American Innovation Reads

Some materials about successful industrial/applied research labs. I recommend all of them.

Dealers of Lightning. The definitive book about PARC.

Inside PARC: the ‘information’ architects (IEEE Spectrum, Oct 1985). Good article about PARC.

Interview with Bob Taylor (and another), who ran the PARC CS Lab.

The Idea Factory. The definitive book about Bell Labs. (There should be more…)

The Art of Doing Science and Engineering. Only indirectly about Bell Labs but so good that you should read it anyway.

Tuxedo Park. Book about the MIT Rad Lab, among other things. (Also worth reading Endless Frontier. Broader influence of NDRC is underestimated, as far as I can tell.)

MIT’s Building 20: “The Magical Incubator”. Transcript of a talk about Building 20.

Funding Breakthrough Research: Promises and Challenges of the “ARPA Model”. An analysis of what the ARPA model is and why it might work.

The Dream Machine. Book about ARPA, Licklider, and the creation of the internet.

The Power of the Context. Alan Kay’s reflections on ARPA and PARC.

The Making of the Atomic Bomb. Book about the Manhattan Project.

Skunk Works. The Lockheed Martin facility behind the U-2, SR-71, etc. (See also: Kelly Johnson’s 14 Rules, Kelly Johnson’s own memoir, Augustine’s Laws, Boyd, and National Defense.)

Organizing Genius: an exploration of commonalities across the Manhattan Project, Black Mountain College, Skunk Works, etc. Demis from DeepMind commented that it accords with how he manages the company.

Sidewinder. A history of the development of the Sidewinder missile and of the China Lake Navy research lab.

Scene of Change. Personal account from Rockefeller Foundation’s Warren Weaver. (Worked with Bush at NDRC during WWII; helped fund Green Revolution; funded most of the Nobel-winning molecular biologists.) Worth a quick skim—some good passages.

Alvarez: Adventures Of A Physicist. Luis Alvarez’s first-hand account of participating in the development of GCA, radar, and the Manhattan Project.

Doing the Impossible. How George Mueller managed the Apollo Program

The Booz Allen Hamilton’s Innovation Strategy

A few years ago, I was lucky to have attended a session at the State Department Day of Networking, where you get to meet contractors and outside vendors who offer in-house “innovation” services. I peeked into a few programs offered by Booz Allen Hamilton. Here I did my own analysis.

Booz Allen Hamilton is a leading consulting firm for business, government, and military in analytics, digital, engineering and cyber. They also have an innovation hub in Austin, in the DMV area, and provides a steady source of personnel to the government who hold active security clearances.

WAR GAMES AND EXERCISES

This one is called “War Games and Exercises” mainly for military services. Looking at the list of activities, it really looks like a whole design thinking exercises for military personnel. According to Booz, the “wargames and exercises empower creativity, simulate and test ideas in a safe environment, and discover the solutions that help organizations survive and thrive.” It worked with joint staff, military services in acquisition approaches, intel in “simulating future environments, civil agencies for …organizational resiliency and …risk management on a range of events and exercises to build preparedness, increase resilience, and sustain performance.”

Wargames

  • Alternative Futures and Scenario Planning
  • Wargame: A scenario based simulation with moves and countermoves in a controlled and competitive setting with team play and role playing
  • Red teaming/red cell: An independent adversarial group that challenges an organization

Exercises

  • Workshop: A discussion with focused group activities to develop strategy
  • Tabletop: A scenario-based discussion to test strategies, policies, plans, and approaches
  • Drill: aAn exercise with coordinated activities to validate a specific function or capability
  • Functional/Command Post: An exercise to validate and evaluate the synchronization of management with various operational capabilities (logistics, communications, command & control, coordination)
  • Full-Scale/Field Training: An exercise with high-stress, multiagency activities infvolving actual deployment of resources in a coordinated response.

Analysis

  • Wargame/Exercise After-action report analysis: analysis and subsequent improvement planning in accordance to existing plans
  • Real World Event Analysis: An After-action analysis and subsequent improvement planning of a real world or planned event in accordance to existing plans.

Here are some more familiar names like hackathons also dearly known as “Diplomacy Lab”, creating a platform to submit ideas, and a crowdsourcing platform. Without seeing the crowdsourcing platforms myself, I couldn’t really tell how effective the programs were. I wasn’t sure from based off the language for both Accelerators and Incubators the exact type of support they offered.

Hackathons

US Navy: Hack the Machine

The primary objective of the hackathon was build a robust community of maritime cybersecurity talent from among a diverse pool of candidates in Austin, Texas.

Delivered 10 solutions Navy could develop to improve the safety and efficiency of the maritime cybersecurity, data science for safer oceans and next-generation design for PNT alternatives.

Diplomacy Lab

As a follow-on to the Silicon Valley Tech Challenge hosted at UC Berkeley in 2016, Booz Allen partnered with the Bureau of Energy Resource to identify ways that technology and innovation could help improve energy access through a three-day Data Science Challenge in San Francisco. The challenge was to build a community and test how geospatial analysis could increase visibility into renewable energy development potential and help expand access to the two billion people who lack electricity or lack reliable electricity around the world.

Department of State: Silicon Valley Tech Challenge

  • Engaged 144 onsite attendees (117 participants and 27 subject matter expert mentors) and nearly 300 online registrants.
  • Built a crowd of industry experts, data scientists, designers, and those who are engaged in a follow-up crowdsourcing challenge
  • Booz Allen and the State Dept. jointly presented findings at UNSEE4ALL conference in NYC

Crowdsourcing

Booz Allen’s crowdsourcing approach is a methodology for assessing problem spaces in order to design both one-off and related series of crowdsourcing challenges for organizations across multiple sectors and industries. Our focus on every step of the challenge process, from problem space deconstruction to challenge communications to awards disbursement, helps organizations leverage crowdsourcing as a unique problem solving tool in their innovation toolkit.

Intelligence Community Client: Crowdsourcing and Innovation Management Platform

  • Launched flagship crowdsourcing platform, which led to increased speed to mission and saved over $2M collectively.
  • Generated new cross-team collaborative efforts and received recognition at an event with over 200 attendees and 5 agencies
  • Reached over ten thousand active participants spanning several government agencies

Challenges, Competitions, Prizes

Each organization has unique requirements and we emphasize understanding those details during the challenge design process, including facilitating communications, marketing, compliance, engagement analysis, and various other challenge facilitations. The right preparation in deconstructing the client problem space is critical to selecting the right tool to complete the job.

National Science Foundation: Challenge Platform Revitalization

  • NSF Chief Technology Officer sponsored a challenge and selected three idea to include as flagship initiative in NSF’s 2014 Open Government Plan (delivered to the White House in June 2014).
  • In the three months following re-launch, IDeaShare experienced the following results: 43 challenges launched, 4,136 new users, 451 new ideas, 43 ideas selected to be flagship initiative in the Open Government Plan out of the NSF potential user pool (2,300 staff and contractors.)

Accelerators

Accelerators can be achieved with effective program design and governance utilizing their existing assets and resource to achieve internal innovation results.

NASA: Internal Technology Accelerator

This effort is assessing the effectiveness of the current NASA accelerator model and the leadership team through observation and the stakeholder research.

  • Conducting a tailored innovation assessment in order to establish a baseline of the organization’s innovation maturity
  • Conducting external innovation accelerator market research through interviews with members of similar innovation efforts going on at federal, commercial and academic institutions
  • Assessing the potential benefits, cost savings, time savings, skills acquired, reputation, employee engagement, network size, associated with adopting innovative methods, tools, processes, and practices within NASA’s larger organizational context

Incubators

Incubators creates a space where new ideas can flourish and become a reality. Booz Allen iHubs are geographic concentration of accelerated ideation and entrepreneurship. Each iHub has a formal an informal network of investors, entrepreneurs, patents, and cutting-edge companies. Booz Allen’s physical presence in leading innovation ecosystems around the country accelerates our ability to source targeted capabilities and new thinking.

Booz Allen Innovation Center and iHub Network

  • Interdisciplinary teams work side-by-side with the clients, partners, and the innovation community to create integrated solutions.
  • Project teams provided with the customized curricula, mentorships, and technologies
  • The space serves as a working laboratory to test, showcase and measure how space and technology and promote collaboration, wellness, and productivity – while reducing the time to market for new products and services.
  • The space features in-person and virtual platforms to connect diverse stakeholders from the larger innovation community to help solve the world’s toughest problems. “

So my take on the Booz Allen innovation programs for government is that they took on a few projects as they came and had some resources to offer, but did not have a streamlined set of programming offices could lay on top of. I think when you’re approaching BAH, you do have to have a set objective as well as KPIs. I’m very interested to see how the Booz Allen’s presence in Austin, Texas might envelop along with SXSW.

Korea’s Cyber Security Market Outlook with SWOT Analysis (2021)

South Korea is a highly digitised and connected country with the world’s fastest internet speed, the highest rate of broadband penetration and the highest rate of smartphone ownership. The advancement of Korea’s digital infrastructure has outpaced development of cybersecurity infrastructure, which has suffered attacks from both domestic  overseas actors.

South Korea’s cybersecurity market was estimated to be worth KRW 1.98tn in 2020. Korean firms such as SK Infosys and global players such as Microsoft, Symantec and Cisco dominate the market, while system integrator providers such as Samsung SDS or LG CNS provide cyber solutions as part of its IT offerings. Approximately 40 percent of the market is dominated by U.S. companies such as Microsoft, Symantec and Cisco, as experts generally regard the most technically advanced solutions from foreign companies. Growing demand for higher security standards from the government, however, has led local firms to offer increasingly specialized products that keep pace with global best practices.

The total addressable market size of cybersecurity solutions are projected in 2021 are the following: network security at KRW 468bn, system security at KRW 216.9bn and information leakage prevention services at KRW 311bn. Services are driven chiefly by security projects, a market size of KRW 204bn in 2020, followed by consulting and maintenance services, market size of KRW 115bn and KRW 112bn respectively.

Trends

In 2020, the Presidential Office of National Security called a number of changes in its 2019 National Cybersecurity Strategy including developing preventative and response technologies that can detect and repel attacks in real time, as well as a regulatory framework to encourage greater spending on cybersecurity from companies and public institutions. The strategy identifies raising the competitiveness of local industry and increasing the number of cybersecurity personnel as a means of achieving these greater capabilities.

Other government initiatives also call for major investments in cybersecurity, including cloud and AI-based cyber solutions, with the goal of improving South Korea’s ranking in the International Telecommunications Union (ITU) global cyber security index from 15th to 5th over the next two years. In January 2021, the Ministry of Science and ICT (MSIT) announced KRW 670bn in funding for domestic cybersecurity capabilities. The plan aims to improve response capability through real-time collection of threat information and to develop an infrastructure around securing government facilities, cloud service providers and data centers.

The MSIT allocated a total of KRW 240 bn for information security in its 2021 budget, an increase of 29% compared to the 2020 budget.[i] Approximately one third of the spending (KRW 74.7bn) is dedicated to information security R&D, while spending on incident response planning is doubled to KRW 53bn as the government seeks to build a stronger digital security systems ahead of the increasing digitization and connectivity of the economy. Other areas of spending include developing mobile-specific security and offering consulting services to SMEs lacking sophisticated security protocols.

Demand for network security solutions grew 10% in 2020 to reach KRW 825m as work-from-home became increasingly prevalent during the COVID-19 pandemic. The remote work environment especially created demand for a network security infrastructure across cloud technologies, interconnected devices, and virtual private networks (VPN) to secure private networks in public spaces. Network security detects and prevents attacks on the system across the network, and consists of firewalls, Intrusion Prevention Systems (IPS), DDoS prevention systems, virtual private network (VPN), access control.

Network Security

The sales of network security solution provider Wins grew by 14% and firewall and cloud-based technologies sales rose by 50% in in 2020. Fortinet released a solution called SASE (Secure Access Service Edge), a collaboration with AT&T that secures multiple layers of security networks in remote environments. Major government institutions also continued to strengthen their networks, as the public electricity company Korea Electric Power (KEPCO) invested KRW 1.3 bn in software and the Government Buildings and Management Office (GBMO) made a smaller purchase of network separation security technology. However, experts consider many public institutions and private companies vulnerable to potential threats, having not secured the proper network security infrastructure during the rapid transition into the remote work environment.

The sales of network security solution provider Wins grew by 14% and firewall and cloud-based technologies sales rose by 50% in in 2020. Fortinet released a solution called SASE (Secure Access Service Edge), a collaboration with AT&T that secures multiple layers of security networks in remote environments. Major government institutions also continued to strengthen their networks, as the public electricity company Korea Electric Power (KEPCO) invested KRW 1.3 bn in software and the Government Buildings and Management Office (GBMO) made a smaller purchase of network separation security technology. However, experts consider many public institutions and private companies vulnerable to potential threats, having not secured the proper network security infrastructure during the rapid transition into the remote work environment.

Threat Intelligence Monitoring/Incident Response

Intelligence gathering and response capabilities are a strategic area of focus for the Korean government, which is seeking to improve the ability of public organizations and small firms to respond to threats. Domestic threat monitoring and response technologies are still under development, but the introduction of new solutions such as SOAR (Security Orchestration, Automation and Response), which detect threats in multiple layers of networks and connected device systems, show promise.

The government expects SOAR to automate the analysis and response to security threats, while also addressing capability gaps in the nation’s security infrastructure. More than 50 Korean companies are developing SOAR solutions, including Igloo Security, which launched its Spider SOAR solution to carry out vulnerability diagnoses for IT assets.

South Korea’s threat intelligence and monitoring solution providers have also integrated response functions within their products to allow for the identification of ransomware attacks and malicious code. Korea’s Nuri Lab NAR (Nuri Anti-Ransom) provides a security solution which detects and blocks cryptographic behavior and ransomware. WidgetNuri offers a whitelist-based software authentication blocking, as well as a cryptographic detection and blocking solution. Through an authentication system, the software analyses the action on the operating system to detect potential ransomware. The AhnLab Smart Defense solution has a built-in detect and block ransomware solution.

Endpoint Security

The need for EDR solutions grew in Korea during the sustained period of remote work. Users’ devices connect to the comparatively more vulnerable networks at home. An effective EDR solution according to AhnLab refers to the ability to monitor in real-time the processing, registry, and files through machine learning and IoC analysis. Korea’s adaption of EDR security technologies is relatively slow as Korean companies often lack internal CERT or SOC personnel to implement the solutions, however, a much more wide adoption of EDR technology can be expected in 2021. According to CUDO Communication, the EDR solutions were adopted in each internal departments in Korea, and companies are expected to secure a much wider security network this year, especially in financial and manufacturing sectors and large corporations with internal security control centers.

AhnLab leads the market in EDR solution followed by ESTSecurity. INCA Internet recently launched its own endpoint solution product, called Tachyon, in 2018, which includes a mobile-specific version. INCA’s nProtect is widely used in South Korea to secure e-commerce, online gaming and financial transactions. SentinelOne, a US-based startup offering an EDR platform, also announced plans in January 2021 to open a South Korean office, pointing to the demand for endpoint technologies in Korea.

Encryption

In Korea, quantum cryptography and homomorphic cryptography solutions are advancing the application of encryption technologies in digital healthcare solutions, 5G , and ICT infrastructures. The ‘2nd Information Protection Industry Promotion Plan’ designated post-quantum cryptography, or quantum-resistant cryptography as a priority investment area to support development of commercially available applications of quantum-resistant encryption systems, investing into testing the resilience of encryption algorithms and standardisation on the use of quantum encryption.

In the private sector, Naver’s venture arm, D2 Startup Factory invested into Desilo Inc, a startup developing a homomorphically encrypted machine learning solution and is currently developing the homomorphic encryption technology in-house. Samsung SDS has won first place in the international genomic information analysis security competition, iDASH 2020, with its homomorphic cryptography technology. Korea Institute of Science and Technology Information (KISTI) and Seoul National University Hospital in Bundang also signed an agreement to apply quantum cryptography and homomorphic cryptography in processing medical documents.

Authentication

The Electronic Signatures Act was amended in December 2020 authorizing private companies’ use of digital authentication solutions than the cumbersome public digital authentication system, which required users to install Microsoft’s ActiveX plugin. A number of major Korean tech firms including Naver, Kakao, Payco, BankSign, and all three major mobile telecommunications service providers, are already active in the broader authentication market, estimated to be worth KRW 70bn.[i] In December 2020, KB Financial Group’s digital signature was selected by MOIS for use on government websites out of five candidates. 

In 2020, South Korea’s three major telecommunications service providers, SK Telecom, KT, and LG Uplus, jointly launched a blockchain-based digital identity app called Pass that can verify the user’s ID and driver’s licence.[ii] The app, powered by the local fintech startup Aton, removes the complicated authentication process typically required by apps and websites for identity verification, allowing users to verify their identity via a six-digit number, fingerprint or iris recognition. Pass has close to 30 million users, well over half of South Korea’s total population. 

Internet of Things (IoT)

South Korea’s IoT market, a KRW 10tn industry, is among the five largest in the world. It is driven by a shift in focus from individual devices towards increasingly complex platforms and services supported by 5G connectivity.[i] The market is projected to show strong growth in the coming years through investments in connected cars, factories, energy grids and public facilities.

Hyundai Motor Company’s connected car service already has 1.5 million subscribers, but the automaker plans to increase this number to 10 million in coming years by ensuring all domestically produced vehicles have connected car capabilities by 2022. Meanwhile, the number of smart factories nationwide more than doubled between 2018 and 2020 to almost 20,000.[ii]

The massive projected increase in connectivity for a breadth of applications ranging from manufacturing to mobility to governance and smart cities, as well as the speed of the networks utilized, will mean the nature of threats will diversify while the time to detect and respond will be reduced. All three major telecommunications service providers are making significant investments in securing the 5G networks expected to underpin this connectivity. The leading suppliers of smart factory platforms (Samsung SDS, LG CNS and SK C&C) all integrate security into their platforms, providing both consulting and solutions such as monitoring, access control and cloud control. SK C&C is partnering with Google Cloud Korea to supply cloud security for its smart factory platform.

Industrial Control Systems (ICS)

South Korea’s ICS security market size as of 2020 is estimated to be KRW 91.3bn and has grown at an average increase of 48.8% per year since 2015.[1] ICS technology was not traditionally considered within the cybersecurity domain in South Korea. However, the rapid increase of smart factories, which more than doubled between 2018 and 2020 to almost 20,000, has underscored the importance of ICS technology in the country.

The 2018 cyberattack on Taiwanese chip supplier TSMC also prompted many Korean companies in the energy, manufacturing, and utility sectors to begin paying greater attention to dedicated protocols and securing equipment through ICS systems. POSCO ICT, the technical solutions arm of the national steelmaker POSCO, announced a jointly-developed ICS solution with Cisco in April 2019.[iii] Meanwhile SECUI, one of the leading network firewall companies in South Korea, is collaborating with Intel to develop solutions on ICS security monitoring and visualisation systems.

Supervisory Control and Data Acquisition (SCADA)

The market for SCADA in Korea was worth an estimated KRW 63.7bn in 2020, growing steadily at an average of 6.3% annually from KRW 50.3bn in 2016.[iv] Government-led SCADA projects are the largest segment of the market, usually related to the conversion of public infrastructure such as power plants, airports, and traffic control centers into smart facilities. Recent purchases of SCADA systems include public utility KEPCO, which installed a KRW 13.2bn system, as well as Incheon International Airport (KRW 2.7bn).[v]

The SCADA market in South Korea began under close collaboration between foreign and domestic companies. Local SI firm Vitzrosys entered a partnership with UK-based EuroTherm, to develop SCADA technology for sale in the Korean market. Vitzro is the market leader with 30% market share, leveraging its broader strengths in delivering complex systems for public customers such as KEPCO, Korea Railroad Corporation and the city of Seoul. Other leading companies in the Korean SCADA market include Hyundai Electric, a spinoff of global manufacturer, Hyundai Heavy Industries, as well as LS Electric and Taekwang NC.

SWOT Analysis

Strengths

  1. Due to Korea’s effective response to COVID-19,the economic impact of COVID-19 on Korea is not as severe as other countries. Korea experienced a -1.1% growth in 2020 compared to  -3.4% growth in the States and -5.1% in Japan, and Korea is expected to reach 2% in growth in 2020-2021, the highest among the 11 countries in average global growth rate.[1] 
  2. Government-led initiatives and programs are followed by private sector activity. Currently, there is large public and private investment into data infrastructure, autonomous vehicles, and hydrogen induced by the Korean New Deal
  3. Korea is a rare market with high digital penetration and an equally concentrated digitally literate consumer base. Strong ICT infrastructure underpins Korea’s capacity to build new services and technologies. The Korean market can deliver cyber technologies operationally intensive and at scale than other comparable markets.

Weakness

  1. Public attitude toward purchasing protective equipment or security technologies is passive, and corporations are slow to invest and adopt cyber solutions.
  2. Facilities vulnerable to cyber attacks, such as public health institutions and laboratories, lack education and training on potential threats. Over 90% of medical personnel have reportedly not received proper cyber training when transitioning into a remote work environment.[1]
  3. National smart city or smart factory strategies are often missing the cybersecurity framework from its onset.[2]
  4. Difficult for  technology at a globally competitive level 
  5. Korean corporations generally lack security experts or personnel in-house to guide adoption of the software.

Opportunities

  1. Due to prolonged remote work, cyber solutions such as endpoint protection and network security solutions are in greater demand with increased threat in the PC-Network infrastructure.
  2. Infection security solutions emerged in post-pandemic as a new market in Korea. Access control technologies incorporated facial recognition function with fever detection, evolving into an integrated infection prevention access security solution, widely installed in workplaces, restaurants, and public facilities.
  3. UK companies with European Civil Aviation Conference (ECAC) certifications can more feasibly sell into the specific sectors of the Korean market. Korea lacks a domestic certification system for companies to sell to the security solution buyers, such as the airport security facilities. Interested companies must obtain the certifications such as the Transportation Security Administration (TSA) and  ECAC certifications, which can be a difficult process for most Korean companies.
  4. Advanced technology solutions in the UK but not yet developed in Korea could ease into the market. Existing Korean cyber providers struggle to develop globally competitive solutions without the corporate investments or R&D support, and often partner with large multinationals to develop new technologies.[1]

Threats

  1. Korean small and medium businesses dominate the market with understanding of the country’s policies and regulations. Korean cyber solution providers interested in providing consulting service must undergo the rigorous Korea Internet & Security Agency certification procedure.
  2. The hardware in Korea, such as drones, CCTVs, and sensors, and UK software may not be technically compatible due to varying norms and standards.
  3. The Korean security products market is polarised with little room for foreign companies to be competitive in pricing. The hardware is made cheaply in China, and the Korean companies install software atop, e.g., AI-based CCTV.
  4. U.S. multinational cyber companies, such as FireEye, IBM, and Microsoft are often cyber providers of choice for large Korean corporations.
  5. Currently, the upfront cost of exploring security technology is high and the immediate forecasted return of investment is unclear. The entrants and existing organizations’ continued support is necessary for new security solutions, AI or cloud-based video analytics, etc., to emerge as business solutions.

APPENDIX

Security consulting firms

A total of 27 companies in Korea meet KISA’s standard for information security consulting. The Information Security Industry Regulations standard requires companies to establish protocols to ensure the safety of information and communication facilities. Competency is assessed based on a firm’s technical ability, completion of international certifications such as SIS, or PIMS, years of experience in the information security field and the cost of consulting services.

CompanyLink
SECUIwww.secui.com
Ahn Labwww.ahnlab.com   
eNsecurewww.ensecure.co.kr
A3 Securitywww.a3security.com   
Lotte Data Communicationwww.ldcc.co.kr
Cyberonewww.cyberone.kr/
SK Infosecwww.skinfosec.com 
Winswww.wins21.co.kr/
PioLinkwww.piolink.com 
Somansawww.somansa.com 
CISwww.cisro.co.kr/
SSRwww.ssrinc.co.kr/
Fasoowww.en.fasoo.com/
Igloo Securitywww.igloosec.co.kr
Secure Onewww.secureone.co.kr 
ICT Intelligent Securitywww.ictis.kr 
KISCAwww.audit.co.kr
SeedGenwww.seedgen.kr
Raon WhiteHatwww.whitehat.co.kr  
HanSecuritywww.hangrp.com  
MobyDickwww.mobymoby.com
Securityhubwww.securityhub.co.kr
LNJ Techwww.lnjtech.co.kr
KDNwww.kdn.com/
Shinhan DSwww.shinhands.co.kr/
ICTISwww.ictis.kr/
F1 Securitywww.f1security.co.kr/

Cyber solution providers

The largest domestic player is SK Infosec (annual revenue of KRW 270bn which specializes in consulting, monitoring and systems integration. SK Infosec is followed by Ahnlab, best known for its online and network security solutions, with annual revenue of KRW 178.2bn, anti-DDOS and IDS specialists SECUI and Wins as well as Igloo Security, which offers integrated enterprise solutions.

In late 2020, SK Infosec merged with a fellow subsidiary of the largest mobile telecommunications service provider SK Telecom, ADT Caps, which focuses on physical security, to create one of South Korea’s largest security companies. The new company, with combined revenues in excess of KRW 1tn, will offer integrated security solutions as a competitor of Samsung’s S1, which has revenues of KRW 2.2tn, largely from its physical security business. S1’s cybersecurity offerings include antivirus programs, VPNs and intrusion detection systems.

The leading Korean firms are increasingly investing in new technology such as AI, biometrics, ICT, big data, and other emerging technologies to develop total security solutions. AhnLabs recently acquired Jason, an AI-based data leakage prevention startup. S1 has invested in the development of integrated solutions customised for different industries such as aviation and healthcare, aiming to help lower the upfront cost of adopting a security solution.

CompanySales (2019)EmployeesKey ProductsKey Target Industries
SK Infosec172m1,065Managing security services, consulting, SIPublic sector
Ahnlab103m1,211Antivirus, online security, network security, firewalls, IPS and UTMPublic sector, financial institutions
SECUI76m399Intrusion prevention systems, anti-DDoS security, vulnerability analysis, unified management systemsFinancial institutions, gaming
WINS48m408Intrusion prevention, firewall, DDoS response, APT protection, integrated security monitoring, video privacyPublic sector, financial institutions
IGLOO SECURITY48m864Managed security service and enterprise security managementEnterprise
KICA27m85Licensed Korean certification authority; provides identity confirmation, secure transaction guarantees, compensation systemPublic sector institution, financial institutions
SGA Solutions25m175Antivirus, server security, firewalls, intrusion prevention and VPNPublic sector
Fasoo17m227Secure printing solutionsFinancial institutions, gaming
Penta Security Systems17.5m213Firewalls, encryption and authenticationPublic sector, financial institutions
NICSTECH7m119Personal/enterprise network security, web/mobile service implementationEnterprise
Genians15.8m140Cloud-managed network access control, IT security servicesPublic sector, financial institutions
Hancom Secure9.8m127Online integrated security solutionsPublic sector
Raonsecure18m205Security solutions development and consultingFinancial institutions, gaming
Inca, nProtect6.4m122Antivirus software, online securityPublic sector, financial institution

*Disclaimer: This article is produced from a body of my personal research during a project contracted from UKTI with Intralink group on the Korea’s Homeland Security Market.

Accelerating Impact from Strategic Partnerships to Policy Entrepreneurship

Where are we at?

How to accelerate innovation nationally

How to engage the world.

Four Approaches to Open Innovation in Korea

Open innovation in Korea is slowly moving away from building R&D capacities to reassessing business and operational models by either building its own corporate venture capital arm or working with an external consulting partner (typically a VC or an accelerator). The purpose for most Korean companies would mainly to have a testbed in innovating its business model or developing new technologies. And by running the open innovation program, the respective company would update its biz model, secure new talent, tech, market insight, and approaches to customer acquisition, etc.

Of course, a company may decide to buy a well-oiled startup with the range of technologies the company would need. For instance Hanwha Systems recently bought Satrec Initiative and plans to equip itself with the nut sand bolts to launch its own satellite.

In Korea, open innovation really used to be investing in a company one by one or expanding its social impact footprint and its CSR program, e.g., Hyundai Car’s pitch program called H-On Dream, but it is now opening up to a much more open collaborative approach. 

  1. Digital Transformation with a consulting firm: One of the most well-known open innovation consulting firm is called 로아 인벤션랩. Its most successful case studies are with KT 국민은행 and working with fashion & cosmetic brand companies that were relatively slow to innovate, e.g., LF and 신세계. Side note: It also began investing in startups, ~20 last year, via an angel-based VC, Big Bang Angels.
  2. MOU-based with VC/Accelerator: A large startup/accelerator/VC signs a partnership with a corporation to reassess its business model. The example I witnessed was the one with Hashed, a blockchain fund in Korea. It worked with an array of companies, banks, LG CNS, and those even remotely interested in learning about blockchain, including SM entertainment and CTIA, a mobile telecom company. And in doing so, the corporation’s tech or new business department could pilot a business model and the VC funneled its startups to partner with large corporations.
  3. CVC: The corporation could also decide to build its a raw datasheet of startups by opening a “신사업” or new business branch in industries it already does business in.The most successful ones I’ve seen are Kakao Ventures and Samsung Next. Most Korean CVCs do not have a very strong international base, except for the Korean conglomerates that already have a presence abroad. 한화생명’s Dream plus 63 has secured a network in Tokyo and Shanghai. Even Smart Study famous for its animation and its song, baby shark, has hired one or two investment analysts to review startups that they could be a part of. And it was quite successful at it so far. The interested company could soft-land by participating in one of KITA Next Rise’s programs as a judge/mentor. 
  4. Introduction-based: KITA has done this really quite well. KITA is the parent company that owns the space in Coex Mall and has a free lounge for startups. Annually, it hosts an annual conference called Next RIse for the purpose of assisting with open innovation. Another program KITA is famous for is a program called Fortune 500 Connect. KITA hosts an open invitation for startups interested in working with conglomerate contacts, notably BMW and Chanel, in the States, etc., to make introductions. 

Open innovation may seem tricky to enter, but there are many new mediums in which the startup could enter the field of open innovation. I suggest all those who are interested to start attending the startup-corporate meet-ups and or read case studies of successful programs or acquisition models.

Demystifying DoD Contracts

What the Department of Defense has achieved through the Defense Innovation Unit (DIU) and AFWERX is quite incredible – the flow of money from the government itself has not yet become predictable. Here are some recent observations on DoD contracting programs and how startups may enter the field.

DoD Purchasing and Contracting

DoD buys equipment and supplies across the caliber with three large investment areas: stretches of logistics to move equipment, medical facilities, and IT networks.

Open government contracts and DoD’s SBIR funding, reviewing the past 2-3 years, shows the range of government funding propositions. The government contracts consist of tires and other services. However, even if the technology is promising, if it is not exactly what the USG is looking for and thus detailed in the open contract or or it is a proven solution, then it is extremely difficult to fund it into the stream. And each contract often demands a proven solution than the maturity level of technology a seed-stage company may have.

SBIRs for DoD has a more flexible risk appetite. For instance, for new materials or technologies, the SBIR is designed to gain solicitation to test the market and to adapt them to the new solution.

The AFWERX Model

What AFWERX has done well is to get notice. After years of rift between the Silicon Valley and the defense community, the AFWERX has built the brand awareness and the dual-use open topics. Since the summer of 2018 pilot launch, which was successful, the value proposition for AFWERX has been that they could give money out faster – much like VCs and less like the traditional governments’ contracting cycles.

The two areas of struggles for AFWERX have been scaling the model and adopting the solutions. The government entities initially had attracted 150 proposals, which was followed-on by less, 100 or 50. The problem was the conundrum of the classic government innovation — slow, opaque, and difficult to follow. The government contracting process was not well set-up and was not entirely user-friendly. The second struggle was to get buy-in for the government customers. While AFWERX had given out the money to test out the solution, Air Force was not ready, either culturally or institutionally, to adopt the solution, the so-called Frozen Middle.

The flow of investment?

The investment into space startups is increasingly active. The startups who attracted the capital, high net-worth individuals, and institutional investors moved the money around to de-risk the capital allowing companies to win large contracts, such as Palantir to become multi-million dollar entities. However, selling to the large corporations could take easily two years to execute in the sale cycle, similar issue observed in governments.

If the government sees a company it likes, it would have to either introduce it in an existing contract or allocate new funding. A traditional government contract, which can be locked up for decades, is often with another larger supplier. They could ask the supplier to apply the company’s technology when shipping out the equipment. Or, they could create another contract, from which the government must find a budget. This could take one or two years of little or no communication with the interested company.

For small companies, the dynamic can be quite different. It is much more hands-on from the meeting to the adoption. It could take up to a month for a pilot and up to six months to commercialization.

Supporting Korean Businesses

Korean businesses can pave their way into DoD contracts through the SBIR dollars. To sell to the U.S. government, the Korean business would ideally need a U.S. subsidiary or create an LLC in the States. Setting-up the business itself is quite easy – only costing under $100 to create a company in Virginia.

However, the legalities of the business may be difficult to navigate. If the technology, however, is owned by a Korean, the United States has own the license to sell. The ownership of license is a matter of importance to the defense counterpart. Korean company would also need foot on the ground to build a salesforce and a team to sell on behalf of the company.

In short, the Korean business has to have a strong legal backing to establish its presence in the States and to navigate the difficulties of managing its assets, such as IP, in both countries. They also would need to set-up a strong salesforce to put the foot on the ground and to start generating revenue.

Physics of the Future: How Science Will Shape Human Destiny and Our Daily Lives by the Year 2100

Physics of the Future is one of Michio Kaku’s earlier books of his series of his forecasts of the future. I really enjoyed this book – as he dissects each industry into each layers, he goes in depth into each industry with a rules as a physicist under fundamental laws of physics. As he begins the book, he warns the readers – everything we will read about are projections are the future.

The storyboards he envisions is quite extraordinary. From his own experiences and from the tech evolution he witnesses, he shows us the economic and physical possibilities of the future, for instance, how room temperature semiconductors can enable flying cars. He does explain the tech limitations as he goes into each sector, but I did wish he went into the unintended consequences of each tech today.

Instead of writing about how robots might gain consciousness some day, I wished he could write more about issues we are currently facing, such as the AI’s flawed algorithm giving us biased results. Data trust and privacy issues.

This book takes you on quite a journey. There is energy and enthusiasm radiating from the book as a quantum physicist in the future that he sees. I am certainly looking forward to reading his other books.

Disaster Security: Using Intelligence and Military Planning for Energy and Environmental Risks

This is a book recommended by a close friend who is also a climate scientist. Chad Briggs and Miriam Matejova takes the audience interested in scenarios, simulations, and disaster planning through different exercises developed under the umbrella of the US Department of Energy and the US Air Force.

Militaries often use war games and simulation exercises for scenario planning. These exercises can be very applicable for energy and environmental security scenarios as well. These scenarios present different security challenges and their potential cascading impacts on global systems – from the melting of glaciers in the Andes to hurricanes in New York and Hawaii, and on to hybrid disasters, cyberoperations and geoengineering can carry very high risks.

The authors emphasize the very “human” element to tackling climate change and that the records and historical accounts and modeling are no longer paint a complete picture. Although this is a rather new approach, it has a close overview of the lessons and solutions to the world’s pressing energy and environmental security challenges.

“We wanted to emphasize that it’s not just about climate change. That’s a really important factor but it’s there in the background. Human actions as well are really important. These aren’t just natural disasters; these depend upon human actions and human vulnerabilities”

Some of the lessons learned were really interesting. He notes, local knowledge is far superior to the technical and published reports or effective strategies to cover for institutional blind spots in training.

In today’s networked world, environmental disasters are becoming more likely with the traditional notions of hard security becoming increasingly challenged. I thought this book was quite enlightening and a good one to have in the toolbox – for partnership practitioners – it is increasingly important to be ready to be ready for the unpredictable and extreme – to be aware of the vulnerable and complexities and to be flexible in thought – whether they be disasters or climate adaptations.

Protecting Our Country from Up Above: GIS Solutions

At an event by Peacetech Labs I ran into then Senior Advisor at the Bureau of Arms Control, Verification, and Compliance. We ended up having a much longer conversation about a whole lot of things – quantum computing, innovation at State, and others. Soon after, he became my confidant and a friend, whom I could share about all matters on how to enable innovation at scale.

From my short period of time working with the Senior Advisor on

The goal of Arms control is to “build cooperation among allies and partners in order to control the threat posed by weapons of mass destruction, their means of delivery, space and cyber capabilities, and conventional weapons…AVC is committed to working intensively for the development of strategic engagement for international security, partnering with U.S. allies and other agencies in fielding missile-defense capabilities for international missile defense cooperation, and promoting U.S. security in outer space.”

What this means is – that when the Secretary of State or POTUS shakes hand with Kim Jong-Un on dismantling nuclear missiles, AVC verifies the countries’ progress towards dismantlement. Verified dismantlement in a nutshell is to obtain high confidence that the program no longer exists and that reconstitution will be difficult and likely to be detected relatively quickly or at least long before significant quantities of banned items are produced. In this sense, the dismantlement is called irreversible. 

Previous to my time, there was an Entrepreneur in Residence at AVC who had worked to bridge programs with tech vendors and embassies. He mentioned how satellite technologies had not been updated since the 60s.

Satellite images are a product of remote sensing. Remote sensing is a technology for sampling radiation and force fields to acquire and interpret geospatial data. Geospatial data are used to develop information about features, objects, and classes on earth’s land surface, oceans, and atmosphere. Remote-sensing exists today as an extremely sophisticated form of space photography which has developed in the last few decades.

It can take a long time to verify the conditions set out in the treaties are satisfied. The spread of nuclear weapons technology consist of a rainbow of decentralized, sometimes overlapping and sometimes fragmented systems of international agreements, informal arrangements, and national legislations. Not surprisingly, differences in national implementation and enforcement continue to frustrate efforts to keep dual-use goods and technologies out of proliferator hands. These implementation gaps, coupled with the sheer volume of global trade and commerce, have reduced the barriers to entry for intermediaries and created pathways for illicit procurement networks to exploit. 

While the weight of that demand is heavy on any verification system, the certain consequences of failure require no less. To that end, we will have to close disparities between treaty compliance and the existing verification means available to serve that function. Otherwise, the imbalance will continually jeopardize the shared nonproliferation and disarmament aspirations. Strengthening verification standards and practice through modern technology will ultimately strengthen transparency and security inherent in the verification model and renew commitment to compliance. It will then serve not only as a catalyst to future agreement, but also enhance the certainty of agreements on security challenges that nations choose to meet.

How Venture Capital Impacts Defense: Conversation with Peter Thiel and Josh Wolfe

Harnessing and Securing American Innovation: How Venture Capital Impacts Defense

Josh Wolf is a co-founder of Lux Capital to “support scientists and entrepreneurs who pursue counter-conventional solutions to the most vexing puzzles of our time in order to lead us into a brighter future. The more ambitious the project, the better—like, say, creating matter from light.” Peter Thiel is a co-founder of PayPal, Palantir Technologies and Founders Fund. Plantir is an In-Q-Tel and Founder’s Fund-backed company.

Peter: By my count, there are only two companies that have been started since The Cold War, that are (1) focused on national security, and (2) have reached a billion-dollar valuation: SpaceX and Palantir. [4:00]

Peter: A lot of innovation gets driven by smaller companies. This is absolutely critical. When not many people are doing it— if you are one of the few who do it— there is a lot of opportunity. [4:25]

Josh: Strength comes in part from technological dominance. Technological dominance comes from brilliant engineers that are inventing cutting edge technologies. [6:20] 

Josh: Palmer Luckey, Trae Stephens, and Brian Schimpf [founders of Anduril Industries] are authentic engineers that are obsessed with technology. 

They are constantly thinking about: 

What does the warfighter need? 
Where is the white space? 
Where is the gap? 
What is China developing? 
What is Russia developing?
How can we put them [US warfighters] with the most cutting edge technologies out there?[6:35]

Josh: Many of these people [those inventing new technology] were inspired by Science Fiction. They are literally going back— 20 years into the annals of comic books and sci-fi movies— and saying it would be amazing if we had that. [7:00] 

Peter: If you can’t create a business that is worth a billion or more the venture capital model does not work that well. If you start a company that is worth $30 or $100 million that can be quite successful for the person who started that company. For a venture fund if that is the best we did we would be out of business. [9:40]

Have Palantir and SpaceX created a template for other startups to follow with the defense space? [Peter]: Well there is certainly proof that it can be done. In both cases, it took a wickedly long time. Close to a decade to start getting significant contracts from the US Military. In some ways, they were not conventionally venture fundable. [10:20] 

Josh: It helps to reduce market risk. You will have a lot of venture capitalists that say you are focused on the defense industry. The stereotypes of the defense industry are that the defense industry is slow-moving, bureaucratic, very political, they might not pick the best technology, they might instead give the contract the company they have been working with for the past 20 years, etc…So whatever you can do to eliminate that risk [is good]. [If not] It is like we are fighting with ourselves by not equipping the warfighters with the absolute best technology that is coming from some of these early companies. [14:30] 

Josh: The origins of Silicon Valley were in electronic warfare and defense. There is an aversion for people to want to work on defense-related things. That is a zeitgeist that is growing. [21:30]

Josh: I think there is a job society can do —and that is the retelling of a narrative that can galvanize some of the best and brightest to work on American defense. [23:10]

Peter: There is always this danger for a tech company to become overly bureaucratized. [29:49]

Josh: The one real edge you can have as an investor is a behavioral advantage. For us [at Lux Capital] that means having a longer time horizon than the average investor. We call this time arbitrage. If the average investor is looking for a signal of success in a year or two— and we are looking at something that might not give us a signal for 4 or 5 years —then by definition there will be fewer investors looking to fund what we are funding. 

The valuations will be lower— and if we are right —the returns for us and our investors will be higher. So we like to look at things that are further out which means they are riskier and more improbable to work. But when they do they work in a really big way. [30:46]