字幕表 動画を再生する 英語字幕をプリント MALE SPEAKER: Today we have the pleasure of having Marc Goodman here with us. Marc Goodman has spent a career in law enforcement and technology. He has served as a street police officer, senior advisor to Interpol, and futurist in residence at the FBI. As the founder of the Future Crimes Institute and the chair for policy, law and ethics at Silicon Valley's Singularity University, he continues to investigate the intriguing and often terrifying intersection of science and security, uncovering nascent threats and combating the darker sides of technology. Let's give a warm welcome to Marc Goodman. MARC GOODMAN: Thanks [INAUDIBLE]. Thank you very much. Hi Google. AUDIENCE: Hi. MARC GOODMAN: Hey, how you guys doing? Thanks so much for coming, I really appreciate it. We need to also be thinking about the internet of things, right, because we're going to be attaching a lot more things to the internet. So it's not just the internet of things, it's just more crap to be hacked. We're switching from IPv4 to IPv6, that will mean that our network will grow from about 4 and a half billion simultaneous connections to 78 octillion, or 78 billion billion billion. To put it in perspective, today's internet is the size of a golf ball, tomorrow's will be the size of the sun. That means every pet, plate, prisoner, knife, fork, chair, every device will be going online with RFID and near field communication, because they'll basically be free. Our threat surface area is going to expand tremendously. And guess who's excited about this? General Petraeus of the CIA. Right, we will spy on you through your dishwasher. And you guys heard about this Samsung brouhaha? Where Samsung-- who hasn't heard of this? So right now, I have a smart television at home. But in order to change the channel, I have to push a button while I sit my fat ass in a Barcalounger and might burn a billionth of a calorie. So Samsung has solved this problem by allowing for voice interactive TVs. But in order to do that, they had to update their terms of service and say, everything you say to your television we're sending out to third parties. We're processing it, we keep it, and the like. It's in part of their terms of service. And then they said, Samsung did, by the way, if there's something sensitive you want to discuss in your own home, don't say it in front of the television because we're listening. Which didn't make people very happy, so there's a big brouhaha about this. "New York Times" talked about hacking everything from vents to soda machines. And do you guys remember that Target hack? You remember how they got in? Through the air conditioning. Yeah, the HVAC system. The HVAC was connected to the general network which was connected to financial management which was connected to the cash register which was connected to the point of sale terminals. When you have 78 octillion connections, the system complexities are so great. You have no idea what's connected to what. And bad guys are good at finding this out. Of course, refrigerators will be sending spam. This has already happened. This is already happening, right? Oh, and by the way, this has happened too, I'm sorry to say. So a lot of apps now have bitcoin mining malware in them. This is from the Department of Things Not to Connect to the Internet. In Florida, they thought they'd save money by connecting their prisons throughout the state online. It turns out, somebody hacked them and they unlocked all the doors at a maximum security prison in Miami, leading to a riot. Of course, cars are nothing more than computers on wheels, right? 200 chips. And people have hacked those, there was a guy in Austin, Texas that remotely disabled 100 cars. Everything from the air bag to the brakes to the steering can be hacked. And of course, we're putting computers, we're not just writing computers, but we're computers inside ourselves. There are 60,000 pacemakers in the United States and have an IP address and connect to the network. 300,000 implantable medical devices a year. At hacker conferences like Black Hat and DEFCON they're talking about how to hack them. Diabetic pumps. This is something called the Bluetooth Cannon. From a distance of 300 feet, it can find people that have got diabetic pumps and take 45 days worth of insulin and release it in five minutes. Resulting in a condition known as-- AUDIENCE: Death. MARC GOODMAN: That's very good. Mostly irreversible, very hard to change. This is my friend Bertolt Meyer. He was born without a left hand. He has one of the most advanced bionic arms and hands in the world. I said, Bertolt tell me how do you control your arm if you need to fix it. He was like, oh, I have an app on my iPhone that controls my hand. I said cool, can I see your phone? He hands me his phone, I start pushing buttons, his hand starts doing this. His body is online. By the way, I didn't need to have the phone because it's Bluetooth. I could have just used Blue Snarf or anything else to hack it. So again, our threat surface area is expanding. And it's not just today's technologies with ones and zeros, but there are other technologies. All the stuff we've been talking today, they've been hacking silicon. But there was another operating system, the original operating system, DNA. We only coded in ones and zeroes because we didn't understand DNA. Now we do. We can write software code in DNA. There are bio hackers. And you can take somebody else's DNA that you recover from a left tissue or a comb or a drinking glass and replicate it. And you can take that DNA and leave it at a crime scene. And according to a study, the cops can't tell the difference. So if you really really hate the guy in the cubicle next to you, this is a fun trick to play on them. Plant their DNA at the scene of a crime. And of course we will have new bio weapons that will be permitted through synthetic biology. Aum Shinrikyo, you guys remember them, subway attack in Tokyo? These guys had a bio program. They had $10 million that they spent from '85 to '95 trying to launch a bio attack. The biology wasn't there, so they went with a chemical attack. Today it is. And so we're going to have all of these new issues to deal with, ranging from cloning to discrimination to new forms of identity theft. If you find any this bio hacking stuff interesting, I did an article for "Wired" magazine. That's my ugly mug on the / so every crime that we have today with silicon ones and zeroes, we will have in the future with bio. What's the bottom line? With all of this computing, going golf ball to sun, we're increasingly connected. We're dependent upon these systems, and we're vulnerable. Computers run all our critical infrastructures, from electricity to health care to 911 system. And they're all hackable. There's never been built a computer system that couldn't be hacked. And we keep rushing, connecting more and more stuff to the net, but more connections equals more vulnerability. So what do we do? I'm not saying technology is bad, right? I'm in Silicon Valley. I love tech. Tech is awesome. Fire was the first technology. It could keep you warm at night. It could cook food in your cave, or you could use it to burn down the village next to yours. It's just how we're using it. But make no mistake, there is a war afoot between people that want to use tech for good and people that want to use tech for evil. And in exponential times, the ability of one person to reach out to 100 million or a billion people is a growing problem that we haven't solved how to handle yet. When the entire world is becoming a computer, Marc Andreessen famously said software is eating the world. When maps become GPS devices, when music becomes Spotify and Netflix is movies. Every physical object is becoming a computer. And all computers are run by code. So if you can control the code, in a world where computers run the world, then you can control the world. And the biggest problem is, unlike other times, most people have no idea that they're a victim. If you go out your garage in the morning and look for your car and it's missing, you're like, holy cow, my car was stolen. But when bad guys break into your computer, you don't know. According to a study by the US Secret Service and Verizon, only 6% of hacks of data breaches are picked up by the system administrator. 94% of the time, it's because customers complain, the FBI comes knocking at their door, or a competitor was also hacked. And this is a really scary statistic. This is the time to discovery. On average, it takes an American Fortune 500 company 211 days to know that they're penetrated. Which means that the bad guys are living in your system for nearly seven months, roaming around, putting in back doors, leaving malware, watching and studying everything that you're doing. And in the same study, they said that 75% of American corporations networks could be penetrated in just 15 minutes. So breaking into the information technologies of today is a lot like a hot knife going through butter. It's super easy. And yet all of these computers are the foundations of our modern world. So when they fail, when they're hacked, when that cyber crisis occurs, what is our backup plan? We don't have one. In effect, our modern society's is kind of built on a digital house of cards that can come falling down unless we start to care for. This is how we handle cyber threats today. We arrest people. The problem is that NYPD officer cannot make an address right, in Moscow, or in Canada. Internet broke policing. Policing only works city to city, country to country. International law is horrible for these types of investigations, and therefore we will never investigate or arrest our way out of the cyber threat problem. The two systems are completely mismatched, and yet this is the primary tool we use today. Right, the cops, we're in charge. We're going to handle this. We need to break that paradigm of policing. We need to get the public involved. The bad guys have been really good at crowd sourcing offense. We need to get crowd sourcing on defense on our own security. There are some great examples of that. This was highlighted at Google Ideas, organized crime and corruption project. These guys are crowd sourcing the investigation of dictators and their funds. And in Mexico, where over 50,000 narcotics related homicides have occurred in the past six years, people are using tools like Google Maps to go out there and crowdsource where the dope dealers are at great personal risk to themselves. So open source tools like this, free tools like this, can play a role in helping us to crowdsource our own security. But I think we're going to need to take it a step further. We have reserve Marines, reserve Army, reserve police officers. We have FEMA for national disasters. We have no national cybersecurity reserve corps. And we're definitely going to need one. And folks in this room are the exact type of people that I would recruited into it, because we're going to need your help. Because that big cyber emergency is going to occur, and we have no plan for when it does. The other thing I would offer is that we talk about cyber attacks. We use the language of medicine. We talk about computer infections. We talk about viruses. We use the language of medicine to describe the problem. But we don't use the tools of medicine to solve the problem. What could epidemiology bring to the table, right? What would a World Health Organization for cyber look like? Public health models, epidemiological models I think could go a long way in terms of helping to protect the internet. And by the way, what could we learn from bio-mimicry? Right, nature for four billion years has been building immune system's, resilient systems. How could we learn from biology and nature to drive this forward? Another big challenge is human centered design. Anybody every use like a Norton Utilities product. When my mom uses her software firewall, it says warning, error, MSCX DL3 DLL error at line code this. Do you wish to proceed? That is not helpful to my mom. It's not helpful to me. OK, think about all the beautiful products we have in the world. A Leica camera, a Porsche 911. Whatever those beautiful things are, where's the Johnny Ives of security? The guy that's going to design the most beautiful, human centered design for security. We don't have that. And so because of poor engineering and a lack of designed thinking, we're driving people to make poor security decisions. We need to fix that. And I also think that we need a Manhattan Project for cyber security. We need to get really, really, really intentional about this. And we are not at all. I think you guys about the XPRIZE Foundation? Just a couple miles from here. I'm working with them to launch a $20 million cyber XPRIZE for cyber security. Whether it's a 10-year-old kid in Chennai that's got the answer or an 80-year-old woman in Montreal, I don't care. We need to build more resilient and redundant systems to protect us. The good news is, just to put it all in perspective, we can fix this. Right, President Kennedy said in the 1960s, before this decade is out, we're going to put a man on the moon. We did that, with way worse tech then we have available today. If we could solve that problem, surely we could solve this cyber security problem. And we need to, because technology is awesome. And it's going to bring billions of people out of poverty. It's going to radically extend life. It's going to reduce infant mortality. It's going to educate millions of people they never had access to education previously. But in order to achieve that better future, we're going to get really intentional about protecting against these exponential undersides. The downside of technology. And that's what I'm hoping to do with this book, and I hope you guys will join me in that fight. Thank you so very much. [APPLAUSE]
B1 中級 米 マーク・グッドマン:『未来の犯罪』|Googleで講演 (Marc Goodman: "Future Crimes" | Talks at Google) 94 7 Alex Lee に公開 2021 年 01 月 14 日 シェア シェア 保存 報告 動画の中の単語