When a cyber-attack forced the shutdown of Colonial Pipeline’s entire gasoline pipeline system last spring, the embattled company turned to Maryland-based Dragos, Inc., a cybersecurity firm that focuses on industrial control systems. Founded as a startup in 2013 in Maryland’s Howard County, Dragos now is considered to be one of the world’s premier cyber defenders for industrial infrastructure. Just two years in, Dragos investigated the first successful attack on a national power grid, the one that occurred in 2015 in Ukraine.
“Unfortunately, the Colonial Pipeline people hired Dragos after the fact,” says Vince DeFrancisci, director of cybersecurity and aerospace at the Maryland Department of Commerce. “Had they hired them before the breach,” he says, “they might have avoided some disasters.”
As it turns out, a devastating ransomware attack can be alarmingly easy and inexpensive to pull off. In the case of Colonial, whose outage compromised the East Coast gasoline supply, the investigation found that it resulted from a single employee’s compromised password, possibly gleaned from a mailing list purchased for as little as a few hundred dollars. It’s a measure of the threat that’s out there that just about anyone can do it.“
Email lists, malware and a launcher. You just need to know where to get that stuff, and it really doesn’t take much skill,” says Melissa Kaiser, co-founder of SOCSoter, another Maryland-based cybersecurity firm. “It’s easier to rob a bank through cyber methods,” says Kaiser, “than to do it with a gun and a mask.”
Maryland, dubbed by Gov. Larry Hogan as “the Cyber Capital of America,” is creating a growing cadre of leading-edge cybersecurity firms such as Dragos and SOCSoter, companies devoted to safeguarding everything from critical infrastructure to grandma’s bank account. They also include Cisco Talos Intelligence Group, founded in Columbia as Sourcefire and sold to Cisco in 2013 for $2.7 billion. Headquartered now in the recently developed enclave of Fulton, and with employees around the globe, Cisco Talos has evolved into the world’s largest commercial threat intelligence group.“Mary
land has a ton of companies that work in cybersecurity,” says Matt Watchinski, an early employee at Sourcefire, now vice president of Cisco Talos, who oversees ongoing threat research, intelligence and incident response activities. “If that’s what you want to do, this is the place to be. We’re not Silicon Valley, but we’re a pretty cool place.”
Spy vs. Spy
At shops like these, you hear a lot of talk about “the bad guys.” As in, they are out there.
“I get to chase bad guys every day,” says Watchinski. “It’s cool to be involved in the security of the world.”
For sure. But how do you do that?
“We have SOC [Security Operations Center] operations that are watching our customers and keeping them up to date with what the bad guys are doing,” says Watchinski. “We have people that work directly on new products, because bad guys come up with new malware campaigns every day and we have to protect against that. I have a development organization that works on building both big data applications and cloud applications. I also have an incident response team to get feet on the ground to respond to an incident that’s going on inside a company, find the bad guys and throw them out.”
SOCSoter’s Kaiser says her operations team, which functions as a cyber supplement to small and medium-sized businesses, has human eyes scouring for threats via the company’s proprietary software 24/7.
“We look for the precursor of an attack,” she explains, “Like, why is the CEO of your company logging in from Singapore and then two hours later from France? We see suspicious activity and we take a closer look at it, because there could be something bad underneath.”
"It’s cool to be involved in the security of the world."
— Matt Watchinski, VP, Talos Cisco
Having developed its own systems rather than purchase them off the shelf (as is not uncommon, says Kaiser), SOCSoter (pronounced SOCK-SOTER) has a demonstrated streak of independence. Kaiser, a West Point graduate and lieutenant colonel in the U.S. Army Reserves, says that operating out of reasonably priced Hagerstown has allowed the 25-employee enterprise to skirt the need for investors who might come with competing visions.
“We build our own cyber tools and platform so we don’t have to be beholden to anyone. We can design our own roadmap to help protect small businesses,” she says. “We want to be fully autonomous, and we can do that here.”
The Fort Meade Effect
These vibrant enterprises have not emerged in a vacuum. Ahead of many other states, Maryland has nurtured cybersecurity as a target industry for economic development and job creation.
“Our state made a firm commitment to the industry years ago, and really planted the flag,” says DeFrancisci, who heads the state’s efforts to promote the industry.
It makes sense in many ways, not least because when it comes to building out a cyber sleuthing hub, it certainly doesn’t hurt to be the home of the U.S. National Security Agency, the world’s largest collector of signals intelligence. NSA shares Fort Meade, Maryland, in suburban Washington, D.C., with the U.S. Cyber Command and the Defense Information Systems Agency. Together with the nearby Department of Defense and CIA, it’s a built-in cyber community of truly massive proportions, and an ample source of talent.
“You get a lot of people who have come through the Fort and then they’re looking for change,” says Watchinski. “They’ve gone through that wonderful taxpayer funded education, and they’re some really talented people.”
The University of Maryland is all in. UMD houses both the Cybersecurity Centers of Excellence and the newly opened Quantum Startup Foundry. Its UMD Discovery District is an intersection of government, academia and businesses across industries that include cybersecurity.
“Maryland,” says Watchinski, “just has a great cyber community. It has amazing places to live and a great education system where we’re involved in promoting cybersecurity careers. And it’s relatively cheap.”
The perfect place, as it were, to chase the bad guys.
“I love,” Watchinski says again, “chasing bad guys.”
This Investment Profile was prepared under the auspices of the Maryland Department of Commerce. For more information, please contact Vince DeFrancisci at vince.defrancisci@maryland.gov.
