WhiteHawk fronts US Department of Defense Cyber Command

ASX cybersecurity junior, WhiteHawk Ltd (ASX:WHK) has today provided a company update reporting revenue from three earlier signed contracts and that has engaged in two proofs of value agreements.

The company has received revenues of US$360,000 (A$536k) during the current quarter from three contracts. The three contracts to provide WhiteHawk’s 360 Cyber Risk Framework are an extension with a top 10 US financial institution, another contract extension with a top 12 Defense Industrial Base (DIB) company, and on a US federal government department Chief Information Office (CIO) contract.

In its half year report earlier this week, WhiteHawk reported that first half 2019 revenue was up 18% from the corresponding period last year to US$284,870, which, however, does not include that US$360,000 since received.

WhiteHawk customer, the US Department of Defense (DoD), has an ambitious schedule for a serious overhaul of the way it monitors and enforces cybersecurity within its Defense Industrial Base (DIB).

The DoD is bringing in a new cyber assessment program — the Cybersecurity Maturity Model Certification (CMMC) standard — for contractors, a standard that is expected to be in place within a year.

Under the CMMC, all contractors and subcontractors, whether they deal with sensitive information or not, will have their cyber acumen scored on a scale of 1 to 5. Likewise, every Defense contract will use the same scale to stipulate which companies are allowed to bid.

This means the entire US industrial base of 300,000 contractors will have to be certified in order to continue doing business with the DoD.

This move comes in response to the US losing $600 billion every year to its adversaries in exfiltrations, data rights, and R&D loss.

Additionally, the DoD has designated cybersecurity as an ‘allowable cost’ on certain types of contracts, meaning that the DoD is telling its vendors that the government, in some cases, will pay for their cybersecurity.

WHK a top 5 submission in US Cyber Command challenge

In seeking to identify innovative commercial solutions for measuring and monitoring the cyber resilience of DoD contractors, US Cyber Command (USCYBERCOM), through its accelerator counterpart, DreamPort, released a Request for Proposal (RFP) to identify solutions with automated cyber risk collection and analysis methods.

WhiteHawk was selected and acknowledged as one of the top five submissions. This recognition earned the company an opportunity for a face-to-face demonstration with US Department of Defense Cyber Procurement leads on 27 August.

This recognition provides a strategic opportunity for sourcing on future department contracts and has the potential to lead to larger long-term opportunities. Plus, it will make WhiteHawk more accessible to agencies that wish to fast track cyber risk mitigation service contracting and fast track the typical government RFP process.

WhiteHawk’s selection is also further validation of its comprehensive 360 Cyber Risk Framework, that includes continuous monitoring, alerting and mitigation of business and cyber risks for supply chain and vendor companies in real time.

The winner of this US Defense Industrial Base (DIB) outreach challenge will receive US$25,000 (A$37,000) in prize money — though the real value is the exposure to USCYBERCOM and DoD high profile government departments and agencies. The winner is expected to be announced in coming weeks.

Terry Roberts, Executive Chair of WhiteHawk, commented, “This opportunity to demonstrate our integration and scaling of commercial cyber risk monitoring and mitigation across U.S. Department of Defense contractors and suppliers is an opportunity and body of work we have focused on for several years. We know the integrated SaaS offering we have is unique and impactful, because we still vet 2-3 new innovative vendor capabilities every week.”

'Proof of Value' with prestigious global insurance leader

Today’s update also revealed that WhiteHawk has engaged with a prestigious global insurance leader in a proof of value agreement that could lead to larger long-term opportunities and has potential for long-term value. However, due to sensitivity of cybersecurity work, the name of the organisation cannot be revealed.

We do know that WhiteHawk has been working with this insurance leader to conduct a proof of value 360 Cyber Risk Framework for up to 10 of their current suppliers. These suppliers offer a diverse set of products and services, including cloud, technology, software, banking, finance, industrial consulting, and professional services.

The insights garnered through the 360 Cyber Risk Framework can help this target customer develop a meaningful, long term, company-wide Vendor Risk Management program, to improve its cyber resiliency and that of hundreds of its current and future suppliers.

This proof of value incorporates the Interos business risk platform, the newly automated WhiteHawk Cyber Risk Scorecards and the advanced CyberOne Vendor Risk Module.

The target customer will receive WhiteHawk Cyber Risk Scorecards for all vendors within the proof of value, as well as a Cyber Risk Portfolio Report which identifies key vulnerability trends across the group of companies. These reports will provide additional insights based on WhiteHawk cyber analysts performing cyber intelligence analytics on the raw data collected from the security rating providers.

Additionally, the customer will have access to an integrated Vendor Risk Management (VRM) Dashborad from partner CyberOne, which will serve as a central location to track supplier risk status and mitigation activities, including the implementation of cyber risk controls.

“As with any other major global enterprise, vendor risk is very real to the insurance industry. We know our automated, integrated and scalable approach can enable Insurance Groups to identify and mitigate cyber and business risks in near real time,” Roberts said.