Next Investors logo grey

WhiteHawk fronts US Department of Defense Cyber Command


Published 04-SEP-2019 09:27 A.M.


5 minute read

Hey! Looks like you have stumbled on the section of our website where we have archived articles from our old business model.

In 2019 the original founding team returned to run Next Investors, we changed our business model to only write about stocks we carefully research and are invested in for the long term.

The below articles were written under our previous business model. We have kept these articles online here for your reference.

Our new mission is to build a high performing ASX micro cap investment portfolio and share our research, analysis and investment strategy with our readers.

Click Here to View Latest Articles

ASX cybersecurity junior, WhiteHawk Ltd (ASX:WHK) has today provided a company update reporting revenue from three earlier signed contracts and that has engaged in two proofs of value agreements.

The company has received revenues of US$360,000 (A$536k) during the current quarter from three contracts. The three contracts to provide WhiteHawk’s 360 Cyber Risk Framework are an extension with a top 10 US financial institution, another contract extension with a top 12 Defense Industrial Base (DIB) company, and on a US federal government department Chief Information Office (CIO) contract.

In its half year report earlier this week, WhiteHawk reported that first half 2019 revenue was up 18% from the corresponding period last year to US$284,870, which, however, does not include that US$360,000 since received.

WhiteHawk customer, the US Department of Defense (DoD), has an ambitious schedule for a serious overhaul of the way it monitors and enforces cybersecurity within its Defense Industrial Base (DIB).

The DoD is bringing in a new cyber assessment program — the Cybersecurity Maturity Model Certification (CMMC) standard — for contractors, a standard that is expected to be in place within a year.

Under the CMMC, all contractors and subcontractors, whether they deal with sensitive information or not, will have their cyber acumen scored on a scale of 1 to 5. Likewise, every Defense contract will use the same scale to stipulate which companies are allowed to bid.

This means the entire US industrial base of 300,000 contractors will have to be certified in order to continue doing business with the DoD.

This move comes in response to the US losing $600 billion every year to its adversaries in exfiltrations, data rights, and R&D loss.

Additionally, the DoD has designated cybersecurity as an ‘allowable cost’ on certain types of contracts, meaning that the DoD is telling its vendors that the government, in some cases, will pay for their cybersecurity.

WHK a top 5 submission in US Cyber Command challenge

In seeking to identify innovative commercial solutions for measuring and monitoring the cyber resilience of DoD contractors, US Cyber Command (USCYBERCOM), through its accelerator counterpart, DreamPort, released a Request for Proposal (RFP) to identify solutions with automated cyber risk collection and analysis methods.

WhiteHawk was selected and acknowledged as one of the top five submissions. This recognition earned the company an opportunity for a face-to-face demonstration with US Department of Defense Cyber Procurement leads on 27 August.

This recognition provides a strategic opportunity for sourcing on future department contracts and has the potential to lead to larger long-term opportunities. Plus, it will make WhiteHawk more accessible to agencies that wish to fast track cyber risk mitigation service contracting and fast track the typical government RFP process.

WhiteHawk’s selection is also further validation of its comprehensive 360 Cyber Risk Framework, that includes continuous monitoring, alerting and mitigation of business and cyber risks for supply chain and vendor companies in real time.

The winner of this US Defense Industrial Base (DIB) outreach challenge will receive US$25,000 (A$37,000) in prize money — though the real value is the exposure to USCYBERCOM and DoD high profile government departments and agencies. The winner is expected to be announced in coming weeks.

Terry Roberts, Executive Chair of WhiteHawk, commented, “This opportunity to demonstrate our integration and scaling of commercial cyber risk monitoring and mitigation across U.S. Department of Defense contractors and suppliers is an opportunity and body of work we have focused on for several years. We know the integrated SaaS offering we have is unique and impactful, because we still vet 2-3 new innovative vendor capabilities every week.”

'Proof of Value' with prestigious global insurance leader

Today’s update also revealed that WhiteHawk has engaged with a prestigious global insurance leader in a proof of value agreement that could lead to larger long-term opportunities and has potential for long-term value. However, due to sensitivity of cybersecurity work, the name of the organisation cannot be revealed.

We do know that WhiteHawk has been working with this insurance leader to conduct a proof of value 360 Cyber Risk Framework for up to 10 of their current suppliers. These suppliers offer a diverse set of products and services, including cloud, technology, software, banking, finance, industrial consulting, and professional services.

The insights garnered through the 360 Cyber Risk Framework can help this target customer develop a meaningful, long term, company-wide Vendor Risk Management program, to improve its cyber resiliency and that of hundreds of its current and future suppliers.

This proof of value incorporates the Interos business risk platform, the newly automated WhiteHawk Cyber Risk Scorecards and the advanced CyberOne Vendor Risk Module.

The target customer will receive WhiteHawk Cyber Risk Scorecards for all vendors within the proof of value, as well as a Cyber Risk Portfolio Report which identifies key vulnerability trends across the group of companies. These reports will provide additional insights based on WhiteHawk cyber analysts performing cyber intelligence analytics on the raw data collected from the security rating providers.

Additionally, the customer will have access to an integrated Vendor Risk Management (VRM) Dashborad from partner CyberOne, which will serve as a central location to track supplier risk status and mitigation activities, including the implementation of cyber risk controls.

“As with any other major global enterprise, vendor risk is very real to the insurance industry. We know our automated, integrated and scalable approach can enable Insurance Groups to identify and mitigate cyber and business risks in near real time,” Roberts said.

General Information Only

S3 Consortium Pty Ltd (S3, ‘we’, ‘us’, ‘our’) (CAR No. 433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information and is for informational purposes only. Any advice is general advice only. Any advice contained in this article does not constitute personal advice and S3 has not taken into consideration your personal objectives, financial situation or needs. Please seek your own independent professional advice before making any financial investment decision. Those persons acting upon information contained in this article do so entirely at their own risk.

Conflicts of Interest Notice

S3 and its associated entities may hold investments in companies featured in its articles, including through being paid in the securities of the companies we provide commentary on. We disclose the securities held in relation to a particular company that we provide commentary on. Refer to our Disclosure Policy for information on our self-imposed trading blackouts, hold conditions and de-risking (sell conditions) which seek to mitigate against any potential conflicts of interest.

Publication Notice and Disclaimer

The information contained in this article is current as at the publication date. At the time of publishing, the information contained in this article is based on sources which are available in the public domain that we consider to be reliable, and our own analysis of those sources. The views of the author may not reflect the views of the AFSL holder. Any decision by you to purchase securities in the companies featured in this article should be done so after you have sought your own independent professional advice regarding this information and made your own inquiries as to the validity of any information in this article.

Any forward-looking statements contained in this article are not guarantees or predictions of future performance, and involve known and unknown risks, uncertainties and other factors, many of which are beyond our control, and which may cause actual results or performance of companies featured to differ materially from those expressed in the statements contained in this article. S3 cannot and does not give any assurance that the results or performance expressed or implied by any forward-looking statements contained in this article will actually occur and readers are cautioned not to put undue reliance on forward-looking statements.

This article may include references to our past investing performance. Past performance is not a reliable indicator of our future investing performance.