerate it’s growth timeline via involvement in the GSC. The success of our entrants validates our global competition. Two recent examples illustrate this intricate relationship between the Global Security Challenge and “our” startups.

Vumii – a video surveillance software and finalist of 2006 raised $3.9m in funding last year and contributed a lot of its success to the GSC. The CEO of Vumii, Randal Foster confirms this by saying: “As a direct result from our participation in the GSC, Vumii acquired increased global credibility and benefited from greater global brand recognition from the investment community, security solution community, and potential employee population."

As reported in the press, the GSC winner of 2007, NoblePeak Vision, announced last week that they raised $12 million in a funding round, led by Chart Venture Partners of New York. With Matt McCooe from Chart Venture Partners being an active supporter of the GSC for years, we are extremely pleased about this startup-investor match. (Picture below shows Matt McCooe on the left as a panelist at last year’s GSC conference in London)
Cliff King, NoblePeak’s Founder and COO, told us "Customer interest in our night vision technology soared from the publicity we received after winning the 2007 GSC. As a direct result we are now developing new camera systems with major OEM's and systems integrators for market launch at the end of 2008".

Wednesday, March 5, 2008

IARPA... Open for Business

It has been called the spy-version of DARPA, but the Intelligence Advanced Research Activity Project or IARPA has opened on the campus of the University of Maryland, a partner university of the Global Security Challenge. IARPA (pronounced EYE-ar-pah) is charged with developing groundbreaking technologies for the U.S. intelligence community. Right now it’s housed within UMD’s Center for Advanced Study of Languages but is planning on moving into its own building (being built on campus) by 2009.

This research agency consolidates the National Security Agency's Disruptive Technology Office (previously called the Advanced Research and Development Activity), the National Geospatial-Intelligence Agency's National Technology Alliance, and the Central Intelligence Agency's Intelligence Technology Innovation Center.

Surprisingly (or perhaps unsurprisingly because it’s DC) there are mixed opinions about IARPA. It does appear as one more way in which the CIA’s power is being subsumed, but on the other hand if IARPA can be more effective why not give it a try?

Back when Steve Nixon who is the current Deputy Associate Director of Science and Technology in the DNI’s office, was the acting director of IARPA he said in reference to the technologies coming out of IARPA, “The world has changed in dramatic ways with globalization of technology. These are the things that might not get done otherwise."

The good news for the new director of IARPA, Lisa Porter, is that she will report to Steve Nixon in the DNI’s Office. So straight off the bat she knows she’ll be reporting to someone who understands and supports her agency. Your columnist has been searching the web for a sense of the competence of Ms. Porter and found mostly positive comments left on blogs by those who have come into contact with her. (to read some the comments, click here)

One thing that is sure is that centre is located in on the campus of a university that is very much linked into this area. More about UMD soon…

Monday, March 3, 2008

German spy software gets a limited ”Go“

The Constitutional Supreme Court of Germany (Bundesverfassungsgericht) decided last week that the online investigation of a suspect’s computer is permissible under the German constitution. Technology-wise, this would mean that the police can purposefully infect a suspect’s computer with spy software (a so-called Trojan) that would relay information on that person’s hard-drive back to the police.

The Ministry of the Interior will soon implement this decision into the criminal code of law and the police’s investigative practices. The court’s decision does not give the police ”carte blanche“ to spy on people. Instead they deemed that this type of cyber spying is a violation of privacy rights and is only acceptable in exceptional cases and only under the supervision of a judge. As reported by Spiegel, Wolfgang Schäuble, the German Minister of the Interior, already tried to calm the public’s fears by saying this new instrument will be applied in only a “few, but critical cases”.

Yesterday, he again reminded the public in an interview about the imminent danger Germans face, underscored by intelligence agencies who concluded that Germany is a target for Islamic terror and that Al-Qaeda’s leadership has made the decision to prepare for attacks against Germany.

The BBC pointed out the irony of this advanced but intrusive technology to be applied in a country that has “a historic fear of state intrusion, dating back to the Stasi secret police in the East and the Nazi-era Gestapo.” According to the BBC, this new law makes Germans “the most spied upon people in Europe”.