by Marc Goodman
Just as the philanthropist Raymond Orteig incentivized civil aviation and Anousheh and Amir Ansari spurred on the commercial space industry, so too can today’s philanthropists make a big difference in our technological security. Look at the amazing feats the Bill and Melinda Gates Foundation has accomplished in fighting HIV, eradicating polio, and supporting education, distributing an amazing $26 billion of Mr. Gates’s wealth since the foundation’s creation. But they are not alone, and there is indeed a new breed of “techno-philanthropists” out there, committed to using their wealth to better the world. eBay’s first president, Jeff Skoll, has worked tirelessly crusading against pandemics and nuclear proliferation, endowing his foundation with nearly $1 billion of his own funds. Elon Musk, Pierre Omidyar, Paul Allen, Steve Case, Larry Ellison, Mo Ibrahim, Sir Richard Branson, and Michael Bloomberg have all incredibly generously signed “The Giving Pledge,” committing to dedicate the majority of their wealth to philanthropy. These individuals have personal passions that they are actively supporting with their wealth, ranging from good governance to child development. Given that most of those above earned all or part of their wealth working in technology, funding an XPRIZE focused on this topic would make great strides in combating the emerging technological threats before us and, with their expertise in the field, could make a huge difference. Happily, the XPRIZE Foundation is in the early stages of exploring a cyber-security XPRIZE, with support from Deloitte Consulting. Even a $20 million purse (a mere .01 percent of annual revenues from the $150 billion software industry) would go a long way toward helping to provide the more stable and secure software required to protect our technological future. But even more can be done, something big and bold and on the same scale and scope as the pressing technological challenges before us.
Getting Serious: A Manhattan Project for Cyber
During my participation in the Manhattan Project and subsequent research at Los Alamos, encompassing a period of fifteen years, I worked in the company of perhaps the greatest collection of scientific talent the world has ever known.
FREDERICK REINES
When it was discovered in 1939 that German physicists had learned to split the uranium atom, fears quickly spread throughout the American scientific community that the Nazis would soon have the ability to create a bomb capable of unimaginable destruction. Albert Einstein and Enrico Fermi agreed that President Franklin Delano Roosevelt had to be apprised of the situation. Shortly thereafter, the Manhattan Project was launched, an epic secret effort of the Allies during World War II to build a nuclear weapon. Facilities were set up in Los Alamos, New Mexico, and Robert Oppenheimer was appointed to oversee the project. From 1942 to 1946, the Manhattan Project clandestinely employed over 120,000 Americans toiling around the clock and across the country at a cost of $2 billion. Those working on the Manhattan Project were dead serious about the threat before them. We are not.
While no sane person would equate the risks from the catastrophic impact of nuclear war with those involving 100 million stolen credit cards, some of the scientific discoveries under development today, including artificial intelligence, nanotechnology, and synthetic biology, do indeed have the potential to be tremendously threatening to life on this planet, as Stephen Hawking, Elon Musk, and others have warned. Beyond these potential existential threats, we must surely recognize that the underpinnings of our modern technological society, embodied in our global critical information infrastructures, are weak and subject to come tumbling down through either their aging and decaying architectures, overwhelming system complexities, or direct attack by malicious actors.
Though we have yet to suffer the game-changing calamitous cyber attack of which many have warned, why wait until then to prepare? The evidence of the technological perils is all around us. On a daily basis, cyber attacks disrupt our financial system, thieves steal billions in intellectual property, foreign nations pilfer our military weapons plans, and hackers share online tips with one another on how to take over the industrial control systems that run everything from power plants to water and sewage treatment facilities. To paraphrase the renowned statistician and editor of the FiveThirtyEight blog, Nate Silver, our current lackadaisical approach to cyber security and the profound technological vulnerabilities before us has been until this point akin to applying sunscreen and claiming it protects us from a nuclear meltdown—wholly inadequate to the scale of the problem. It is time for a stone-cold somber rethinking of our current state of affairs. It’s time for a Manhattan Project for cyber security.
I’m not the first to suggest such an undertaking; many others have done so before, most notably in the wake of the September 11 attacks. At the time, a coalition of preeminent scientists wrote President George W. Bush a letter in which they warned, “The critical infrastructure of the United States, including electrical power, finance, telecommunications, health care, transportation, water, defense and the Internet, is highly vulnerable to cyber attack. Fast and resolute mitigating action is needed to avoid national disaster.” Signatories to the letter included those from academia, think tanks, technology companies, and government agencies—including former directors of DARPA, the CIA, the Defense Science Board, Xerox PARC, and various national laboratories and Ivy League universities. These serious thinkers, not prone to hyperbole or exaggeration, warned that the grave risk of cyber attack was a real and present danger and called for the president to act immediately in creating a cyber-defense project modeled on the Manhattan Project. That call to action was in 2002. Sadly, precious little has changed since then with regard to the state of the world’s cyber insecurity; if anything, the situation has grown worse. Sure, there have been nominal efforts and the rearrangement of some chairs on the proverbial deck of the Titanic but not much in the way of substantive progress. What is America’s overarching strategy to protect itself from the rapidly emerging technological threats we face? We simply do not have one—a serious problem we may live to regret.
A real Manhattan Project for cyber would draw together some of the greatest minds of our time, from government, academia, the private sector, and civil society. Serving as convener and funder, the government would bring together the best and brightest of computer scientists, entrepreneurs, hackers, big-data authorities, scientific researchers, venture capitalists, lawyers, public policy experts, law enforcement officers, and public health officials, as well as military and intelligence personnel. Their goal would be to create a true national cyber-defense capability, one that could detect and respond to threats against our national critical infrastructures in real time. This Manhattan Project would help generate the associated tools we need to protect ourselves, including more robust, secure, and privacy-enhanced operating systems. Through its research, it would also design and produce software and hardware that were self-healing and vastly more resistant to attack and resilient to failure than anything available today. Such a project of national and even global importance would have the vision, scope, resources, and budgetary support required in order to make it a success. Most important, it would also require a sense of urgency commensurate with the original Manhattan Project, something that has been heretofore entirely absent from our current and previous halfhearted attempts to deal with our growing cyber insecurity.
As daunting as such a task may seem, there is good news. We can do this. We can succeed in this fight. We as a people surely have what it takes to make a profound difference in our common security moving forward. It will require vision, focus, and leadership. And though it may seem hopeless at times, let us take encouragement from President John F. Kennedy, who, in a speech he delivered at Rice University in September 1962, persuaded the American people to fund NASA and, before that decade was out, to land a man on the moon and return him safely to earth. In his eloquent and rousing speech before thirty-five thousand spectators, President Kennedy extolled the importance of space travel as being integral to our global security, noting,
Man, in his quest for knowledge and progress, is determi
ned and cannot be deterred … We have vowed that we shall not see space filled with weapons of mass destruction, but with instruments of knowledge and understanding … We set sail on this new sea because there is new knowledge to be gained, and new rights to be won, and they must be won and used for the progress of all people. For space science, like nuclear science and all technology, has no conscience of its own. Whether it will become a force for good or ill depends on man …[Therefore] we choose to go to the moon. We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win.
Hell yes! That’s what I’m talking about. Where is that leader? That man or woman, the one who will take us boldly into this twenty-first century, using our technologies for our common betterment and willing to stake his or her reputation and honor on meeting the sacred mission, exercising valor, determination, and the conviction of belief in order to make it so? Only through fierce coordination of efforts across government, academia, and the private sector will we make progress. The key to making the Manhattan Project for cyber actually work will be a keen sense of urgency concomitant with the enormity and importance of the task before us. The clock is ticking, and there is no time like the present to bring this idea to fruition.
Final Thoughts
The best way to predict the future is to invent it.
ALAN KAY, XEROX PARC
When it comes to technological threats against our security, the future has already arrived. It is sitting in an office building in Kiev, destined to be the next Innovative Marketing. It is in the laptop of that kid next to you at the library who is building the next Silk Road and Assassination Market. It’s in that ten-story government building in that foreign capital where every day thousands of digital spies are showing up at work intent on stealing your corporate secrets. It’s in the garage of that one disaffected bio-hacker who is tired of the bullying in school and now plotting his bioterror revenge. It’s at the local big-box retailer selling quadcopter drones, never knowing if they will be used to ferry weapons over prison or airport fences. It’s available via that Web site that sells model jet aircraft capable of autonomous flight laden with explosives to be flown into a crowded building by terrorists. This future has already arrived. All the warnings and indicators are there. The threat is serious, and the time to prepare for it is now; I can assure you that criminals, terrorists, and other malicious actors already have.
As we have seen, everything is connected and everyone is vulnerable. But all is not lost; there are things we can do about it as outlined in this chapter and the previous one. But when we fail to respond to the problem at hand and bury our heads in the sand, the problem does not go away; it grows. The challenges we face are significant and mounting. It’s not just about hacked bank accounts or stolen private photographs. Nor is it merely about maintaining control and privacy over the multitude of devices in our lives. It is about safeguarding our technological future and understanding what’s coming next. As Marshall McLuhan reminds us, “It is the framework which changes with each new technology and not just the picture within the frame.”
The hacks of tomorrow will affect our cars, GPS systems, implantable medical devices, televisions, elevators, smart meters, baby monitors, assembly lines, and personal-care bots. With seventy-nine octillion new possible connections enabled through IPv6 and the Internet of Things, all physical objects will become hackable, including all the screens in our lives. Yet as of today, we lack any viable models for truly trustworthy and secure computing—an obvious failure for a society built on and run by computers. We have no proven way to trust the code that runs our lives and runs our world. It is for that reason that those who control the code can control our world, for good or for ill. Beyond this, we will have to deal with new bioweapons, hacked DNA, and genetic and biometric identity theft, to say nothing of easily manipulated black-box algorithms and AI systems. We are living in exponential times, and though it is easy to dismiss autonomous killer robots and Skynet-like evil AIs as pure sci-fi fantasy of the future, as George Carlin reminds us, “The future will soon be a thing of the past.”
In a world in which all of our critical systems and infrastructures are run by computers, it would be easy to dismiss our profound technological insecurity as just a computing problem. But we don’t just have an IT problem. Because technology is woven through the entire fabric of our modern lives, we also have a social problem, a personal problem, a financial problem, a health-care problem, a manufacturing problem, a public safety problem, a government problem, a governance problem, a transportation problem, an energy problem, a privacy problem, and a human rights problem. We have no choice but to win this battle for the very soul of our own technologies because frankly the alternative is too horrible to consider. This must be our call to action.
Accordingly, now is the time to completely reevaluate all that we take for granted in this modern technological world and question our dependence on the ubiquitous machines that so few of us understand. We do this not out of blind technophobia nor in deference to Luddite ancestors but as a commonsensical measure, fully appreciating the vast positive potential these exponential technologies portend. The innovation cannot be stopped, and the technological changes are coming faster and faster. We’ve reached an inflection point, a punctuated moment in time that demands our immediate and greatest possible attention. The proverbial twenty-ninth day of the lily pond is fast approaching and as with all things exponential, our window to act responsibly and responsively is closing quickly. There is a way forward from the rash of technological threats we face today. By mobilizing common citizens and taking back control of our own devices and technologies, we can all use these tools to their maximum good. In other words, the tools to change the world are in everybody’s hands. How we use them is not just up to me; it’s up to all of us. That better version of our future—the one we all want—will not magically appear on its own. It will take tremendous intention, effort, and struggle. But with this hard work, not only will it be possible to survive progress, but to thrive to an extent never previously imagined. That is the world I want to live in.
APPENDIX
Everything’s Connected, Everyone’s Vulnerable: Here’s What You Can Do About It
Throughout this book, we have investigated the looming technological threats faced by society and explored a variety of ways to systemically reduce these risks. The UPDATE Protocol, described below, provides some practical everyday tips you can use to protect yourself, your business, and your loved ones from today’s most common technological dangers. Follow these simple steps (the digital equivalent of locking the front door to your home and not leaving your car keys in the ignition), and you can avoid more than 85 percent of the digital threats that pervade our lives daily.
Update Frequently
Modern software programs are riddled with bugs. Hackers and others use these vulnerabilities to break into your computer and other devices, steal your money, and cause general havoc. Avoid these problems by automatically updating your operating system software, computer programs, and apps. Pay particularly close attention to browsers, plug-ins, media players, Flash, and Adobe Acrobat—favorite targets of bad guys trying to rip you off. Failing to update automatically leaves your devices wide open to attack via problems that can be avoided if you simply update your software.
Passwords
Passwords should be long (think twenty digits or more) and contain upper- and lowercase letters, as well as symbols and spaces. Though we’ve all heard it a million times, the strength of a password is one of the key factors in protecting your accounts, and passwords should be changed often. You should absolutely not use the same password for several different sites. Doing so means once hackers get access to your log-in credentials, they can use them across
multiple domains, from your social media network to your bank account. Memorizing long, unique passwords for every account and Web site in your life, however, is of course more than the human mind can manage. Fortunately, there are a bevy of password “wallets” or managers that can make this process relatively painless. Criminals have been known to create their own password wallets in an effort to trick you into giving up your digital crown jewels. Thus use only well-known and established companies such as 1Password, LastPass, KeePass, and Dashlane, most of which work across your computer, smart phone, and tablet. In addition, many services such as Google, iCloud, Dropbox, Evernote, PayPal, Facebook, LinkedIn, and Twitter offer two-factor authentication, which involves sending you a separate onetime password every time you log on, usually via an SMS message or app directly to your mobile phone. Using two-factor authentication means that even if your password is compromised, it cannot be used without the second authentication factor (physical access to your mobile device itself).
