Secmation, a North Raleigh cybersecurity company, has 11 employees, and that many additional jobs it is trying to fill. This summer it won a $1.8 million research grant in a military version of Shark Tank; the panel was high-ranking officers and scientists, as opposed to say, Mark Cuban.
Autonomous, self-flying, self-driving vehicles using artificial intelligence are becoming more common. Where autonomy is spreading fast is in leading militaries around the world. The battle space of the future will be dominated by uncrewed systems. At the same time, companies in the private sector are rushing to develop drones and vehicles that can see and think, and AI-guided robot manufacturing systems.
All this networked and autonomous technology is potentially vulnerable to adversaries and bad actors. This is where Secmation comes in. It is focused on providing cybersecurity for autonomous systems — making it hard, for example, to hack military drones on combat missions.
Secmation founder and CEO Hal Aldridge grew up a science fiction fan. He was particularly interested in robotics. “I’m the person they want to create with all the STEM education these days,” he says.
After graduating from Garner High in 1986, he studied electrical engineering at N.C. State. He graduated from N.C. State in 1989 and started a master’s degree program at Purdue. In 1990, he was hired by NASA to work at its Langley Research Center in Hampton, Virginia.
Langley was supporting work from around NASA to develop robotics for space exploration. The International Space Station was in development, and NASA was working on “robonauts” that could help with routine maintenance. Aldridge was deep into the engineering that could enable robots to manipulate tools in a challenging environment. In 1997, after earning a doctorate from Carnegie Mellon, Aldridge transferred to NASA’s Johnson Space Center in Houston, where he continued working on robots as a senior project engineer. In 2000, he left for the private sector, joining defense contractor Northrop Grumman, which was working on the use of robots in nuclear environments and explosive ordnance disposal. As robot technology was advancing, they were increasingly seen as useful in doing, as Aldridge describes it, work that was “dirty, dull, [and] dangerous.”
At the same time, the growth of the Internet and robot networks was creating demand for cybersecurity. A lot of folks around the world were learning how to hijack and sabotage this new autonomous and connected technology, some for strategic reasons, some for profit and some just for kicks. The military was particularly focused on protecting its systems, and an entire industry was growing up around its requirements.
In 2008, Aldridge joined Sypris Electronics in Tampa, Fla., as chief technology officer. Sypris was doing cybersecurity R&D for the military and other government agencies, particularly in UAVs and critical systems. He was there for five years, before deciding to go out on his own.
“I’m sure everybody who has done corporate for long enough has been on a plane coming back from somewhere they didn’t want to be, going ‘Why am I doing this?’” Aldrige recalls. “It was one of those moments in my personal life and corporate life where I was saying, ‘Well, I don’t have to do this.’”
“That’s when I decided that I wanted to do something different, and what that thing that’s different ended up being is Secmation, which was putting together those two parts of my career.” The first part being robotics, and automated systems, and the second part being information security.
Starting your own business is a matter of finding a problem people will pay you to solve. Aldridge knew such a problem. Engineers were increasingly being told by customers they needed to meet cybersecurity requirements. And that was kind of a pain. “We’re just trying to make this robot run,” recalls Aldridge “because a lot of stuff in robots and automation, you’ve got enough problems just making it do what it’s supposed to do in the first place.”
But the customer would say: “We need to be worried about this for security, [and] this for security, [and] this for security.” And the response from the engineers would be: “Well, you’re just causing a problem. This is going to make it harder. It’s going to take this longer. It’s going to cost more.” But the response increasingly would be: “No, you need to do this.”
Aldridge knew he could help contractors meet requirements, and get autonomous systems government-certified.
In 2015, he came back to Raleigh. “Secmation started off as a cover for my consulting business,” he says.
He did that for around a year, and then decided he would try to get some government contracts for his one-person company. Because of his experience in government and as a defense contractor, he knew how to navigate a key source of funding for R&D startups, the Small Business Innovation Research program.
One important first step in winning SBIR funding is to pay attention. Government agencies will announce periodically that they are looking for R&D proposals from small businesses in specific topic areas. “What they normally do is they advertise topics of interest,” says Aldridge. “So, you can go through the topics, find one that you think is interesting to your company, that you think you have the capability to do, and can write a proposal around.”
He wrote his first proposal from his downtown condo. The Air Force wanted someone to study the vulnerabilities of its radio communications systems, which were increasingly computers with an antenna, and come up with ways to protect them. Secmation won its first SBIR, around $150,000.
That enabled Aldridge to hire his first employee, an N.C. State graduate student, and set up a small office on State’s Centennial Campus. From 2017 to early this year, Secmation won eight grant awards totaling more than $4 million from DOD service branches and the Department of Energy, including a project with NC State funded by the Army focusing on cybersecurity for military vehicles. The projects addressed a consistent challenge: the need to bake in cybersecurity into autonomous technology. Data needs to be encrypted and decrypted. Communications need to be protected, and malicious tampering attempts deflected. And all of this needs to be designed into systems from the beginning of development, and not bolted on as an afterthought.
“So what we do is wrap a lot of that cryptography into these small systems, these [uncrewed] systems, and make sure they have that cryptography, which they have not had access to in a lot of places before.”
“Not just cryptography, but hardened operating systems, different other security pieces,” says Aldridge, “that would allow them to inspect the data that’s coming into their system and coming out of their system. Large organizations are doing some of this, but they’re doing it for the IT application space. We’re doing it specifically for these automated systems.
“The reason that’s significant is back when I was creating automated systems, I couldn’t take this thing from an IT provider and just stick it into my system and hope the system still worked. It would take too much memory, too many CPU cycles, and would interfere with stuff at the wrong time.”
When he started Secmation, his intent was not to make it as defense-focused. “I wanted to be in Internet of Things,” the world in which every appliance, every machine, every clipboard is smart and sensored and networked. It was a logical idea, that this would be a booming market for IoT cybersecurity. “I started talking to the IoT folks that were deploying the products. I said security is one of the top two or three things of challenges for IoT deployment. I can help you.
“Across the board, it was like, yeah-h-h, I gotta get my product out. Come talk to me when I have a requirement. So, I pivoted and went another way.”
Which is why Aldridge and Secmation’s business development manager, Jamie Roseborough, were at the Weapons Pitch Day last month in the Florida Panhandle held by the Air Force Armament Directorate near Eglin Air Force Base. More than 70 companies had submitted proposals, and Secmation was among 18 small businesses that were invited to present.
Aldridge had a 15-slide deck and a short amount of time. What he was pitching was something called a “Secure AI Processing Platform for Expendable Systems (SAPPES).” Basically, building in cybersecurity for rapidly evolving small, relatively inexpensive UAVs, for example. Swarms of them will need to communicate with each other and decide who’s going to go after what tank, and wait, that’s not a tank, let’s find another target. Weapons that will be useless if enemy hackers can disable them over the battle space.
What helped is that Secmation had been a member of the RTP-based Council for Entrepreneurial Development and had gone through its GRO incubator, which included how to pitch investors.
“We rehearsed,” said Roseborough. “And we briefed it to the office. We briefed it to some partners and advisers. All that kind of stuff.”
“It goes a little differently each time you do it. You’re going to hit these key points, and all of a sudden you flip to the next slide, and you’re down a rabbit hole on a piece that you didn’t necessarily want to talk about. So, yeah, you’ve got one shot, and actually, Hal knocked it out of the park for us.”
What’s next is probably a move to larger quarters from its current space in a Six Forks Road office park, where it has been for two years, and probably some interaction with venture capital.
“We haven’t really gotten serious about venture capital yet,” says Aldridge, “but it’s probably on our course for next year.”