2. Requirements Who are the potential customers for a weekly newsletter summarizing and analyzing trends in various cyber threats and for tailored intelligence briefings in the United States (US) and the European Union (EU)? Who are GreyLogic’s competitors and how deep is the market penetrated by them? What are the “best practices” among companies providing timely intelligence to private and government clients in the US and the EU? Competitors' services' pricing structure from a starting company to a mature business. What types of products and services do these companies provide? What is the companies' marketing strategy? 2
11. Key Findings The best markets for a weekly cyber intelligence brief are likely: Large US government agencies and secondly large private companies with, Cyber or national security missions Services provided through IT European market highly fragmented Diversity – numerous separate markets Best markets within EU: UK and countries in Russia’s sphere of influence, such as Estonia and Poland 5
12. Key Findings 51 Total Organizations Government : 17 Private Sector: 23 Academia: 11 United States: 35 European Union: 16 Source: Created by analyst 6
19. i.e. Cyber Security Management Center, Defense Information Systems Agency 9 out of 17 rely on private companies or Information Sharing and Analysis Centers (ISACs) for cyber security services 8
20. Customers - Government Top Five Government Customers Cyber Security Management Center (CSMC) Defense Information Systems Agency (DISA) Department of Energy (DOE) Department of State (DOS) United States Postal Service (USPS) 9
21. Department of State Contact Information: Susan Swart, Chief Information Officer, Phone: 202-647-2889 Charles D. Wisecarver, Deputy Chief Information Officer, 202-647-2863 Robert K. Nowak, Director of IT Infrastructure, 202-647-1001 John Streufert, Director of Information Assurance, 703-812-2500 Cheryl Hess, Director of Information Security Programs for the Bureau of Diplomatic Security, 571-345-3080 Organizational structure of Dept. of State contact persons. Source: Created by analyst 10
22. Department of Energy Contact Information:Patrick FerraroDirector of the Office of Headquarters Procurement ServicesPhone: 202-287-1500Fax: 202-287-1451Email:patrick.ferraro@hq.doe.gov Roadrunner, the world's most powerful supercomputer, is located at DOE’s Los Alamos National Laboratory. Source: Department of Energy 11
23.
24. Large companies that recognize the importance of IT to their mission, like eBay, Facebook, and Twitter are likely to invest in cyber threat prevention12
25. Customers - Business Top six private sector customers Western Union Arsys Ebay Facebook LiveJournal Twitter 13
31. Customers - Academia Top five customers in academia CyLab at Carnegie Mellon University (US) Tallinn University of Technology in (EU) Georgia Tech Information Security Center (US) Center for Applied Cybersecurity Research (CACR) at Indiana University (US) Center for Computer Security and Research (CCSR) at Mississippi State (US) 15
32. Competitors 16 20 competitors identified No direct competitors Closest competitors iDefense Labs (US) iSIGHT Partners (US) SecureWorks (US) More demand for cyber security than intelligence 12 out of 18 US competitors were located in Washington, DC
33.
34. Market Penetration United States Government market highly penetrated Private sector emerging market with fast growth Private sector comprises of 85 percent of the nation’s cyber infrastructure Increase in cyber attacks, especially against businesses – larger financial losses Demand for cyber security – not intelligence European Union Primary untapped and fragmented market 18
35. Industry Best Practices Service Pricing Unavailable – gradual pricing Products and Services Training Security Policy Engineering 19
36. Industry Best Practices Marketing Strategies Strategic Alliances Online Community Building – Industry Visibility 46 percent of sales directly from vendor according to Trusted Strategies 20
37. Contact Information Henry Peltokangas(814) 823-3400hpeltokangas@gmail.comhpelto28@mercyhurst.eduJustin Smithjsmith16@mercyhurst.edujmsmith16@gmail.comJennifer Jarema(216) 316-1016jenniferjarema@gmail.comjjarem63@mercyhurst.edu Chris Dyakon(814) 392-9307chrisdyakon@gmail.comcdyako57@mercyhurst.eduAustin Ewing(814) 598-0035aewing56@gmail.comaewing56@mercyhurst.eduPerry Avery(330) 348-6916perry.avery@gmail.comCarolyn Venditti(717) 448-4693carolyn.venditti@gmail.com 21
Editor's Notes
The size of the company was identified to be an important factor because…More funding – resources to utilize such servicesDesignated team/unit for cyber security and related topics and executive level to consume intelligence85 percent of small and medium businesses do not have a staff dedicated to IT security72 percent do not have formal internet security policiesNo staff, no time, no perceived need…GovernmentTop 5 potential customers were all governmentAccustomed intelligence consumerIs likely to have the executive level at which to consume intelligence, and designated team for IT securityPrivate businessesAre aware of their cyber security needs - mission is IT dependent: eBay, Facebook, Twitter
9 out of 17 government agencies have been attacked CSMC (Dept. of Transportation), DISA, DOE, Dept. of State, USPS, NASA, FBI, Staff Department of Intelligence and Security, French Networks and Information Security Agency (FNISA) 7 of those 9 were US government 14 out of 17 government agencies are the highest value targets, all are US agencies CSMC, DISA, DOE, Dept. of State, USPS, FBI, HHS (high, 3 out of 3) NASA, FNISA, NTIA, Staff Department of Intelligence and Security, Federal Criminal Police Office, ITA, Netherlands Military Intelligence and Security (moderately high, 2 out of 3)
12 out of 17 government agencies have IT- or national security-centric missionsCSMC, DISA, DOE, Dept. of State, FBI, FNISA, NTIA, Staff Department of Intelligence and Security, Netherlands Military Intelligence and Security, UK Cyber Security Operations Center, Brigade of Technological Research, European Network and Information Security Agency (ENSIA) 9 out of 17 government agencies rely on private companies or ISACs for cyber security services CSMC, DISA, DOE, Dept. of State, USPS, NASA, HHS, NTIA, ITA
Because the State Department is so large, there are multiple individuals that have IT security roles. Their places in the overall structure of the State Department are shown in the chart.
