Cyberattacks can come from anywhere, any time and in many forms. So how does the cybersecurity industry defend against such an enemy?

By planning for everything. Smartphones, tablets, thermostats, industrial controls and other gear connected to the Internet are vulnerable.

“The hackers we are trying to stop generally specialize in one type of platform they are targeting, but we have to protect everything from a cyberattack,” said Kathy Boe, CEO of Boecore Inc., a Colorado Springs-based defense contractor. “While only a fraction of what we do is cybersecurity, probably between one quarter and one half, there is a lot of overlap between the information technology, satellite communications and cybersecurity elements.”

Boecore’s answer to battling a diverse enemy was to create a type of engineer that combines the skills of cybersecurity with software development by training workers in each area of expertise in the other area, Boe said. The Software and Cyber Capability Practice Group was created to help Boecore, which employs 240 people and specializes in software development, information technology and cybersecurity, grow its strongest niches and win more government contracts.

Kathy Boe, CEO of Boecore Inc.

One of the fastest-growing markets for cybersecurity is using a team of technicians and engineers to find and eliminate intruders on corporate networks.

Colorado Springs-based root9B has targeted that sector with a $2 million operations center downtown. The company employs 70 people and is expected to grow by 50 percent this year to help clients that include large corporations in the financial, aerospace, industrial control and retailing industries supplement their cybersecurity defenses.

“I believe that cyberattacks represent the No. 1 threat to the U.S. Our niche is manned information security. A thinking, active human adversary has developed the intelligence needed to know what sensors and capabilities their target has deployed, will train for those defenses and develop new attack tools, technologies and procedures that even the best practices cannot defend against,” said Eric Hipkins, root9B’s CEO. “An automated solution will always be defeated by a human adversary. We serve as a supplement to the current secure posture of our clients.”

The sheer connectivity of the world has helped spur rapid growth of the cybersecurity market.

The industry has grown so fast — global spending on information technology security was estimated at $75 billion last year — that analysts estimate the worldwide cyber market to be about the same size as the U.S. furniture manufacturing industry.

MarketsandMarkets predict the cyber market will more than double to $170 billion by 2020. That is about $20 billion less than the estimated size of the U.S. air transportation industry.

The cyber market is fragmented into five sectors, which means dozens upon dozens of industry players who do some level of cybersecurity, Frank Backes, CEO of Braxton Science & Technology Group, said in a report to Colorado Springs Mayor John Suthers. The primary categories are consumer and small business; business and enterprise security; industrial defense; military and intelligence; and cyber defense testing, though customers and industry have plenty of overlap, Backes said.

While Colorado Springs companies operate in all five markets, many of the local players focus on military and intelligence because much of the local cybersecurity industry personnel work for one of the 240 aerospace and defense contractors with operations in the region.

But the Springs area is attracting a growing number of companies focusing on the business and enterprise security market to help firms in financial services, retail, communications and other industries secure their internal networks and protect sensitive customer and corporate information.

Backes said defense software developers have changed their focus in response to high-profile data breaches in recent years as vulnerabilities through employees and suppliers with network access left data largely unprotected.

Developers of the past began software creation with functionality and added a cybersecurity layer to the finished product. Now, security is built into the base-level design of software, and functionality is added later.

“Once the firewall or perimeter is breached, there is nothing to protect data on the inside” in many networks, Backes said. “A deadbolt lock doesn’t protect your valuables if the burglar is already inside your house. You need a safe to protect the valuables. The new (approach) protects high-value data from inside threats by enhancing security around that data, much like a safe protects valuables. You need additional protection for your data that is separate from the network.”

Contact Wayne Heilman: 636-0234

Twitter @wayneheilman

Facebook Wayne Heilman