Cybersecurity expert: The U.S. is facing big challenges

Cybersecurity expert: The U.S. is doing almost everything wrong

Joe Kornik: Welcome to the VISION by Protiviti Interview. I’m Joe Kornik, Editor-in-Chief of VISION by Protiviti, a global content resource examining big themes that will impact the C-suite and executive board rooms worldwide. Today, we’re exploring the future of government and I’m joined by Tom Vartanian—an author, lawyer, futurist, board member, and former federal bank regulator. Currently, Tom is the executive director of the Financial Technology & Cybersecurity Center, the Alexandria, Virginia-based non-profit that advocates for dynamic financial services and public policies. Tom served as a regulator in both the Reagan and Carter administrations and he is the author of nine books including his latest, 2023’s The Unhackable Internet: How Rebuilding Cyberspace Can Create Real Security and Prevent Financial Collapse. Tom, thank you so much for joining me today.

Tom Vartanian: Joe, great to be back.

Joe Kornik: Tom, as I mentioned in my introduction there, you are the executive director of the Financial Technology & Cybersecurity Center. Can you tell us a little bit about the center and its mission?

Tom Vartanian: Yes. What I wanted to do after being a regulator for a number of years and practicing law for 40 years is sort of bring to bear the concerns I had about the future financial services and particularly how it’s impacted by technology and security questions. What we wanted to do was set up a center that would focus on cybersecurity, focus on the future of fintech and key on to the issues that we think we need to consider to make financial stability the preeminent and dominant concern in the future.

Joe Kornik: Yes. I mentioned your excellent book in the intro and in it you addressed the threats facing the integrity of our national security and our financial services sector including the possibility of cyberattacks by foreign adversaries like China and Russia. Your book poses a challenge to America to take the lead and create a coalition of democratic nations to implement financial cyber strategies. Why do you think this is so critical to the future?

Tom Vartanian: You can go on to the CISA’s website today and look at the numbers that they have prominently on their website. CISA, which, of course, is part of the Department of Homeland Security, says that one in three, five people in America have malware on their computers, one in three. 47% of us in the country have had personally identifiable information collected about us, 47%. 600,000 accounts are hacked daily. $4 billion in crypto is stolen each year and ransomware attacks are now averaging—the theft of more than 500 million—there are more 500 million ransomware attacks every year, 500 million around the world. What you see is a scale of devastation and destruction that has to be put into some context relative to the enhancement of the human quality of life that technology can provide. And I think we are losing the battle in that balance because we’re irrationally focused on the upside of technology and not very focused on what can happen on the downside. We don’t know so much about technology and we’re playing as if it’s always going to be benevolent and good to us, but the problem is that there are so many people increasingly every year using it for bad purposes and to steal money or to influence elections or bring down governments.

Joe Kornik: Let me ask you a question. As a country, is the United States of America doing enough? Do we have the right people on it? Do we have the right investment pointed at it? I mean how are we doing in that realm?

Tom Vartanian: I think, Joe, that we are playing into the hands of our adversaries. Let me say it this way. If we wanted to build a system to allow our adversaries to take as much advantage of critical infrastructures, money, power, and every possible aspect that our government relies on, we wouldn’t built the system we built online, right? Because it is highly insecure and it is increasingly vulnerable to attack. When the internet started in 1969, the ARPANET, it was established to communicate messages, not to store data, and here we are, all these years later, storing all the data on the planet and all of the value on the planet on a system that was never built to do that, right?

Again, I think it changes the scales and the balance of things. It allows countries that shouldn’t be able to punch above their weight to punch above their weight. North Korea is probably the best example of that. It’s basically running its economy off hacking, right? It’s all of this money they’re making from hacking everything around the world, it’s giving this money to run its economy and run a nuclear program. Right? So, we’ve got to start seeing that we can think in terms of traditional regulations, traditional concepts if we’re moving forward in a world where the scale has changed and the balance between good and bad is now moving dramatically.

My bottom line is, is that we need leaders in this country to basically move forward with an agreement among democracies. Forget the other countries that aren’t going to come in, dictatorships and totalitarian governments, they’re never going to come along because they’re now seeing technology as the way that they can control their people. I mean if we had an hour, we could talk about what’s going on in China with 300 million facial recognition cameras, giving everybody a social score, right? For totalitarian governments and dictators, technology is now the greatest thing in their hands because it will prevent them from ever being out of power, because the facial recognition, they will know when two people are meeting that they think shouldn’t be meeting and that’s pretty scary.

I think the answer to your question, the government hasn’t done enough, isn’t spending enough and isn’t focused enough on these issues because at the end of the day, said very simply, a lot of these issues are not campaign issues you can raise money off of, right? Those are the issues, whether they’re important or not, they tend to draw political donations and that the politicians tend to focus on. The second problem is that I don’t think most people on the hill understand more than—about technology than how to turn on their computers. I mean you can watch any congressional hearing you like, the ones with Mark Zuckerburg and Facebook were interesting, and you realize that most of the questions have been written down and the people asking those questions really don’t understand the broad significance of the questions and the answers that they’re getting.

The sad thing is that Bill Clinton in 1996 nailed the problem. He identified critical infrastructure. He had great people working on his cybersecurity proposals and he nailed the problem. And he laid out the fact that we need to protect critical infrastructures because of the inherent vulnerabilities of the systems that they’re on. 25 years later, probably 27 years later now, we really haven’t made much progress. If you compare, as I did in the book, the executive orders of President Clinton, President Bush, President Obama, President Trump, and now President Biden, they look eerily alike as if somebody’s just cut and pasting every four years. Who’s running the technology parade? The technology parade is being run by the private sector: large, big tech companies. At the end of the day, I ask the following question. You may not like the politicians we have, you may not think they’re making decisions, you may not think they’re doing anything, but at the end of the day, do you want them deciding the future of your life as elected officials that you can elect or un-elect? Or do you want Jeff Bezos or Mark Zuckerberg making those decisions, because that’s who’s making those decisions today, the guys that run big tech and that’s not the world I want to live in.

Joe Kornik: Tom, it’s some pretty scary scenarios that you laid out and something that would require cooperation first in this country and then globally among other countries. It feels like a pretty daunting task, to be quite frank.

Tom Vartanian: I’m going to leave you with one example, Joe, just very briefly. Today, RSA encryption, which is the typical encryption being used by financial institutions to protect data, is a 2048-bit encryption which means the key is 2048 bits long and to make it simple, it’s very complicated keys. So, to run a brute force against a 2048-bit encryption data, you probably need 300 trillion years to break it and then you might break it on the first try, but to go through every possible permutation to break a 2048 RSA-bit encryption, you would probably need 300 trillion years. All right? Quantum computing. We are now within 10 years of having high-powered quantum computing, which will be, for some purposes, enormously powerful and enormously useful. A 4099-cubit quantum computer—and we have only now, I think we’re now just approaching 1000 cubits quantum computing— so that’s the ways off, but a 4099-cubit quantum computer can reportedly break that 2048-bit encryption, not in 300 trillion years but in 10 seconds. That’s why it’s being reported that the Chinese are gathering up all of the encrypted information they can today so they will be able to decrypt it tomorrow.

Joe Kornik: Is the United States far behind the rest of the world when it comes to this—making sure that we’re protecting ourselves?

Tom Vartanian: Yes, it’s a great question. I addressed that question in the Unhackable Internet and I said China’s going to have some severe economic problems themselves, but China’s plan is to by 2030 have the largest economy in the world, the most sophisticated technological prowess, be dominant in artificial intelligence and be dominant in quantum computing. If they do those four things, that’s not going to be a good day for the United States of America, and they’re outspending us in each of those areas. They’re outspending us in artificial intelligence, they’re outspending us in quantum computing. They have built bigger quantum networks than we have built. Right? I think we’re thinking like people who have been on top, not realizing it’s harder to stay on top than it is to get there, and everybody else is running fast to get to where we are. We’ve got to spend the money judiciously to guarantee our future in the technological sense.

Joe Kornik: Last question for me, Tom and that’s how optimistic are you about the future when you put it all together and take a look over the next—let’s say 2030 and beyond, how optimistic are you that we’ll get most of this right?

Tom Vartanian: I think we’re getting most of everything wrong today and that makes me pessimistic. I mean, you can talk at any level: social, cultural, financial, political. We just seem to be getting so many things wrong and I equate it to a lack of the ability to prioritize. I think we’ve lost our capacity to prioritize the issues that are really, really important. I think we will continue to muddle along and do just fine as long as everybody else is doing worse, but as other countries and other systems begin to do better, it’s going to shine a light on the flaws in our system. It’s going to shine a light on the archaic makeup of our regulatory system. It’s going to shine a light on the fact that we’re focused on the wrong issues at the wrong time for the wrong reasons. It’s going to focus the light on the fact that we’ve let so much of the financial services business that takes consumer dollars be completely unregulated.

I am what I call guardedly pessimistic. I mean we seem to muddle along and do just fine, but when you look at something over a long trendline, which I look— I tend to look at 25-year trendlines—you can see we’re not going in the right direction on any of these issues and I wrote in one in op-ed that I thought the only solution to those problems was better leadership. I concluded that we just weren’t electing at any level the kinds of leaders we need to confront and solve these issues and that to me is the fundamental problem that we’ve got and unless we were able to stand up as voters and say, “Look, you got to give us better candidates.”

Joe Kornik: Sure. That seems like almost an unsolvable problem. I hope I’m wrong, but that seems like a really, really difficult one to fix.

Tom Vartanian: Yes. No, I agree, that’s why I’m guardedly pessimistic.

Joe Kornik: Well, Tom, you’ve given us a lot to think about today. I appreciate the time, the insights and the conversation. Thanks so much.

Tom Vartanian: Thanks, Joe. Thanks for having me. I really appreciate it.

Joe Kornik: Thank you for watching the VISION by Protiviti Interview. On behalf of Tom Vartanian, I’m Joe Kornik. We’ll see you next time.