If ways can be found to better harness the innovation and speed-of-movement of small and medium-size enterprises (SMEs), the benefits to UK defense will be considerable. Last week’s report by former defense procurement minister Philip Dunne is the latest in a long line of studies to highlight the importance of making it easier for SMEs to sell their technologies into Britain’s defense supply chain.

Within defense, there is perhaps no area where this is more important than in cyber: much of the digital environment that constitutes both the operating domain and the threat surface is built, owned, managed and inhabited by private-sector SMEs. Yet over the years the cyberdefense industry appears to have grown in two parallel strands that often appear to be diverging.

One is made up of firms that have been involved in supplying computer-security and information-assurance products and services since the dawn of the personal-computer era, and whose expertise has mostly been gained supplying products oriented toward commercial and private-sector customers. The other is the domain of – usually – larger firms, experienced in delivering defense and security solutions to militaries and government departments.

For SMEs, bridging that gap often means being bought by a prime, which may continue to operate the acquired entity’s products and services as a distinct and separate brand. After Raytheon acquired the long-established Austin, Texas-based Websense in 2015, for example, rather than offering Websense’s products under the Raytheon brand, it established a commercial cybersecurity division called Forcepoint.

“Raytheon International Inc. is working hard and in tandem with our Forcepoint people to ensure that we’re trying to blur that line between the commercial and government markets,” says RII president Chris Davis. “Raytheon International has a broad suite of relationships with our government end-users, and we see a lot of synergy in being able to use those relationships and connections and trust to help blur the line between the commercial cyber and the government markets, and to bring the Forcepoint capabilities into markets where other companies haven’t been able to do it.”

“Probably the biggest reason why you’d partner with a prime is because it’s just not feasible to do it [sell to defense] on your own,” says Jack Chapman, founder and chief technology officer of Cybershield, which helps businesses identify and neutralize the potential harm from phishing emails – the primary means by which cyberattacks successfully penetrate secure networks.

“It’s similar with [the UK] government,” Chapman continues. “There’s 12-plus platforms to go through, and the time it takes for a start-up to get onto and sell to each different platform is staggering at the moment. The other difficulty of selling in to defense is the long tender times. Some of them are a year and a half, two years or more – and there’s still no guarantees. That hurts the start-up.”

Companies like Cybershield, then, face a difficult choice. Supplying to government and defense effectively means partnering with a prime, which carries real risk; but if they choose to stay independent, they will find it very difficult to sell into a large market that has a clear and urgent need for their solution.

“[Partnering with a prime] is not a quick process at all,” Chapman says. “A lot of start-ups think, ‘We need to move really quickly,’ and obviously we do – we need to get those revenue streams in. However, building trust with primes is how you protect yourself: no matter what you do technically, if they want to copy your product, they can, and building that trust takes time.”

Cybershield was one of nine companies selected to be part of the second intake of the Cyber Accelerator program, run by Wayra UK with GCHQ and the National Cyber Security Center (NCSC). The Accelerator awarded each firm £25,000 in funding, mentoring from GCHQ and NCSC experts, and office space near to GCHQ in Cheltenham. Cybershield has also received help and support from other similar programs, and Chapman says the Accelerator has clearly hit the right notes from the SME perspective. His company’s experience suggests that its model may be one the rest of the defense sector could learn from.

“This program did a lot of things right,” Chapman says. “Some initial conversations with people in defense and aerospace we’ve basically been able to have by being on the Accelerator and the opportunities it’s offered. There was a lot of personalization: they put is in touch with loads of experts in our field from GCHQ and the NCSC, and that enabled us to change our offering to maximize its potential.”