Author: Hackers, Industry Locked in ‘Arms Race’

The United States is under attack by cyber terrorists. Major corporations have been brought

to their knees. Government agencies are too entangled in their own web to protect business

or the infrastructure.

That’s the premise of a new book, No Outward Sign, by longtime cybersecurity

strategist and consultant Bill Neugent. Of course, in the world Neugent has created, the

hero is a ‘cyber vigilante’ and he falls in love with a beautiful FBI agent. And of course,

American companies aren’t really under attack.

Or are they?

Neugent says people shouldn’t be so sure. The author’s day job is chief engineer for cyber

security for The Mitre Corporation, a high-tech consulting firm for the federal government,

and he says he wrote the book to offer up a warning — a warning of possible things to come.

In an interview with eSecurityPlanet, Neugent says virus writers are actually a

God-send, and adds that we’re far more vulnerable than most people believe. He also says

we’re in a security ‘arms race’ and right now, the good guys aren’t doing so well. But that

could all change too.

Q: Bill, you’re a real security guy — an expert. Why write fiction instead of a

how-to?
I have the bug — the writing bug. I thought I would write the novel I’ve been wanting to

write and also do a public service by showing how it feels from an insider’s view to be

under attack. I wanted to draw attention to the kind of vulnerabilities that we’ve been

experiencing recently with worms and blackouts. I got a lot of calls during the blackout

with people asking if my publicist arrange it.

Q: What is the message that you’re trying to put out there?
My message is that we’re naked in cyber space… I have a lot of guys who work with me and

if they wanted to, they could write a destructive worm that would have catastrophic effects

across the world. There’s no defense against that. No defense. No defense. It would be easy.

They could use a Zero Day flaw. Or as soon as the patch is announced, they could write a

worm within a day or two. Without having done anything particularly hard or creative, they

could cause a lot of destruction. None of the worms we’ve been dealing with have been

particularly bad.

Q: Recent worms and viruses have caused a lot of damage. How could they not be

bad?
They could be a lot more damaging than they’ve been. The hackers who’ve written these worms

and viruses have done us a wonderful service. Every time they do that, they raise the

security bar on what vendors need to do to provide normal business-grade security. It’s not

us calling for it. It’s hackers writing worms and viruses that have raised that bar for

security. Thanks to hackers, we’re better protected against organized crime and foreign

nation states that want to harm us.

Q: How vulnerable are we today?
Highly. Nation states right now can build that malicious worm. They don’t because why would

they kill the cow they’re milking so successfully. It’s really easy for them to break in.

Our own government red teamers succeed in breaking in every single time. If our guys, using

Internet-grade tools, could do that, an adversary could do the same. But they don’t because

our networks are more valuable to them up than down.

Q: Why is that?
Hackers like to own systems so they can launch attacks against other sites. Organized crime

is wonderfully successful stealing money over the Internet. Look at identity theft. The

Federal Trade Commission says it’s the number one complaint from consumers. Identity theft

is a huge, huge problem. Criminals all over the world are stealing money so they want all

these networks up.

Q: But there obviously are countries and terrorist groups that would love to damage our

infrastructure. How much of a threat is that really?

There’s a lot of reported evidence of terrorists studying cyber terrorism. A couple of

months ago, the FBI arrested a student at the University of Idaho. He had alleged Al Qaeda

ties and he was getting his Ph.D. in cybersecurity. It means that cyber terrorism is not at

the top of the terrorist job jar but it’s in the job jar. It’s not their priority but

they’re working it. They haven’t gotten to the point where they’re an active force but it’s

just a matter of time.

Q: What do you think IT managers should be focusing on?
Automatic patching or as close to that as possible. For critical patches, their installation

must not be dependent on users. That’s absolutely fundamental. It’s a critical part of our

infrastructure that we have not had.

Q: What kind of coming attacks are worrying you the most? Are you expecting bigger and

more destructive worms? Are you looking for a direct terrorist attack?
It’s hard to predict the future. What I expect is terrorists to finally get some traction in

this domain and launch attacks. They won’t cause a digital Armageddon. It’ll be serious but

limited damage. It’ll be done along with physical terrorism. They might blow up a bridge and

then launch a cyber attack on the 911 system so people can’t call for help.

Q: Are American businesses safer now than they were six months ago or even two years

ago?
That’s a tough one. Losses are greater now. That’s proof that maybe we’re not so safe. I

expect that in two to three years, especially as Microsoft’s investments start to pay off,

we’ll see substantial improvements in cybersecurity. But the number of vulnerabilities have

been doubling every year and the number of attacks has been increasing at at least that

rate. Our security is better, but we’re no safer. It’s an arms race and the bad guys are

advancing as well as the good guys.

Q: Who’s winning the race?
I think we’re losing a number of battles right now. For right now, I think the bad guys are

winning. They’re getting money. They’re getting information. If they really wanted to launch

the destructive malicious worm, it would be devastating. They haven’t yet, but they’re

capable of doing that.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020