A little over two weeks ago, we — Comcast NBCUniversal’s Strategic Development/Growth unit — announced that we made a control investment in BluVector, an Advanced Threat Detection cybersecurity start-up. And in the period since, we’ve been asked a number of times: Why?
In our press release, we spoke about the enormous market opportunity in cybersecurity; the chance to both augment our own cyber capabilities around new products in particular, and the opportunity to take Comcast’s already substantial cyber capabilities and feed them back through BluVector in order to take them to market; and, perhaps most importantly, the opportunity to work with BluVector’s extraordinary technology and the unbelievably talented people of this amazing high-growth company.
But that’s only part of the story. On a personal level, many of us who worked on this deal — as well as much of the team at BluVector — have experience in national security, from the armed forces to the intelligence community to critical civilian contractor support. And to be clear: BluVector’s work is a mission for us.
In addition to being a terrific growth opportunity for Comcast NBCUniversal, BluVector will enable us to help in the fight against the growing, and merging, hacker threats of cyber crime and cyber terrorism. This is a far more significant threat — a clear and present danger — than most people allow themselves to realize. I wrote about the notion of a growing nexus between cyber crime and cyber terrorism in 2014 ….. far more than in the real world, cyberspace is a place where petty criminality can evolve with extraordinary rapidity into major crime and even terrorism. And, important as it is, government effort is insufficient to combat the threat; the private sector must also step up and do its part in this fight.
John P. Carlin is author of Dawn of the Code War, and was the Assistant Attorney General for the Department of Justice’s National Security Division as well as Chief of Staff and Senior Counsel to former FBI Director Robert Mueller. In a ripping yarn that reads more like a John Le Carré novel, but is all the more terrifying because of its reality, Carlin writes about the nexus of hacking, cybercrime, cyber — and real world — terrorism in both his book, and in Most Dangerous Terrorist, published in Politico:
“We knew that sooner or later terrorists would turn to the internet,” Carlin writes. In 2015, the case of hacker and terrorist Ardit Ferizi demonstrates the world we live in now. Carlin continues, “Ferizi hacked into (a US-based) online retailer’s server in Phoenix, Arizona, stealing credit card information of more than 100,000 customers. He culled through the data to identify people who used either a .gov or .mil email address, ultimately assembling a list of 1,351 military or government personnel, and passed their information to ISIS … What started out as an attempt for criminal extortion ended with a chilling terror threat and a plot to kill.” (emphasis added)
Carlin again: the Ferizi case “….represents the first time we have seen the very real and dangerous national security cyberthreat that results from the combination of terrorism and hacking. This was a wake-up call not only to those of us in law enforcement, but also to those in private industry.” And, this is “….a message I’d echo to businesses and organizations many times in the years to come: You need to report when your networks have been attacked because you never know how your intrusion, however seemingly minor, might impact a larger investigation. What to you might be a small inconvenience could, with broader intelligence, represent a terrorist, a global organized crime syndicate, or a foreign country’s sophisticated attack.”
With BluVector, we are bolstering our ability to play our part in this dangerous, potentially deadly and ever worsening threatscape.
IN APRIL 2018, Independence Health Group and Comcast announced a unique partnership to create an innovative patient-centered technology and communications platform.
In this episode of the Oliver Wyman Health Podcast, Helen Leis, Partner in the Health & Life Sciences division at Oliver Wyman, sits down with Brian Lobley, President of Commercial and Consumer Markets at Independence Blue Cross, and Don Mathis, General Manager of Growth at Comcast NBCUniversal, to learn more about how this partnership may change the healthcare consumer landscape.
Together, Brian and Don explore the genesis of this deal to unite a renowned global media and technology company with a leading health insurance company. They also explain their joint goals to leverage data and create an appropriate bespoke experience for consumers. And, they discuss the challenges and opportunities that stem from bringing a healthcare insider and a healthcare outsider together as one.
Says Don, “At Comcast NBCUniversal, we believe we can offer the approximately 75 million people across 23 million households that we serve directly, and by the virtue of this partnership well beyond that number, an opportunity to take control of their healthcare journeys and to change the outcome in a process that has a lot of friction, discomfort, ambiguity, and not very much information. And we can impact that.”
Says Brian, “Healthcare is rapidly changing for consumers. We are focused on building and collaborating on solutions that help answer the most prevailing question in a healthcare journey: What should I do next?”
If you told Frank Cary – CEO of IBM in 1980 – that eventually his $26.2 billion revenue company with 341,000 employees would be overtaken by a 40-person upstart with less than $8 million in revenue, he’d have likely considered the notion ludicrous in the extreme. IBM’s decades-long technological dominance seemed unassailable. Yet by late 2014, Microsoft had eclipsed IBM’s revenues. Agile, innovative and more in tune with a rapidly changing environment, the once-tiny start-up surpassed the incumbent.
The IBM/Microsoft story is a parable of corporate hubris, and the story of an organization with a hide-bound structure designed to compete in an earlier era versus the forces of disruptive innovation. Its lessons can be applied in many circumstances – indeed, to Microsoft itself vis-à-vis competitors such as Google. But it also can serve as a powerful cautionary tale in defense acquisition policy: In the Department of Defense (DoD), technological dominance is often taken for granted despite the high-profile roll-out of a “third offset strategy.” Indeed, the argument of the day is over whether many of the organizational structures designed for a different age have outlived their usefulness. The IBM/Microsoft analogy works pretty well, except for an important distinction: The stakes are radically higher in defense acquisition reform. Read more….
I stepped on stage with Kyle Harty and Wick Vipond from Allen Gerritsen agency to discuss how social advertising is coming of age and Sunoco brand success across-social network campaigns. Check it out!
Although some predict that Facebook’s salad days will soon end, brands shouldn’t believe it.
The company remains on the forefront of the digital revolution, from virtual reality and artificial intelligence to rapid and creative global expansion of Internet availability. At the same time, Facebook’s infrastructure continues to create an entirely differentiated way of digital marketing that is measurably superior to the deeply flawed cookie-based ad tech stack.
Fred Warmbier is a brave man. As the owner of Finishing Technology, he’s in charge of a fairly large team of employees. And, like any boss, he makes mistakes. The difference is that most of us don’t blog about it in the New York Times. In a recent post, he tells the story of his difficulty letting go of being the ‘hero.’
When a company is young and there aren’t so many moving parts, its fun being the person who steps in to solve problems. As the owner of a company, or a member of executive leadership, we have the authority to make big decisions on the fly, and the company is still being run in our own ‘image.’
But that role isn’t sustainable. Stepping in to solve problems can actually create an environment where we are expected to take care of problems. What is a much stronger option is to trust big decision-making and problem-solving to other team members, department heads and the like. This kind of empowerment turns the team into excellent problem-solvers, and also avoids the likely scenario where people resent the boss coming in often to tell them what to do.
Changing from a directive management style to become a delegator is tricky…most of us know this. Letting go is hard after we’ve built up a fondness for the way we handle certain responsibilities. But for a growing company, nobody can be everywhere to solve manage every issue that pops up. Not only that, but we really don’t even want to be that person. It’s draining, and can make us cynical.
Fred found himself managing out of habit, rather than really considering what was best for his team, himself, and his company, fighting one fire at a time. By pulling himself out of the picture several times, he found that his great staff were quick to step in and handle it themselves. And, get this, the world kept spinning!
Changing management style is scary, particularly after having success managing in some particular way. But as companies grow, roles expand, and the job description evolves. What’s great about Fred is that he has the self-awareness to examine what isn’t working around him and be able to pinpoint himself as the cause. As he pulls back from fighting fires, he finds himself missing the thrill of being the hero. And, like all of us, he isn’t quite sure what’s around the corner. This is what growth feels like.
For the last few years, the venture capital and start-up community have exhaustively explored the idea that there is a “Series A crunch”. Opinions differ – sometimes sharply – on the topic.
It goes like this: After slogging through six months to a year of frenzied product development and user testing, seed-funded tech start-ups are fatally hitting a wall — the million to several million dollars in VC funding they need to scale up their cool new services is nowhere to be found. The result is the cruel and needless throttling of a vast stream of promising fledgling companies down to a mere trickle of survivors. Share of seed-funded companies that won’t be able to get follow-on funding: 61%.
Yea, though I walk through the valley of the shadow of start-up death…
In mid-2014, William Hsu of Mucker Capital wrote in re/code: “the distance between that “eureka” moment when an entrepreneur has an idea, to getting funded by a seed-stageinstitutional VC, has become the valley of death — littered with companies that just simply could not get off the ground with little fanfare, attention, or data.”
With 2014 being a massive year for tech M&A, some of the Series A crunch concerns have been alleviated by the availability of early stage “acqui-hire” exits; as Jacob Mullins notes in Business Insider, “Google, Facebook, and Twitter cut the path for the acqui-hire and eased the Series A crunch.”
So maybe there is no crunch, or if there is, it isn’t the horrific “valley of death” that some believe. But crunch or no, from my experience it is certainly difficult.
My company, Kinetic Social, raised its Series A in May, 2013 – a combination of equity and venture debt. We raised our Series B in early 2014, all equity and substantially larger ($18 million versus $8 million). And yet, while both were challenging, the Series A was definitely the harder raise.
Why? In our case, there were at least three significant challenges to surmount:
We were out raising money from entirely new investors, pitching our company to venture investors who had barely heard of us.
We were operating in a sector (paid social advertising) that was largely unproven at that time.
We operated in a crowded industry segment with literally dozens of companies (50+ in our space) that had some form of seed or early stage capital… and some that were further along than that. As AdExchanger’s Zach Rogers puts it: “To many, it seems the landscape of social ad buying platforms has been rapidly commoditized … But Kinetic is betting that it’s early innings for social marketing, and that the winners will bring special-sauce optimization to multiple APIs.”
We were indeed betting on the “early innings” concept Zach suggested. Moreover, we were convinced: 1) what we had already built at Kinetic would command an investment from a smart venture capital firm; and 2) Kinetic would stand out from the pack with a clearly differentiated product and solution. In effect, we were going to market to ask (new) investors to pick us as the likely winners in our crowded space.
Fortunately, it worked. But it wasn’t easy. We contacted about 60 firms, pitched to 30 or so, and ended up with three term sheets – all in roughly one year’s time. Our conviction got us through the process – we believed we were on to something substantial. The combination of a talented team and a strong market opportunity propelled us to realize our vision.
It also helped – a lot – that the market for our services began to shift in our direction. In particular, social media advertising began to evolve from being a primarily earned (free) media model to a primarily paid advertising model. And while we weren’t surprised, we spent a long time in 2012 and early 2013 hoping the pace of this change would accelerate. We began to see it in early 2013 – it’s no coincidence that we closed the Series A shortly thereafter.
Bottom line? The Series A is hard, but raising it simply means you must prove that you have something real. Once you do this, once you prove that there is a bona fide market opportunity for your idea, there is smart capital out there to back your enterprise.
Don Mathis is the CEO and Co-Founder of Kinetic Social, a social data and technology company focused on making sense of the world’s social signal. He also serves in the US Navy on reserve duty, where he is an Expeditionary Combat Logistics & Anti-Terrorism Officer.
Most brand conversations about reaching consumers on social media start with Facebook and Twitter, and stop after those two. But there’s another fast-growing platform brands should consider — Pinterest. With its simple and visual-driven interface, the platform has grown its active users by 111% in the past six months.
With all that growth, brands naturally want to be part of Pinterest, to reach those who use the platform as a mirror that reflects their aesthetic sensibilities and interests as they evolve. Pinterest is experimenting with products that help marketers tap into its audience, while racing against other social platforms, including the Facebook-owned Instagram. 2015 will be the year to see if Pinterest can develop into a must-have for brand marketers.
Imagine the cybercriminal and what comes to mind? Do you think of a disaffected hacker with an ax to grind? A tech geek with a sociopathic streak, getting a thrill from outsmarting unwitting victims with his computer exploits? You wouldn’t necessarily be wrong, according to cybercrime and criminal justice experts.
Now imagine the committed cyber terrorist, operating under the justification of a violent ideology or misbegotten crusade. This hypothetical person may look a lot like the first… with perhaps a black banner of jihad unfurled behind him.
The evidence for a link between cybercrime and cyber terrorism is growing. The common element is, in substantial part, the kind of technology skills required to plan, coordinate and launch a cyber attack; the techniques are similar no matter the intent, whether an attack is launched as part of a criminal enterprise or as an effort to bring down a key component of a nation’s critical infrastructure. Examples of cybercriminal / terrorist cross-pollination include (but are certainly not limited to):
Phishing (and spear fishing) attacks can be used to dupe an unwitting consumer into surrendering personally identifiable information, which in turn can be used to clean out a bank account … or to create an effective false identity to enable cross-border movement. According to identity fraud expert Judith Collins, “All acts of terrorism enacted against the United States have been facilitated with the use of a fake or stolen identity,” with 5% of all identity thieves connected to terrorism and 2% specifically to Al-Qaeda.
Malware can be used to siphon traffic and data for illicit internet advertising … or to affect a devastating attack on critical infrastructure like a power grid.
Bot-nets can be used to disseminate that malware … and/or for extortion, a Distributed Denial Of Service Attack (DDoS), or other destructive behavior.
Hacking into protected computer systems can serve multiple objectives from criminal to terroristic.
Nor is the issue limited to cyber terrorist exploits specifically: cybercrime can be used to generate financing for terrorist activity in the same way that drug smuggling or human trafficking does. And as detailed by the IMF, it offers terrorist organizations a means of transferring and laundering funds.
As the links between criminals driven by greed and terrorists driven by violent ideology grows, the question for those charged with fighting both – indeed, for all of us – is, how do we stop it? And the first step in stopping it is, do we even recognize that these links exist?
Does law enforcement recognize the link between cybercrime and cyber terrorism?
The general approach to policing and/or combating most forms of illicit activity has its roots in an earlier, pre-internet era. Indeed, much earlier: the modern police philosophy that we recognize today grew out of efforts in the 18th and 19th centuries to explicitly separate the spheres of military and law enforcement activity, concurrent with the evolution of Enlightenment notions of citizenship versus subject.* As a result of the evolution of modern criminal justice / law enforcement doctrine and philosophy, we entered the post-9/11 period with a fragmented approach to the cyber threat. Counter terrorism agencies were trained to look for and disrupt violent jihadist networks … not digital fraud. Agencies like the Federal Trade Commission or State Attorney Generals on the other hand were created to protect consumer rights … not to stop terrorism.
Unfortunately, today’s cyber bad guys do not necessarily observe the niceties of such boundaries between the realms of war, crime and fraud.
“The problems of organized crime and terrorism were often considered separate phenomena prior to the September 11th attacks,” writes lawyer and criminology researcher Frank Perri. “Security studies, military and law enforcement seminars discussed the emerging threat of transnational organized crime or terrorism, but the important links between the two were rarely made…” (Frank S. Perri and Richard G. Brody in the Journal of Money Laundering Control, emphasis added).
Cyber Broken Windows
Can a cyber “Broken Windows” approach help cope with the blurring line between cybercrime and cyber terrorism? Most people are familiar with the “Broken Windows” theory of criminology (James Q. Wilson and George L. Kelling). Greatly simplified, the theory suggests that by maintaining law and order and prosecuting minor offenses such as vandalism, more serious crime might be headed off or prevented entirely as a result.
In the cyber version of Broken Windows, the theory could be interpreted to mean that cyber fraud begets cybercrime, and cybercrime facilitates cyber (and real world) terrorism. From a security services and law enforcement perspective, this approach would only work if there is coordination of effort to combat this spectrum of illicit cyber activity.
There is evidence that this is precisely the approach that is being increasingly adopted by key government agencies – i.e., the development of a more sophisticated understanding of the nexus between cybercrime and terrorism. As a result, the patchwork of enforcement and prevention efforts is (slowly) being knitted together. In the U.S., this increasingly integrated approach is being spearheaded by the Departments of Justice and Homeland Security, leveraging organizational structures such as the National Cyber Investigative Joint Task Force and the National Counterterrorism Center.
In particular, the Federal Bureau of Investigation (FBI) stands as a powerful example of an agency that is working to reduce the “silo-effect”. I had the opportunity to see elements of this first hand, as part of a cybersecurity company called Online Intelligence that worked to combat cyber fraud. Facilitated by a colleague who is a former FBI Special Agent and cybercrime specialist – as well as my own anti-terrorism background in the U.S. Navy – we first met with the FBI about five years ago, providing an opportunity to observe an inter agency and public-private approach, one that better takes a holistic approach to the multi-headed cyber threat. FBI Director Robert Mueller pioneered this revolutionary shift in strategy and operations at the nation’s leading law enforcement agency shortly after the 9/11 attacks, and Director James Comely has continued it. Under their leadership, the FBI has transformed from a nearly exclusive crime fighting footing into an integrated counter-terrorism agency which also facilitates cyber attack prevention – no matter the intent.
This concept of preventing attacks and safeguarding people and assets has required the adoption of a different mind-set, a substantial paradigm and cultural shift at the Agency: one that looks to disrupt and interdict attacks as well as to solve crimes that have already occurred. And today, after over a decade of effort to reorient itself, the FBI is perhaps the best positioned federal agency in the United States to break down the silos and connect the dots between cyber fraud, cybercrime and terrorism.
The cyber realm: borderless opportunity for good … and evil
The cyber realm is characterized by a perceived sense of statelessness, of few or no rules regulating a growing transnational digital society. There are clear benefits that flow from the openness and borderless nature of the Internet. But there are costs as well; the cyber world is one where criminals and terrorists can interact more easily than in the physical world, sharing techniques and exploits. Like an unlit alley in a dangerous urban landscape, black hat forums and dark internet meeting hubs provide effective environments for the bad guys to “meet” and learn from each other, often with impunity.
The increasing prevalence of cybercrime should raise red flags around the risks of cyber terrorism. According to Peter W. Singer of the Brookings Institution, 97% of the Fortune 500 companies having been hacked. FBI Director James Comey has said, “there are two kinds of big companies in America: those who have been hacked…and those who don’t know they’ve been hacked.” And as the United Nations put it in its report Cybersecurity: A global issue demanding a global approach: “cybercrime has now become a business which exceeds a trillion dollars a year in online fraud, identity theft, and lost intellectual property, affecting millions of people around the world, as well as countless businesses and the Governments of every nation.”
This phenomenon will become more, not less pronounced over time: the motivation for both terror and crime are not going away, and the opportunity to exploit a common tool set to engage in both increases as technology (exponentially) develops. Our best and most effective defense is recognizing the convergence of cybercrime and terrorism; protecting ourselves from its effects; and interdicting it where we can. Policing systems developed over generations must continue to evolve to effectively meet the threat. A collective, integrated and coordinated approach is required across a range of players, public and private – one that involves collaborative efforts at the law enforcement and counter terrorism level, and one that involves the private sector stepping up to safeguard our systems and networks from attack.
Recognizing this growing and converging threat is unsettling. Mitigating it will be costly in terms of effort and resources. But the consequences if we fail to do so will be far worse.
Don Mathis is a Cybersecurity Specialist and Naval Officer in the reserve. He is also the CEO and Co-Founder of Kinetic, a social data and technology company.
* The topic of policing theory and development is a separate one, worthy of much more attention than can be provided by the scope of this blog. I had the extraordinary opportunity to write my thesis with Hsi-Huey Liang, Professor at Vassar College, shortly before his retirement; Dr. Liang was the author of The Rise of Modern Police and the European State System, and his historical analysis of the subject is an excellent treatment among other things of the connection between domestic order, security, the concept of citizenship and social progress.