Aggressive cyber tools remain a topic of interest for “a lot of companies” pitching their technology to investors thanks to interest from government agencies and clients trying to test their defensive techniques, according to a former U.S. National Security Agency employee turned investor.
Ron Gula, co-founder of the cyber investment firm Gula Tech Adventures and co-founder of Tenable Network Security, said Monday during CyberWeek, a summit presented by Scoop News Group, that an array of firms seeking investment are developing offensive software tools designed for intelligence agencies, along with federal and local police. Security personnel for years have crafted defensive tools out of known hacking techniques, using everything from phishing tests to leaked CIA hacking tools to hack clients in a way that’s designed to probe their defenses rather than steal data.
Companies pitching this kind of software need to walk the fine line between intelligence gathering and law enforcement. There is a role for private companies specifically focused on this kind of activity, but “there’s a lot of ethical issues, a lot of oversight issues,” he said.
“It’s a really interesting time,” he added.
The sometimes opaque world of private firms providing offensive cybersecurity tools—ranging from penetration testing to other, more intrusive services—has been in the global spotlight this summer, after a global consortium of journalists exposed a list of 50,000 phone numbers allegedly on a list of targets of the NSO Group, the notorious Israeli spyware firm with clients in governments around the world. The reporting revealed that the company’s software tool, Pegasus, had been used to surveil nearly 200 journalists, more than 600 politicians and government officials, 65 business executives, several heads of state, and 85 human rights activists.
That project spurred four House Democrats to call for sanctions against the firm, while the company insists its products are intended to fight crime and terrorism, and that it would investigate any claims of misuse.
Policy at the federal and state levels may or may not be in a place to properly address the current state of technological ability, he added, but it’s not going way. “We have to just track that and see what, as a society, we really want to do.”
Cybersecurity investment more broadly hit an an all-time high in 2020, with more than $7.8 billion invested across 665 deals globally, Crunchbase, a platform tracking private companies and investment prospects, reported in April, with 2021 on track for nearly $15 billion in cybersecurity investments.