Is it time to take a page out of the terrorist handbook when it comes to cybersecurity?
Absolutely, cybercrime expert and futurist Marc Goodman says — and the government, military, and intelligence community are already behind the curve.
The “bad guys” are leading the charge in the field, innovating and adopting new technology, while the “good guys” find themselves stymied by bureaucracies and budgets, Goodman warns. But the global security advisor, whose book, “Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It,” hit shelves in 2015, doesn’t want to simply sound the alarm on the dangers of an increasingly tech-laden world. With over two decades in law enforcement, working with groups such as Interpol, the Los Angeles Police Department, and the United Nations, he’s taken his talents to Silicon Valley and has plenty of policy suggestions for those working in tech and government at home and in the Beltway.
To tackle cyberthreats and terrorism challenges in the national security sphere, Goodman threw out a host of ideas during a wide-ranging chat with The Cipher Brief, such as creating a national civilian cyber defense corps, crowdsourcing security, and rethinking the Department of Defense’s stance on autonomous warfare.
“The government’s monopoly on big data is rapidly coming to an end. It used to be that government had all the secret information, they had all the cables, they had all the satellites. All of that technology is being democratized,” Goodman said.
After all, the “good guys,” as Goodman likes to dub them, are facing “bad guys” — criminals and terrorists — who have long been out-innovating them and barreling ahead with new technologies to support their agendas. Terrorists are early adopters of tech, and for over a decade, they have been at the forefront of using the Internet and crowdsourcing to find targets, recruits, and financing, as well as to spread propaganda.
“People talk about ISIS and Twitter and Telegram today as if they’re new things — but if you go back to the 1993 bombing, the first World Trade Center bombing, they were using encryption on the laptop back in 1993. And when the FBI seized it, they couldn’t read it. The NSA had to work for a year to break the encryption,” Goodman pointed out. “Which one of your readers was using encryption in 1993? Which one of our parents or friends were?”
With weapons, cyber or otherwise, getting cheaper and cheaper, it is also no surprise “the bad guys are flocking” to new and potentially very dangerous tech, Goodman noted.
“Fifteen years ago, a drone was a billion dollars, beyond the reach of your average neighborhood criminal or ISIS members. But now, of course, for $100 or $200, they can build their own devices,” he said. “Biological warfare, synthetic biology, was only done in hospitals and cancer institutes, and now you can watch YouTube videos on how to do that.”
“The fact that we are all interconnected means some good things, but we’re also at risk. And I don’t think society has much considered that, and I think our response has been tepid at best,” he added.
National security leaders need to leverage the resources in the private sector to challenge tech savvy terrorists, Goodman said. One policy he has been particularly pushing is for the “good guys” to turn more to crowdsourcing security. There needs to be a team of smart civilians in the tech field who are ready to jump on a digital disaster when it strikes — think of it as a national civilian cyber defense corps in the vein of the Federal Emergency Management Agency (FEMA), he proposed.
“We don’t have anything in place to respond to digital disasters, critical infrastructure attacks. And the simple matter is that when that day comes, as it surely will, we’re going to need 100,000 people who have been sort of background processed and have their security clearances,” Goodman said.
“The time to clear people to do this is not during the disaster. The time to do it is now,” he added. “The time to do the one weekend a month or two weeks a year training is now.”
Terrorists have already adopted the crowdsourcing approach, easily seen in their recruitment and intelligence-gathering processes. The U.S. needs to shake up its own approach to protect cyber networks, Goodman said, and that will demand prioritizing partnerships between the private and public sector.
“You have so many talented students at Carnegie Mellon, MIT, UC San Diego, who can do this. And you have people that work at Facebook and at Google, and by training together and working together and starting to speak a common language, we can vastly increase our forces. And the fact of the matter is, the bad guys are doing that. It’s all crowdsourced,” he said.
To push back against technological threats, “policymakers here just need many, many more people — and people who think differently,” Goodman noted.
Initiatives such as the Pentagon’s first cyber bug bounty program, “Hack the Pentagon,” and the “Tour of Duty” exchange that brings in top talent from the private sector are “good first steps,” Goodman said.
“But that’s different than what I’m talking about,” he said. “All those steps are welcome, but things just need to be much bigger and broadly done.”
There’s another plan in the Pentagon that just doesn’t go far enough in Goodman’s view.
Officials have said repeatedly they are focused on artificial intelligence, cutting edge weapons, and autonomous machines for the future of warfare. But as Deputy Defense Secretary Bob Work — who is leading the thinking around the DoD’s high-tech “Third Offset” strategy — said earlier this year, the U.S. “will not delegate lethal authority for a machine to make a decision. The only time we’ll do something like give a machine delegated authority is when things go faster than human reactions, like cyber or electronic warfare.”
“That’s great that they say that. I hope they like having their planes destroyed. Good luck,” Goodman said. “You can say for human rights reasons, for public policy reasons, for moral reasons, that you want to keep the human in the loop. And that’s great, and I understand why you would.”
Goodman stands by his statement in “Future Crimes,” where he wrote, “Once your enemy goes to fully autonomous warfare, you will be compelled to do the same or face destruction.”
“But those countries, those entities, those even foreign friendly nations that don’t adopt that same attitude, would have a significant advantage on the battlefield. And we just won’t be able to compete. And I’m sure after losing a few tanks, soldiers, or aircraft, we’ll have to rethink that,” he said.
And there’s no doubt that the “bad guys” will continue to make the most of the rapidly changing technological world, extending into emerging fields such as robotics, AI (artificial intelligence), 3D printing, and synthetic biology, according to Goodman.
What national security professionals need to do, Goodman said, is “not to underestimate your enemies.”
“Our adversaries are much more sophisticated than we give them credit for,” he said. “They are hacking our drones. Cyberweapons don’t destroy themselves. Which of our tools, techniques, operational statecraft, are we accidentally sharing with others? The tide is turning, and people need to realize that so they can co-create the systems that will help keep us safe in the future.”
Marc Goodman is the New York Times best-selling author of “Future Crimes” and a global strategist and consultant focused on the profound change technology is having on security, business, and international affairs. He is the founder of the Future Crimes Institute and currently serves as the Chair for Policy, Law and Ethics at Silicon Valley’s Singularity University. Goodman is a Distinguished Visiting Scholar at Stanford’s MediaX Laboratory. Over the past 20 years, he has built his expertise in international cyber-crime and terrorism working with organizations such as INTERPOL, the UN Counterterrorism Task Force, NATO, and the U.S. Government. Follow him on Twitter @futurecrimes.