The next victim of cyber crime or cyberterrorism may be a patient driving to a Boston hospital for a doctor’s appointment.
Lynn Dugle, President of Raytheon Intelligence and Information Systems, says that “white hat” engineers have hacked the wireless payment systems embedded in Boston parking meters. They have hacked the Toyota Prius or Ford Focus that the patient may drive to the hospital.
And they can potentially hack the pacemaker keeping the patient alive.
The Food and Drug Administration has documented “dozens of cybersecurity incidents affecting hundreds of medical devices,” Dugle told hundreds of business leaders at the AIM Executive Forum in Waltham this morning.
An increasingly networked, mobile and data-driven world economy has put organizations ranging from the U.S. military to the neighborhood restaurant at risk of theft by wire. Dugle said that nation states, criminal syndicates and lone hackers are distorting financial markets, accessing biotechnology secrets and even destroying the equipment on factor floors.
The cost of cyber espionage and cyber crime could be as high as $100 billion annually, according to Dugle, who runs $6 billion business with 17,000 employees charged with protecting computer networks that run the United States government, the military, the electric infrastructure, the financial system and broad swaths of private enterprise. One quarter of all network security breaches occur in retail stores and restaurants; 20 percent take place at manufacturing, transportation and utility companies; and another 20 percent hit information and professional security firms.
Part of the issue, Dugle said, is the sheer volume of data created worldwide. More than 1.8 zetabytes of data were created globally in 2011, equivalent to 36 million years of high-definition television.
“Part of a protection strategy has to do with how much territory you have to protect. The bigger the territory, the harder it is to protect,” Dugle said.
What can employers do to make their operations secure? Dugle offered a three-part prescription:
- Defend against Advanced Persistent Threat, which is a sophisticated and often invisible effort to target a network. Dugle urged companies to audit and defend the most accessible entry points to their networks, most often employee smart phones and laptops.
- Reduce Threats from Insiders . The best security standards and protocols in the world are meaningless if the people using them bend the rules, refuse to follow them or circumvent them. Leaks from former National Security Agency contractor Edward Snowden illustrate the magnitude of the threat from inside, Dugle said.
- Train employees to minimize cyber threats. Raytheon has initiated bi-annual cyber training programs for 68,000 employees, according to Dugle, and has reduced by half employee click-throughs on malicious emails.