Cashing In On Cyber Security

Who?s really reading Your email? I bet you?d like to know!

Another day, another hack attack.

Today we learned that 5.6 million fingerprint records kept by the Office of Personal Management were recently stolen.

This is the agency that functions as the US government?s human resources department, maintaining records on 21.5 million current and former employees.

The timing couldn?t be more inauspicious, as the announcement was made during a visit by Chinese President Xi Jinping, whose military was almost certainly the origin of the attack.

Great! Now the enemy has the fingerprints of every FBI and CIA agent!

There must be a way to make money out of this.

Wait! There is!

Palo Alto Networks (PANW) is a San Francisco Bay area cyber security company that offers companies and governments an innovative firewall platform solution for big, network wide security problems.

In the P&L sweet spot they are.

I know the company well, and have been recommending to my followers that they buy the shares for the past year, during which time it tripled.

What? You want me to buy a stock that has just tripled?

No, I have not just started smoking California’s largest agricultural product (no, it?s not almonds or grapes).

By chance, I happened across a senior officer of the Palo Alto Networks at a dinner party last week. Prospects for the firm are booming, with sale growth running at a torrid 30% YOY rate.

Yet, (PANW) has only 10% market share of an industry that is currently exploding. This is an aggressive, extremely well managed $15 billion company that is about to become a $150 billion company.

Keeping in contact with the Joint Chiefs of Staff on a weekly basis, I am constantly concerned at how serious the cyber security threat has become, yet how little understood it is by the public.

You don?t have to go any further than the management of Sony (SNE), one of the world?s largest multinationals, which was almost wiped out last November by hackers from one of the poorest and most backward countries in the world.

Upset by the take down of their leader, Kim Jong-un, in a low budget comedy, The Interview, North Korean hackers were able to bring the firm to its knees.

They downloaded the entire contents of Sony?s hard drives, leaking the juicy parts to online journalists (Angelina Jolie?s pay, etc.), and then wiped them clean, destroying some 3,000 computers and 8000 servers. It was the hacking equivalent of a full-scale nuclear attack.

Sony had to revert to snail mail, couriers, and landline telephone calls to survive. They couldn?t even pay their employees. Some $6 billion in market capitalization was wiped out.

Now here is the scary part.

The FBI has confided in me that if the S&P 500 were subjected to a Sony level attack, 90% are unlikely to survive. And the Sony attack was actually a primitive, simplistic, low-level attack.

A lot of countries don?t like the United States for any number of reasons. Now they can do something about it. That is a problem. And a market.

Palo Alto maintains the world?s largest database of viruses and malware. That enabled it to trace the Sony attack to the Hermit Kingdom within hours.

It contained several lines of code that were identical to the ?Dark Soul? attack against South Korean banks in 2013, which incinerated 40,000 bank computers and caused $700 million worth of damages.

What the Sony attack revealed was a long history of massive under investment in cyber security by corporations and governments in the US, Europe, and Asia.

The potential future market for cyber security products and services is being wildly underestimated.

The great irony here is that the attack is not against systems, which are usually pretty secure. It is their human users that have become the problem.

Unfortunately, we are have become familiar with ?spoofing? emails where an innocuous email asks the user to ?click here? for an Adobe upgrade, a notice from Yahoo, or a request from PayPal to update your password.

Do so, and you invite lines of code that will eventually make it to your system administrator. Once they have his password, they can access or do anything.

Don?t think only dummies fall for this.

My friend, retired FBI chief Robert Mueller, had his personal account at the Bank of America cleaned out in a similar fashion. What was unusual in his case, they caught the transgressor, after a huge expenditure of bureau resources.

(Hint: if an incoming email appears the slightest bit suspicious, hover your mouse over the sender?s name, and the sending email address will appear. If it looks anything but belt and braces safe, don?t open it and mark it as SPAM. Especial watch for the last three letter of the address, which are always a tip off).

The FBI estimates that there are up to 10,000 hackers in the world with the capability of a Sony level attack, many operating from China, Russia, Eastern Europe, or other locations beyond the reach of US extradition treaties.

The global cyber war has been going on for about 15 years now, and the public hears very little of it.

In recent years, Iran attacked Saudi Arabia?s Aramco, destroying 30,000 computers, and briefly shutting down a portion of the country?s oil production.

A major attack was launched against the Venetian Hotel in Las Vegas, which is owned by prominent Israel supporter and major Republican Party contributor, Sheldon Adelson.

There is a happy ending to this piece. You don?t need to place your entire wealth into gold bricks and bury them in the backyard to keep it safe.

If North Korea is a bicycle in the hacking arms race, the US is the F-35 Lightening next generation stealth fighter.

We are winning the cyber war hands down, but you?d never know it. This is a war fought silently, online, and in dark shadows.

President Obama in fact authorized a measured counter attack on North Korea?s information infrastructure, which proved devastating. But it was only a pinprick relative to what we could have done.

Our real cyber weapons are reserved for an actual shooting war sometime in the future. That?s to prevent the enemy from learning our true capabilities and preparing for them.

Imagine a country trying to defend itself with snail mail, couriers, and landline telephone calls from an American assault. Think the Sony attack times 10,000. Nothing would work.

It couldn?t be done.

Congress has so far refused to fund a substantial increase in America?s cyber warfare arsenal, preferring instead to spend money on old heavy metal weapons systems, like aircraft carriers, tanks, and the above mentioned F-35.

It?s all about sucking money out of Washington to create local jobs in red states to win elections. A stepped up cyber program would focus money almost entirely in Silicon Valley.

Don?t want to do that!

This is how General George Armstrong Custer was sent to the Battle of the Little Big Horn with antiquated 16 year old Civil War trapdoor Springfield carbines, while the Sioux had state of the art Winchester ?yellow boy? repeaters.

And we know how that one turned out!

But don?t get mad. Get even. Take another look at Palo Alto Networks, FireEye (FEYE), and the Pure Funds ISE Cyber Security ETF (HACK).

PANW 9-24-15

SNE 9-24-15

SPX 9-24-15

HACK 9-24-15

Kim Jong-unGuess Who May Be Looking at Your Records