March 7, 2017
INTERVIEW WITH DARIN ANDERSEN
Host: Ernie Brown
Topic: WikiLeaks’ massive release of highly sensitive documents that allegedly reveal the CIA’s covert, global use of software designed to hack smartphones, computers and internet TVs around the world. The release is regarded as a serious setback for U.S. intelligence agencies, which use cyber- hacking to carry out espionage against foreign targets.
Q: We’re joined by Darin Andersen, chairman/founder of CyberTECH, a San Diego-based coalition of tech-inspired companies. Darin, do you think we should be surprised about all this?
A: Well, it’s true that the involvement of the CIA, the NSC and other government agencies in such covert actions has been well-known for a long time. But I’d say the extent, the depth, may be surprising to some.
Q: Do you think this will cause damage to the intelligence community?
A: I would say that probably among the public, this has some impact on their comfort level with the government in general, especially with the Intelligence community. I think we all have to look across government now and suggest that there are certainly questions about our government’s ability to prevent leaks. But in particular with the Intelligence community, there’s definitely some loss of confidence. This isn’t the first time this kind of information has come out. For many people, this reinforces the fears they may have about our government.
Q: Where did they get this information?
A: That’s hard to say. It may have been through a physical breach, but I suspect that you had a leak here by somebody who’s an insider that’s passing along sensitive information. Alternatively, they might have broken into government systems, which is not unprecedented, but in this version seems unlikely. If you look at any of the information provided by WikiLeaks, a good deal of it comes from insiders. Bradley Manning would be a good example of that – the leak of tens of thousands of classified documents to WikiLeaks.
Q: Is it possible anymore to keep secrets at the governmental level?
A: Within the government, ironically, is where a lot of secrets are kept, because they have a very strict system about how they information- and knowledge-share within their organizations. What we’re seeing more and more of, is people because they consider themselves to be conscientious objectors, they’re starting to leak this information out to watchdog organizations like WikiLeaks. You’re always going to have those activists that put this information into the public domain, and actually think they’re doing the right thing by doing that.
Q: Is there a way to stop that from happening?
A: Yes, there’s a way to stop it, of course. You could, for example, make penalties for sharing that kind of information very stringent. You could put them in the brig. You could put very harsh consequences into law. But the reality is, there is forces in government who regard this as part of our democracy to leak out this kind of information. Then there’s another school of thought inside our own government that thinks this type of information needs to be protected and that it can damage our own personnel and our own national economic well-being.
Q: I know we’ve seen so many businesses get hacked, Sony, famously, was hacked a couple of years ago. Are people now taking this more seriously, that no matter what your security systems are, there may be a way to get that information out?
A: I think people are taking things more seriously, but I put a caveat on that. I think people feel somewhat helpless to do much about it. So while it’s closer to the middle of their radar, it’s not necessarily something they think they can do much about. And I think, historically, we believe in government as being the “fix” for this, if not their employer. I think people are understanding more and more that, if they want to protect their own identity, that they have to take matters into their own hands. By that, I don’t mean any vigilantism. I just mean that people need to start to protect their own security, by practicing good cyber hygiene, by doing things to protect themselves, things that make them more strongly protected than the person next to them.
Q: It’s interesting that the government would be looked at as the answer to all of this, when you consider that the Pentagon was hacked, the State Department was hacked, the White House, the IRS – all the government agencies, to some extent.
A: Yes, I would say that historically, there’s the belief that government could do anything, right? The government could take us to the Moon. The government could defend our borders. The government could protect our power overseas. But I would say, more and more, that confidence in our government maybe has eroded and our personal security has followed suit.
Q: Does the CIA need to start over again and come up with new ideas, now that this information is out there?
A: Well, that’s not going to happen. So really, we have the deck of cards and the hand that we’ve been dealt here. What we need is a reform movement within the CIA. But the biggest change needs to occur at the macro level: What is our expectation for security and privacy as citizens? Do we have the right to expect that our government, our employer, other institutions, will actually look after our security? Or is it something that we have to take care of ourselves? Like preventing forest fires. Fastening our safety belts. These are public-social issues that individuals have to contribute to — for the well-being of our society.
Q: What can we do as individuals? What should we do?
A: Well, we can practice our own good cyber hygiene. What I mean is, it’s like out-running the bear that’s chasing you. And there’s somebody that’s slower than you between you and that bear. What I mean is, by changing your passwords, by not giving your passwords away, by making sure your data is not at-risk, that you’re careful about what on-line services you use. That you’re attentive to what emails that you answer, so you’re not getting phished or scammed in some way. There are all things we can do as individuals to protect ourselves. The new area of threat is the Internet of Things – what I like to call the “wear-ables, live-ables, drive-ables” – all those things are connected to the Internet and to our lives. The things we’re driving, the things we’re living inside of. Those things have serious security vectors. We’ve heard recently about cameras that are home-based that have been hacked, about baby monitors, the smart vehicles that we drive all have vulnerabilities, even our medical devices. So we have to demand from our leadership that there’s a public-safety expectation that should come along with that – that my car shouldn’t be able to be driven off the road and into a ditch. And that the manufacturers of these products have some obligation in that.
Q: Would you take a lot of these products off-line?
A: I don’t think that’s possible. We’re part of a global economy now. We don’t product all the innovative products in the world. We have competition in Europe, especially in Asia. And those products are innovative because they’re connected up to the Internet. And we’re creating, let’s say a smarter infrastructure of devices – things again that we live, wear and drive – are becoming more knowledgeable, smarter, and more customized to what we use. It’s really hard to put the genie back into the bottle. Now, we have to be more attentive to how we build our own security posture and also how we protect those devices and make good personal choices.
Q: Who’s winning this battle these days? The hackers? Or the people trying to protect themselves from the hackers?
A: Clearly, they hackers are in the lead right now. They’re highly motivated. In some cases, they’re highly funded. There are many hacker “types” – whether they be state-organized and government-funded adversaries. Or it could be “hacktivists” who have some political agenda that they want to settle with the West, that they want to change our way of life. And you have just plain criminals – they’re either funding the first two activities or they’re trying to create financial gain for themselves. So they are highly motivated and highly skilled – they have busted out of the shadows and it’s now a global industry. And we should expect a great deal of hacking activity from our adversaries, foreign and domestic.
Q: Speaking of adversaries, is WikiLeaks in bed with the Russians?
A: I think you would have two or three different arguments about that. Nobody really seems to know. If you look at (Julian) Assange’s past, to his situation of not being locked up in an American jail, that you could argue that the Russians have some hand in that. Whether it’s the Russians or the Chinese, that gave him some shelter in a time of need. Maybe there is a kind of allegiance, some sort of alignment, with the policies of those governments.
Q: I suppose that the person who leaked this information from the CIA knew that once it got out there, that the Russians would pick it up at that point. What do you think their motivation would be?
A: Well, the Russians are extremely sophisticated hackers. In some ways, I consider them more technically adept than our Chinese adversaries. And their motivations, which go back now many generations and decades, are about de-stabilizing our way of life in order that their way of life could actually predominate and have a larger impact on the planet. It’s about changing the balance of power, realigning the global vision – from one that looks decidedly West to one that looks decidedly East.