Government-to-government cooperation on homeland security cyberdefense between the US and Israel is spiking, Merlin Cyber founder David Phelps has said in an interview.
During Phelp’s visit to Israel following a parallel visit by the US Department of Homeland Security to the Jewish state earlier this summer, he discussed the implications of US President Joe Biden’s executive order opening new US federal cybersecurity contracts to Israeli companies, estimated to be worth $200 billion.
He said that Biden’s order opened up new opportunities for start-ups around cloud security, software supply chain, and zero trust access to systems by pushing the federal government to more aggressively pursue adopting these types of solutions and to provide policies and standards around them.
Phelps said he works “Day to day with the Department of Homeland Security across a number of components, especially CISA [the Cybersecurity and Infrastructure Security Agency]. We work with them both at senior levels” and at the implementation levels, including helping the agency decide which technologies to acquire and how to integrate them.
But now there is an “increasingly pressing need for effective data protection in today’s uncertain world,” he said, noting the “special role of Israeli cyber technology in filling this need.”
Israeli cyber firms involved
He gave two examples of Israeli cyber firms, among others, already deeply involved in these processes and which he and Merlin assisted in breaking in.
With both CyberArk and Forescout, Merlin has helped the companies to expand deployments of their software across Federal agencies to address gaps around access management and asset visibility and control.
Forescount is focused on network security, but cyberdefense firms assist the US government with managing cyber events, identity security of employees and other issues. Three other Israeli firms which Merlin helped to penetrate into the US government market are Palo Alto Networks and Sepio Systems.
One agency Phelps discussed was the Department of Veteran Affairs, where outside companies are assisting with securing veterans’ personal healthcare digital data
Penetrating the US government cyber market is still a big challenge for start-ups because “it requires a strong presence in the region and readiness for the long sales cycles that come with selling to bureaucratic institutions.”
Further, while he said it was “not simple to convince some branches of the US government to adopt foreign technologies, it isn’t impossible either.”
Awareness of cybersecurity
ADDRESSING GOVERNMENT employees’ and the general public’s awareness of cyber vulnerabilities, Phelps said that there is “a little more awareness than in the past.”
When US consumers are directly affected, such as during the hack of the Colonial Pipeline Company, awareness grows because they think about “how cybersecurity can affect energy, can affect fuel prices.”
While adding that so far most of America’s infrastructure has not been hit hard by cyberattacks, many Americans unfortunately still do not see the cybersecurity threat as “front and center,” he said.
The job of his firm is to stay “ahead of the curve,” Phelps said, regardless of how aware the public may be.
Despite some important successes by the Biden administration in multiple rounds of creating new cyber duties and reporting rules for agencies and companies, the cyber expert said that fixing gaps “takes time to roll out initially across the government.”
Besides greater attentiveness to securing cyber supply chains generally, he said it is positive that “people want more insight into what they are buying” regarding their digital infrastructure.
Another challenge Phelps acknowledged was how reliant the US and the West have been and still are on Chinese technology products – this at a time of a technology race between the countries.
It will take a while before the US government and the broader American public are able to reduce their dependence on Chinese appliances, products built into cars and a variety of other technologies, he said.
It is unclear how many years it will take the US government to adjust, Phelps said, with a lot depending on shifting investments in manufacturing physical technologies, but that getting the US less reliant on China was well under way.
Phelps developed a deep understanding of the federal marketplace during his 25-year career, which included service in the US Navy and industry positions with Ford Aerospace, Martin Marietta, Loral Aerospace, and The Aerospace Corporation. By combining his extensive background in satellite command and control, ground systems design and development, and high-performance computing with an extremely successful business model, he has turned Merlin into one of the fastest-growing privately held companies in the United States.
Merlin Ventures, the investment arm of Merlin Cyber, has an office in Tel Aviv dedicated to “sourcing Israeli technology and enabling cybersecurity companies to accelerate their scaling-up and sell to the American federal market at an earlier stage than before.”