No matter what industry youre in. Cybercrime. Im barrie moskowitz, an officer of the Harvard Business school club of new york. Before introducing our speaker would like to introduce our moderate, chitra nawbatt. Chitra anchors for National News channel in the york. Prior to her career in broadcast television, chitra worked at the Deutsche Bank the ibc and ernst young. She is a cpa and a graduate of Harvard Business school. Welcome, chitra. Spin and now a featured speaker for the evening, mr. Marc goodman. Marc is a global strategist and author and consultant focus on the disruptive impact of advancing technologies on security, business and international affairs. In addition marc found a future Crimes Institute to inspire and educate others on the security and risk implications of newly emerging technologies. Since 1999 marc is worked extensively with interpol where he is a Senior Adviser to the Steering Committee on Information Technology crimes. In this capacity marc has Trained Police forces throughout the world and has chaired numerous interpol expert groups on nextgeneration security threats. Marc holds degrees from Harvard University and the London School of economics. In his newest book future crimes provides an insight into technological innovation and unintended consequences of the connected world. Im sure we will find out more as the evening unfolds. Before we begin please take a moment of silence your cell phones. If you did not do it yourself, marc may just do it for you. [laughter] also please note that this event is being recorded by cspan. During the q a there will be a microphone located in the center aisle. Please announce your name before speaking. We are also pleased to announce that we have copies of this book right off the press that are available for sale right outside the conference room. Thank you so much, and please join me in welcoming marc. [applause] how is everybody doing ask wow, thats pretty perky compared to i dont have to ask twice. How many of you work in Tech Knowledge . Specifically in cybersecurity or security . Entrepreneurs . Financial services . Its like the second row. You guys look so excited to be proud. And Harvard School of am . Kennedy school . Only one. Harvard undergrad . Okay. What are you most curious about on this topic . A few hands. As a new yorker who has had credit card [inaudible] id like to understand more about, and i didnt go to harvard [laughter] or best buy. Slept like to understand whats happening [inaudible] im just really concerned about what types of [inaudible] okay. Thank you. Briefly. [inaudible] him okay. One more. [inaudible] so we will start big picture and then drew into some of these issues that you talked about definitely companies, technology that is on the forefront specifics of the risk and issues you talked about, both operationally and to talk about decimation reputation. So we will start big picture, high in the sky, and drill down. Marc, what does the future of crime and cyber terrorism look like . Wow, what a catcher question. Completely unprepared for that. [laughter] the future of crime. Well it looks somewhat like today but it also looks quite different. The bad guys criminals terrorists and rogue governments have always been quite good at Adapting Technology to their own preferences. Criminals have been early adopters of technology. If you go back to chicago gangland, murders of the 1930s, those gangsters had cars while the cops were still on horse and on foot right . Fast forward today when i was a young Police Officer, we saw bad guys from drug dealers on street corners carrying pagers and cell phones back in the days when doctors were the only people that had pagers. They were carrying like a fivepound brick phones. I see some young people in the audience. You couldnt talk on it but it would be. It was a star trek those were quite rare. When i saw street drug dealers carrying pagers amount i guess you were not physicians, they were in the former soviet industry but, in fact, they were not doctors. I said theres something going on. So i got involved in cyber Crime Investigation early on in my career. I started telling a story of how that happened, and then it went on and on and on. What i saw go every new technology they picking up the bad guys are right there ready to go. They have researched and developed the departments, the cartel has a 5 million r d budget just for robotics trying to figure out how to get drugs across the border. So they do r d. They hire ph. D. There is a school of aviation that is in mexico, a very premier school, or the drug dealers are recruiting aviation and jeers for the purpose of building the drones. Theres a whole bunch of new technologies come online, robotics, Artificial Intelligence, synthetic biology, internet, big data. There will be a crime plot ready for all of them. What are the top three threats that you can think about right now . Im a technological perspective. I would start out as a societal level and work down from the. I guess the big, Single Thread that i see is that we acquired the world but we failed to protect them. We are very good at connecting things to the internet. We know how to do that. The internet protocols are set up to do that quite well. Security, we will figure that out later. Just kind of the broad overall threat that i see his that we cannot even protect the things that weve online today. And yet we are running full speed ahead to connect more stuff. Theres never been build a Computer System that could not be hacked. Theres never been build a Computer System that somebody couldnt figure out a way into common yet we are using computers, not only to computers we think were using that stops, laptops smartphones but all of physical objects in the space around us are transforming themselves into Information Technology. At automobile, something they used to be a mechanical device is now a computer. It contains over 250 microchips that control everything from the breaks to the airbag to the Radio Station you listen to. And they did a demonstration of this on 60 minutes. And elevator is a computer writing. An airplane is to compete you fly in and a pacemaker is a computer that you implant in your body. So the founder of netscape famously said that software is leading the world. So when every physical object transforms into Information Technology, things that were never hackable before suddenly become packable. Lets go more specific, the perspective of the countrys government. I interviewed spent i dont think your mic is onto well. [inaudible] yes, that needs to be on you. [inaudible] i think its been hacked. [laughter] wont be the first time tonight. So this one wasnt thats for the camera. Apologies. Barrie, if you want to do the intro over again. Spoke how is that, better . Thank you. Getting into the three, lets go more deeper, right. I was saying a few months ago i needed and ceo of firefly, dave dewalt which is a company that works on cybersecurity and he is talking about the three countries, the top three countries that are victims of Cyber Attacks are United States, south korea, canada. We are number one. [laughter] when you think about those three countries, what are they specifically under attack come in what area, what are the three biggest threats that our government are dealing with . You know, i understand clearly that youre asking for three specific things. I will deal with the countries and then well talk about what those things might be. I want folks to be able to touch it feel it can really understand it. You got it. It is allencompassing so how do we break down into something tangible that companies, governments, all of us need to know how to prepare better, respond to . And hopefully Business Opportunities. We will definitely get into some of those opportunities for startups. Why would canada and south korea and the United States be amongst the greatest victims of cyber crime . I will ask the audience. Do you guys having ideas . Yes, sir. The biggest users of the internet. Internet. Exactly. If you think we have a lot of Technology Look at south korea. They are Lightyears Ahead of us in terms of the speed of their internet, the percentage of their population that is online. They have a very Strong Technology culture, a very strong gaming culture. So the way you might go to a hockey gang or a New York Knicks gang, there are stadium filled and south korea where people are pulling video games across from each other. On the nightly news theyre talking about its a different culture. And, of course they face a very unfairly neighbor to the north i believe it is, which is very differently connected to the internet. So in essence it is an asymmetric threat. The more technologically advanced you are the more you can be subject to attack. This is a concern during the invasion of afghanistan of the u. S. Government, which is they develop this whole cyber arsenal but nobody is online and they dont have electricity what are you going to attack . Thats an exaggeration an overstatement. There were targets. I think thats the reason why this country either. They also happen to be very economically welloff countries so there are things to steal. In response how our government is trying to respond to the . Poorly. Very, very poorly. Whats interesting to me is that one of the reasons why we created nationstates come if you go back to the treaty, we had very clear borders individual countries sovereign rights, border states, this is the territory of the united kingdom, the United States south korea. The internet broke all of that. The role for which the government was brought together to be of service to its people taken at the federal level in this country and others for the purpose of National Security has kind of been broken in the internet age. When you have for example organizations of u. S. Government, army, navy, air force, marines who are responsible for protecting our national borders. They know how to do that. They been doing it for centrist. What does that look like in cyberspace . Nobody really knows. The systems of control customs and immigration, air traffic control, all of that stuff doesnt work on the unit. So they are struggling to figure out what it looks like. The branches of government that would protect his boat at the nationstate level from a National Security perspective and then also at the domestic level from a Law Enforcement perspective are completely broken by the internet, and they have not figured out any good ways to respond. I will talk about sort of on the policing side. If you had a bank robbery here in manhattan come in times square, a guy walks in hopes of the telecom walks over the telecom walks over the back of many, what do we know about the crime . This is csi cspan edition. What do we know about that crime . We know that the criminal was physically present in the city of new york. That means midtown south has jurisdiction. Its a big swing to the fbi will be involved. The victim was in new york city. The criminal was in new york city. Theres code jurisdiction. We know them in evidence left behind because of fingerprint dna, photographs taken at the scene. Those with the good old days. Now the very same crime to be committed by somebody in el salvador or someplace halfway around the world, and we have very little evidential trail to follow up on. Even if we did come and i experienced this myself when i was a Police Officer if i identified that a suspect what was with the police department, if identified the suspect was coming from paris for example, do you know how hard it is with local cop to get evidence out of paris . It relies upon mutual legal treaty to i develop for the went to my chief of detectives went to lieutenant, chief of police, California Department of justice, fbi, over to the state department who would give it to the French Home Office minister of justice, to give it to the Parisian Police to the whole process was a twoyear process to find of the owner of an ip address was. With some technical people in the audience, right . Does it take two years to change in i. T. Address . It takes about two seconds. So the systems are fundamentally mismatched from a Public Policy, legal perspective, regulatory perspective weve got nothing on the horizon to sort this out. Nothing on the horizon. Nothing interesting. I was going to say whats the solution . How are you, what are the agencies, what are the specific groups that are lobbying, rowling to get the right action and what is it that right action . And its a combination of domestic responds as well as working internationally, right . The challenge is on the National Ticket front and on the Law Enforcement front is that your government is pretty much abdicated response but it was bob and dont think its something that most citizens realize that if he came home, barrie god forbid your house was burglarized, you call the cops and they will show up. New senate detectives, dust commodities and wisdom look for the bad guys. If you call of the nypd, midtown south in queens and said ive got a virus comes in a police car immediately, i hate to disappoint you but the incoming. You may think every shows up with allies are looking for things, thats not what happens on the internet. So lawenforcement has suddenly excluded itself from this. You here periodic about wanted suspects and one or two people subject to arrest. It gives 110 thousands of the people of the crimes committed im guessing some estimate ends up in a prosecution in any way. So what was seen in our government, our response to this arbiters been mostly to the offensive capability. Athave you guys heard of the guy called snowden . There was this guy called snowden who took and still classify to release them and suggested that the United States government was quite expert at offensive cyber operations. What most folks may not realize is the nsa is dual headed. They are the primary agency in the United States for International Perspective that is responsible for cyber protecting our borders if you will. You have an organization that is schizophrenic. Why . Because once a part of the nsa discovers a bug apart of the certificate would all walk on we see that little, we see it as been foldable. The nsa knew about it. The nsa should have could have put out a notice to all american citizens and saying hey, attention, we have a problem. Update your browser get a new certificate. Heres the heart bleed fix. They didnt. Why . Because in other parts of the nsa, we can use this operationally and go after bad guys. So that six at the what happened to the offense apart is winning winning over the defenses apart, which is why youre kind of on your own and which is why Companies Like fire i and dave are very wealthy people because the opportunities are tremendous i want you to understand that their government is not doing much at all. Spent on that you talk about fire i other countries but what i, other comes to what other countries, who are the compass and the technology at the forefront of fighting Cyber Attacks . Sure. How many of you have antivirus on your computer . Those are not the companies at the forefront of this year to hate to disappoint you. But i write about this in future crimes. There was a steady debt of 40 different antivirus vendors and what they said is they looked at what the success rate was at detecting new viruses. They ran a bunch of new viruses through 40 different antivirus vendors and the detection rate turns out to be 5 . 5 of new viruses are detected by software, Antivirus Software but eventually it learns and it gets on board but that could be weeks and months later after everyone is affected. They have a 5 success rate. In future crimes i save your own immune system work like an Antivirus Program you would be dead in 24 hours. Thats not a good response rate. We need better systems. All those legacy players in the same way that we saw brandnew startups like google and apple disrupt ibm and were seeing the same thing right now with the first generation of cybersecurity companies, symantec, norton, one of the largest is now broken down broken into two separate companies. One focus on big data and Data Analytics come and the other on security. Even security researchers their what is the most respected cyber secure research and water runs an antivirus company, and he said publicly they antivirus terror is over. What of those new tools . One of the new companies . I would say fireeye is very much at the forefront. Theres another Company Called crowdstrike. They are more on the services perspective. You need to understand who the winners are going to be by analyzing the technology. I know we are able to from Financial Service industry. They analyze industries and learn all the time. So particularly for the entrepreneurs we can talk about the technologies that will n