Why Cybersecurity is National Security

Explore the crucial connection between cybersecurity and national security in developed nations. Cybersecurity is not only important for protecting personal information but also for safeguarding a nation's critical infrastructure, economy, and public safety.

This piece is a collaboration post I did with TFX Capital, an early-stage venture capital firm focused on supporting veteran-led founders and startups. I helped write this piece with the other members of TFX's Cybersecurity Industry Advisory Board. You can find the original post here:

The increasing dependence on technology and interconnected infrastructure—spanning transportation, communication, energy, and more—has amplified the importance of cybersecurity in ensuring national security. We witnessed a prime example of this in the extensive cyber attacks that Russia has made on the Ukrainian government, civilian, and commercial infrastructure networks. Meanwhile, businesses in the U.S. have battled nation-state, mercenary, and ordinary criminal cyber attacks for the past two decades. At TFX, we continue to see attractive Cybersecurity investment opportunities as we deploy our third fund – read more below on this focused sector for TFX or contact us to learn more about joining us for Fund III.

A successful cyber attack on one sector could have far-reaching consequences for the nation’s security, economy, and public safety. That’s why identifying the potential vulnerabilities in these interconnected infrastructures and coordinating our defense mechanisms is critical.

The threats beg the question: Where is the line between corporate cybersecurity and overall national security?

The White House began an answer to this last month with the launch of its National Cybersecurity Strategy, which aims to create a more coordinated, intentional, and resourced approach to state and non-state cyber threats. And cybersecurity startups and investors are key players in these efforts as they help develop new solutions to help improve our national and corporate security.

A National Strategy

Improving information sharing between the public and private sectors is critical to our country’s defense. In fact, the administration says that:

The private sector’s visibility to nation-state threats is “broader and more detailed than that of the Federal Government, due in part to the sheer scale of the private sector and its threat hunting operations, but also due to the rapid pace of innovation in tooling and capabilities.”

-White House National Cybersecurity Strategy, March 2023

The national strategy encourages private and public sector partners to come together via nonprofits that serve as collaboration hubs. These “nimble, temporary cells … share information bidirectionally and work rapidly to disrupt adversaries.” Organizations like MITRE have already done a great job of this and created tools such as the ATT@CK framework, which TFX portfolio company Tidal Cyber is commercializing at scale.

Most of the national strategy aims at incentivizing private sector involvement; however, there may also be some consequences for companies that don’t take cybersecurity seriously. According to the New York Times, the policy recommends regulations requiring companies to implement minimum cybersecurity measures for critical infrastructure. The strategy also suggests that companies may be liable for breaches that result from poorly secured code.

What This Means for Investors

The global market for cybersecurity is set to grow by 9% annually to $266 billion through 2027, attracting scores of entrepreneurs who aim to build solutions for companies under constant attack. For investors, the question is which of these startups is going to best capitalize on the growing cybersecurity need and opportunity?

As you evaluate companies for potential investment, consider the following:

  • The cybersecurity expertise of the founding team. Prior government cybersecurity service, whether in the military or intelligence community, coupled with private sector experience, is ideal. You want to identify teams that have experienced the problem firsthand and have the network to begin selling and scaling. They need to be able to explain the technical solution to a non-technical audience.

  • Whether the product solves a critical pain point for CISOs. With CISOs suffering from alert and tool fatigue, the startup’s product must help increase a customer’s security and optimize the threat technology stack. For example, consider: - Can the product unlock existing capabilities not being leveraged and/or replace multiple tools while enhancing security? - Is the product a feature or a platform on which a company can be built?

  • How easy—and costly— it is to deploy the product. While cybersecurity spending continues to increase, CISOs and CFOs are closely monitoring the overall spending. To get traction in the current environment, startups will need to quantify the cost-benefit of deploying their products.

  • The power of dual-use investing. Dual-use investing supports innovative cybersecurity solutions with applications in national security and commercial sectors. The approach strengthens national security by fostering cross-sector collaboration and innovation, ensuring a robust cybersecurity ecosystem. By fostering a dual-use ecosystem, nations can enhance their cybersecurity capabilities while driving innovation and growth in the sector.

The Founder's Point of View

For founders, the cybersecurity market represents a significant opportunity and some fierce competition. To hold the attention of CISOs, consider the following:

  • Know your audience. For CISOs, evaluating the sheer volume of cybersecurity vendors and the market landscape is nothing short of overwhelming, especially as they’re also managing their daily work commitments. With CISO's attention at a premium, founders must refine their pitches to demonstrate their value proposition and provable differentiation and be brutally honest about speed, execution, and scalability.

  • Every dollar matters. CISOs scrutinize their operational and investment spend, and they must defend and account for each dollar to CIOs, CEOs, and Boards of Directors. Founders should convey the value of their startup and then help CISOs convey that value to the C-suite. Help them demonstrate how your product can provide efficiencies, reduce costs or add value.

  • The additional value your product offers. CISOs must do more with less—that begins by asking tough questions about their control stack. For example, is an additional tool necessary, or can a current one be used more fully? For founders, think about how your tool, product, or service will compete. Automation of tasks or visibility into other parts of the business may have more value to a CISO than the primary purpose of your tool. In addition, look for the opportunity to work with a channel partner with established relationships and existing service agreements, which drastically reduces long sales cycles with a potential customer.

The Cybersecurity Opportunity

In an era of cyber warfare, cybersecurity is national security. All the efforts that founders, investors, and business leaders make in their individual and professional lives can help improve our security posture. We are raising our third fund to tackle challenges just like this where former military and national security leaders have a unique advantage. Let’s work together to keep our nation and its businesses safe and secure.

Additional Reading

Here's an additional blog post from Frank Wang on how wars are becoming more digital:

The TL;DR of this issue is:

  1. Digital technology is increasingly weaponized in conflicts, granting substantial advantages to countries that excel in it.

  2. Traditional industries are embracing technology, making digital infrastructure a critical backbone of the global economy.

  3. Disruptions in digital services have significant operational consequences, highlighting the need to protect critical infrastructure.

  4. Current cybersecurity standards are outdated and don't provide adequate security, requiring a shift in approach and mindset.

  5. Cybersecurity should focus on engineering new, secure solutions instead of solely managing risks, which necessitates a change in industry scope.


or to participate.