The Dark Side of Technology

Event Highlights

Marc Goodman and Lillian Ablon presenting at a RAND event on cybercrime July 31, 2015

Marc Goodman and Lillian Ablon

Photo by Diane Baldwin/RAND Corporation

On July 21st, Wired reporter Andy Greenberg published the story of how, as he was driving a Jeep at 70 mph down a highway, two of his friends hacked into the car's computer, turned on his windshield wipers, changed his radio station, and rendered his accelerator inoperable.

The story attracted, as would be expected, considerable attention, and Chrysler is now issuing software updates for 1.4 million affected cars.

Predicting this type of hack at a recent RAND Policy Circle event was Marc Goodman. He is the author of Future Crimes: Everything Is Connected, Everyone Is Vulnerable, and What We Can Do About It, in which he envisions what the future of crime will look like and how individuals can protect themselves. Goodman is uniquely qualified to write this book, having begun his career over 20 years ago as a police officer in the Los Angeles Police Department, then becoming the Federal Bureau of Investigation's futurist in residence and more recently, the founder of the Future Crimes Institute.

Goodman explains, “When most people think of cybercrime, they think, my account was hacked; my identity was stolen; I needed to get a new credit card. The message in Future Crimes is that the risk is much broader than that.”

Goodman warns that cybercrime is “exponential, automated, and about to enter the third dimension.” It is “exponential” because every 12 to 24 months the “price/performance ratio of a computer doubles,” giving criminals, just like customers, more power. It is “automated” because now, as Goodman elaborates, “When it comes to crime, there's an app for it. Criminals used to be people. If you wanted to be a robber here in Los Angeles, you went out and got a knife and a gun; you hid in a dark alley, and you said, ‘Stick ‘em up.' That was a good business model,” he adds, dryly, “You could be your own boss; no taxes, no permits required.” But the challenge was, how do you scale and grow your business? Today, with the internet, one person can rob hundreds of millions of people, as in the Target hack, which, Goodman calculates, affected one third of the American population.

Valerie Plame and Morgan Fairchild attend a RAND event featuring Marc Goodman, founder of the Future Crimes Institute, on June 25, 2015

Valerie Plame and Morgan Fairchild discuss the topic with Policy Circle members at the event.

Photo by Diane Baldwin/RAND Corporation

Lastly, Goodman says, cybercrime is “about to enter the third dimension.” In years past, the cyberthreat was “on your computer screen and that was it. Things happened on the screen, and no one got hurt. As we bring more and more computers into our physical space, known as the ‘internet of things,' there are greater risks.” He continues, “Every modern automobile has over 250 microchips, which can be hacked, controlling everything from the windshield wipers to brakes.” Only weeks after this event, Wired published the story about the hacked Jeep, affirming Goodman's warning.

With the increasing risk of cybercrime, there is a need to improve cybersecurity. But a recent RAND study indicated that close to $70 billion is spent on cybersecurity annually, increasing at a rate between 10 and 15 percent each year, even as breaches increase. Why this disconnect? Goodman points out that there is an “asymmetric threat… the good guys need to always be right.” He elaborates, “Microsoft Office has a hundred million lines of code in that one product. Every line of code needs to be correct. If it's not, there's a software bug that can be exploited. The complexity becomes enormous, making it nearly impossible to protect everything.”

So, what will change the future of cybercrime and cybersecurity, and how can the government play a role? Goodman recommends building a national cybersecurity reserve force of 100,000 members sourced from private and public sectors. He also recommends a “Manhattan Project for cybersecurity,” with Americans working around the clock. “The government has the opportunity to be a convener of experts,” he says, “We need to crowdsource the solution.”

This event was part of the Policy Circle Briefing Series.