Security pro authors book on tech's impact

“A full 80 percent of hackers are affiliated with organized crime,” said strategist, consultant and author Marc Goodman in a discussion with California Lt. Gov. Gavin Newsom.

“There’s a new paradigm afoot,” he said in the first of a speaker series from Singularity University that explore the impact of rapidly advancing technologies in a range of areas including security and healthcare.

Author of the new book. Future Crimes, Goodman has built his expertise in next generation security threats such as cybercrime, cyber terrorism and information warfare working with organizations such as Interpol, the United Nations, NATO, the Los Angeles Police Department and the U.S. Government.

Technology offers society tremendous benefit, he said. “We’ve wired the world but we’ve failed to secure it.” Meanwhile, the bad guys have figured out how to scale their business. Rather than one person robbing one person, one person can now rob 100 million people.

Incidents like the recent Anthem breach are not isolated, he said. Such breaches are “signs and signals of a fundamental change in society.” Putting all of our society online, including EHRs, financial data and more, offers a lot of good services but “the bad guys are all over it.”

One of the biggest challenges is that the lack of good data about cybercrime, Goodman said. “If your car is stolen from your garage, you know about it. But when you’re the victim of a hacking, most people never know it.” The average time to detection—the time it takes to detect hacking—is 211 days and that figure is growing. That means that hackers can roam around in all of your text and files for seven months. Plus, all computers can be hacked and Goodman said malware is actually installed on machines.

Altogether, cybercrime causes a $400 billion a year hit on the global economy.

Another problem is that “the bad guys’ tools run faster than good guys’,” said Goodman. Studies indicate that in an antivirus program’s first few weeks in use, it only has a 5 percent detection rate. “If your own immune system functioned like that you’d be dead in 24 hours.”

Something that makes this new iteration of crime so scary is that it is not being committed by people but by software, bots and other technology. “The bad guys are really effective at creating crimeware.”

Rather than effectively addressing it, the federal government seems to have its head in the sand, he said. The CIA’s response to the recent incident in which a drone breached the White House grounds was to plant higher trees, he said. “That’s wholly inadequate.”

The chances of being prosecuted for a cybercrime is probably 1 in 10,000, said Goodman, and that’s only if the criminal is identified. “Anonymization in cyberspace is great. Interpol’s budget is $90 million but a Brazilian criminal was found with $200 million in cash in his basement.”

The internet essentially “broke” policing, he said. When a bank robbery occurs, the local police department investigates. There is colocation of the victim, suspect and law enforcement. “It worked really well,” but a police officer in New York cannot make an arrest in Moscow. “When cybercrime is emanating from countries where the rule of law is very, very weak, there’s nothing we can do about it.” The tools available to law enforcement are “completely mismatched to cybercrime. We will never arrest our way out of this problem because we’re playing on two different fields. The cops have to follow the rules and the criminals can go anywhere.”

Goodman proposed using the language of medicine to describe both the problem and the solution. Pulling from public health and epidemiology, he said the goal is not to arrest someone with measles but to isolate him or her. That same principle can be applied to cyberthreats.

The European Union has a directive on data privacy that limits how long data can be kept, he said. “Here we keep data forever so we have so much data leak.” European countries also have a data privacy commissioner but there is not a similar role in the U.S.

The government could be part of the solution, he said, by serving as a convener, providing public funding and policymaking. Also, “there is tremendous innovation going on in the private sector. The solutions are everywhere, we just need to bring it all together.”

Trustworthy computing is the first step to protecting our critical infrastructures, Goodman said. “We have a long way to go. Everything on your screen is hackable. It’s all malleable.”

The good news, he said, is “there’s a lot we can do. Our software is really buggy. Most of Silicon Valley operates under the idea of ‘just ship it and we’ll fix it later.’ We should hold them accountable at least at the point when it approaches negligence.” Everything can be encrypted but not many organizations are doing so. In the Anthem hack, the stolen records were not encrypted. And in last year’s Sony hack, individual employees had records put online. “That would not have happened had they been encrypted.”

Improvements can come in many nontraditional formats, he said. He suggested activating gamers, citing studies that show that by the time the average kid hits age 18, he or she has spent 10,000 hours playing videogames.

Another suggestion is a cyber reserve corps, much like those established for the police and military. “We should be building and training 100,000 people now to prepare for the next disaster.”

Goodman said people need to get involved. “We should crowdsource our security—the bad guys have done a phenomenal job crowdsourcing the attacks.”

It’s time to get intentional, he said, because “it’s irresponsible to connect 200 million devices to computers that we know are hackable.”

Despite all the challenges, there is hope, he said. “We are the same people who put a man on the moon. Surely we can solve these cybersecurity threats. It’s just going to take some time, focus and attention. If we do that we can have the abundant, bright technological future we’ve all been promised.”

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”