Late last week, we got news that the Tsarnaev brothers, had they not been caught, planned to continue their attacks in New York City. What I find most frightening about this whole situation is that the Tsarnaev brothers largely taught themselves bomb making tactics from the internet. This got me thinking about how with all the world's knowledge at one's fingertips one could inflict many different types of terror on innocent civilians. Specifically, I think we need to focus on bio-terrorism and cyber-terrorism, both areas that could inflict major damage on our national economy and psyche.
In this article, I will examine these threats in more detail and try to find companies that can provide useful services to protect us from these threats. Of course, I don't mean to make light of this terrible situation by trying to figure out how to make a buck, but we need to face the facts about these very real problems and find companies that can help us solve these problems.
In October 2001, on the heels of the 9/11 attacks, the country experienced another (but mostly forgotten) terror attack. A terrorist sent seven letters laced with anthrax, in two waves, to prominent media stations and political leaders. These attacks resulted in the deaths of five people and 22 serious illnesses. More recently, a terrorist sent President Obama a letter laced with ricin, another lethal substance. The NIH reports that we have especially high vulnerabilities to bio-terrorism because "all that is required is a request to 'colleagues' at scientific institutions who share their published materials with the rest of the community." Let's not forgot that Khalid Sheikh Mohammed -- the mastermind behind 9/11 -- received an engineering degree from North Carolina State University. The government has taken these threats very seriously: First, it issued an official report in 2008 saying that the U.S. would likely experience a biological attack within the next five years. Second, it more recently bought a huge supply of smallpox medicine from Siga Technologies (SIGA).
One of the specific risks mentioned in the report centered on a repeat of the 1918 flu pandemic, which infected 500 million people and killed between 50 million and 100 million of them. The flu marks one of the most dangerous challenges because -- unlike smallpox or polio, for example -- we currently do not have a vaccine that can cover all subtypes and strains of the flu, making it especially difficult to defend against. That said, Inovio Pharmaceuticals (INO) currently has a vaccine under development that could solve this very serious problem.
Specifically, the flu comes in three different forms: types A, B, and C. These forms have subforms, each of which develop their own unique strains of the flu virus. For this reason, you have to get annual flu shots to protect yourself from the newest type, subtype, and strain of the virus. This wide variety of flu leaves us very vulnerable to attacks by someone manufacturing this disease in a lab. INO has developed a technology that can vaccinate patients with a single shot. It has shown positive Phase 1 results, and the company will continue to more fully develop this technology. Additionally, the company has developed an important relationship with the Department of Defense (DoD), where the DoD has financed INO's early stage operations. This bodes well for two reasons: First, it shows the government's confidence in this program, and second, it sets the stage early for INO to massively commercialize its product.
We have now covered a nice piece of territory as it relates to bio-terrorism, but as we mentioned earlier we also need to worry about cyber-terrorism. In this next section we will explore the threats posed by cyber-terrorism and the companies protecting us from these threats.
Increasingly, companies have begun to move their IT infrastructures away from localized and rigid systems to cloud-based services. In a recent poll, 19% of bank CIOs said they either plan to or already have moved much of their IT to the cloud. With this movement companies gain operating efficiencies, but they also accrue a whole host of liabilities. Specifically, companies operating in the cloud must contend with access controls, data loss prevention, data encryption, and secure virtualization -- just to name a few. Last month we saw firsthand what possible breaches in these systems could do when hackers attacked the IT systems at American Express (AXP). While this attack did not cause any significant damage, we cannot know if AXP will have the same luck the next time around.
Aside from this problem, we also must think about the tremendous risks posed by our national infrastructure systems. Specifically, software powers many parts of the water, electric, and telecommunications systems and an attack in one of these areas could yield devastating results. In fact, between 2009 and 2011 cyber attacks against critical infrastructure increased seventeenfold. President Obama emphasized our vulnerability in his 2013 State of The Union address, and estimates show that by 2020 cybersecurity for our electric grid alone will total $7.25 billion. A PriceWatterhouseCoopers report shows that cybersecurity reached $60 billion in 2011, and according to its estimates will grow by 10% every year until 2020. That is effectively doubling the spend to about $120 billion by the end of the decade.
Symantec (SYMC) represents the purest play in this industry, deriving almost all of its revenue from the software security business. Last year, SYMC generated $6.5 billion in revenue, and $2.5 billion in operating income. Considering the macro trends predicted by PwC, SYMC could also easily see its revenue grow by 50% over the next few years, far outpacing growth in other industries. Additionally, considering its growth prospects SYMC trades relatively cheaply -- only 15x forward P/E -- not the kind of multiple you would expect from a growth company.
With that we have wrapped up our discussion on more exotic terrorist threats, but I would still like to take a moment to discuss another security company I have discussed in previous articles -- Implant Science Corporation (OTCQB:IMSC).
Implant Science Corporation: A Leader in Explosive Trace Detection
Terrorists have a lot of tools at their disposal to carry out their attacks -- guns, explosives, and knives, just to name a few. Law enforcement detects these items through X-ray machines, metal detectors, surveillance cameras, etc. Another less-known method of detection is explosive trace detection (ETD). ETD, as its name suggests, can immediately detect if someone has recently been exposed to explosives. If someone has traces of explosives on their clothes or person, police can identify them as a threat.
IMSC's ETD equipment competes with Smiths Group (OTCPK:SMGKF), L-3 Communications Holdings (LLL), and Safran (OTCPK:SAFRY). The main advantage of IMSC's equipment lies in the fact that it does not use radiation to detect trace explosives, thus limiting maintenance costs and, more importantly, passenger liability. IMSC recently received approval from the TSA, allowing the TSA to use IMSC's equipment in airports. The TSA has a $583 million per year budget on security equipment in general, and rolled out an ambitious $1 billion security program this year. Additionally, Homeland Security Corporation predicts that by 2015 the market for ETD equipment should hit $1 billion, and considering IMSC's recent TSA approval, it could capture a decent part of that market.
IMSC offers investors a compelling entry into the security space, because although the above-mentioned companies have an airport security business, it only makes up a fraction of their total revenue. IMSC has a strong management with deep connections to U.S. and international officials. Things in IMSC-land aren't all rosy, though. Since its TSA approval, IMSC has closed a number of deals, but has yet to announce a major order from the TSA or other large government organization. Lastly, IMSC has persistent liquidity problems due to an unusual financing agreement, and this could either threaten the companies ability to operate as a going concern or severely dilute the equity.
Nonetheless, IMSC remains an attractive company because of its unique technology, pure exposure to the ETD space, and strong management. Investors just need to understand the risks associated with the company.
Investors have many ways to play in the defense space from the speculative -- think IMSC and INO -- to the more well-established, like SYMC. I didn't talk about companies that have more diversified revenue streams, which can give you some exposure to the defense space. We briefly mentioned LLL in the explosives arena, but in the cybersecurity space IBM (IBM) provides a lot of the software for the cloud and critical infrastructure, and has built strong offerings in the cybersecurity space. Finally, in the bio-terror field, both Glaxo (GSK) and Merck (MRK) both have strong vaccine franchises, which they could leverage into more robust offerings.