Reuters

Cybersecurity firms capitalize on attacks

Reuters News Service 
Nov. 12, 2001, 12:29PM 

SAN FRANCISCO - Suicide air attacks on U.S. cities delivered a body-blow to an economy teetering into recession, but they've been a big boost to a once tough sell -- the face, fingerprint and eye-scanning biometric industry.
Looming fear of further attacks on airports, government agencies, even company offices, has boosted the long-neglected sector in ways that years of steady marketing and backing from big-name tech firms such as Microsoft and IBM never did.
To some, it might seem illogical that people would be so worried about computer security when the attacks on New York's World Trade Center and Washington D.C's Pentagon, and the subsequent lethal anthrax scare, had nothing to do with data.

"People reacted by saying 'Wow! We're vulnerable.' And they looked around and said, 'Wow! We're vulnerable everywhere,'" Bruce Schneier, chief technology officer of network monitoring firm Counterpane Internet Security said.
"So people have taken the specifics and generalized them, which, I think, is a good thing," he said.

Biometrics, the science of using unique biological characteristics to identify a person for security purposes, is a hot market after having slumbered in the shadows of the computer security business for decades.

Despite the immediate allure of such science-fiction-like security, biometrics has suffered from the historically high cost of the technology, inadequate success rates and concerns that it could be used to infringe on personal privacy.

But biometrics companies say they've spent years addressing these issues. Now, biometric proponents say, prices are dropping to mainstream levels, ID results are improving and privacy worries are diminishing as security concerns intensify. Already, it is used by the military, banks, government agencies and others requiring extremely high levels of security.

Biometrics has finally come of age, declared Paul Steitz, chief executive of Boston-based start-up Retinal Technologies Inc., which specializes in retina scanning.

"You're going to get a broadening out of biometrics and it's going to become more mainstream," Steitz said. "Any place where plastic magnetic strip cards are used for access. User names and passwords are convenient, but not secure at all," he predicted.

Almost immediately following the airplane hijackings, biometrics became the buzzword du jour, with stocks flying high for companies marketing "counter-terrorism" wares, while other stocks sagged to new lows.
Since Sept. 11, shares of face-recognition system maker Viisage Technology Inc. have quadrupled to $9 from $2, while shares of rival Visionics Corp. have more than doubled to $13 from $5. Desktop computer fingerprint ID company Identix Inc. is up $3 to $7.

Ever the contrarian category, the security sector has received an image boost born of the latest fears. Adding to the impact, the Nimda computer worm hit the Internet just one week after Sept. 11, fusing the separate issues of domestic security from air attacks and electronic security from virtual attacks.

Venture capital money is flowing again, too. Eighteen security-focused tech start-ups received $227 million in venture capital financing for the two months leading up to Nov. 6, according to tracking service VentureReporter.net.

Security and biometrics vendors report increased attention since the attacks, with companies getting new contracts from customers who were previously undecided, existing projects being expedited and with CEO-level executives taking an interest in security instead of leaving it to company techies.

Although corporate spending across the board is down, analysts predict more will be spent proportionally on security than previously. Security will represent about 4 percent of the average corporate information technology budget in 2001 but should rise by 10 percent in 2002 to 4.4 percent, according to John Pescatore of market research firm Gartner Group.
And with the Bush administration proposing to spend $1 billion next year on cyber-security, biometric firms are likely to reap a significant share of that funding.

Bioscrypt Inc., a Sherman Oaks, Calif.-based firm offering fingerprint verification technology, already has contracts with the U.S. Department of Defense, the U.S. Army and NASA, according to Julia Webb, sales and marketing vice president.
Webb predicts that along with biometrics, smart cards with digitized fingerprints on the embedded microchips will begin to take off in the United States, which has been reluctant to use smart cards despite their heavy use in Europe.

Biometrics revenues are expected to leap from $523.9 million this year to $1 billion in 2003 and nearly $2 billion in 2005, according to the International Biometric Group, a New York-based consulting and integration company.
Of the six major types of biometrics, fingerprint scanning accounts for half of the market, followed by face scanning, according to the International Biometric Group.

The two hottest areas in security going forward will be technologies that manage workplace identity and control access, both of which encompass biometrics, said Eric Hemmendinger, research director at Aberdeen Group.
But while he sees a healthy market for niche uses, he worries that hype is leaking into the discussion. He doubts biometrics will find wide acceptance as a tool for screening large volumes of traffic in public venues, for example.
Most biometric systems were built to confirm one-on-one matches rather than pick a match against a huge database of potential criminals, as airport biometric security demands, form example, Hemmendinger said.

"My take on it is (biometric suppliers) are having their 15 minutes of fame. The worst thing that's going to happen is this exposure will prove that the technology won't work in terms of solving the problem," he said of more far-fetched claims.
Claims by companies that they can protect against terrorism are so numerous the U.S. Securities and Exchange Commission even issued an investor warning, Counterpane's Schneier noted.

"As currently deployed, it cannot be relied upon to identify known or suspected terrorists," the International Biometric Group wrote in a paper that concluded that biometric technology could not have prevented the Sept. 11 attacks.