The discovery of the offensive cyber weapon ‘Stuxnet’ in 2010 proved to be a watershed event for both the cyber espionage and sabotage domains, now collectively referred to as cyber warfare.
‘Cyber warfare’ is ‘the action by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption’. However, the term also refers to ‘attacks between corporations, from terrorist organisations, or simply attacks by individuals called hackers, who are perceived as being warlike in their intent.’
From a business perspective this offers opportunities for interested players, in both offensive and defensive arenas.
From a business perspective this offers opportunities for interested players, in both offensive and defensive arenas
The recent rise in cyber crime has further increased the market size for this sector.
The size of the global cyber weapons market is estimated to be in excess of $400bn as of 2016 and is expected to increase by 5pc annually.
Customers for such products mainly include government organisations, the military, public utilities such as electric grids, communications, and financial companies; mainly focused on defensive and anti-intrusion systems. The market has two segments with the defensive segment accounting for almost 80pc of the market size.
Based on the way technology is moving, the objectives of cyber warfare have become much more aggressive, and it is essential that we as a nation develop indigenous defensive and offensive technology, not just as a business but also as a national strategic asset.
Is there an opportunity in this market for the Pakistani IT sector? Probably yes, but it depends on whether Pakistani companies are willing to stake a claim in this well entrenched, technologically advanced and extremely challenging market.
Development of this niche is in no way similar to developing a web application or running a BPO contract. A case in point is a recent $460m contract awarded by US Cyber Command to various companies with the objective of developing cyber weapons possessing deadly force.
On the other hand, entry in this domain would require serious management thought and business canvassing exercises to initially understand the market scenario and dynamics along with significant commitment of funds for research and development. It would not be wrong to say that this is a research and development based market.
A company willing to stake a claim in this market would be well advised to start-off with defensive products at a smaller scale and test the waters with products related to antivirus, internet security and password management to understand the level of research and resources required for the defensive cyber warfare market. Success in this endeavour would enable one to move to the next level of product suite.
Defensive security products are freely available in the market and cloning them could be a reasonable business strategy to get a foothold in the market and understand the technology. Products could be developed keeping in mind prevalent operating systems and platforms and marketed to relatively newer markets at discount to going rates.
However, the issue of skilled human resource and the ability to develop research based products which require a time commitment would be challenging impediments to mount. With the number of CS programs being run in national universities, this should perhaps not be an issue, but unfortunately is, and constitutes food for thought for our universities.
The domain of offensive security products is rather different from that of defensive products and is expected to grow significantly given the increasing interest in this field.
The dynamics of this market are significantly different from those of the defensive cyber security market. This is again a highly research oriented domain requiring specialised skills which are in much demand internationally.
Ethical hacking, penetration testing skills and extremely strong coding skills with both low level and high level languages would form the basis for developing a position in this market.
Moreover, the offensive cyber warfare sector is driven by requirements given by the customer.
Given the expected growth in this market and the recent increased global interest in defensive and offensive security products, along with the need to develop a strong national cyber defensive and offensive capability, our companies should look towards creating a presence in this field with a focus on research and development.
Published in Dawn, Business & Finance weekly, December 12th, 2016