Securing the “Wild West” of the Internet of things

The internet is a social benefit, but more and more, it’s also a social threat. There are a lot of  different ways that it’s playing out, but one way that isn’t as appreciated is how devices are connected, in what’s called the internet of things. Our next guest is Joe Saunders. He’s CEO of a company called RunSafe Security, and is very much involved in this issue. What’s Working in Washington spoke with him about the internet of things and, frankly, why it’s important that those issues are solved here in the D.C. region.

ABERMAN: Well, we have a lot of listeners that are interested in business and entrepreneurship, but not all them are going to be techies. So, what is the internet of things?

SAUNDERS: Well, every device is now connected. The idea is to enable mobility, and a lot of benefits for consumers, so they’re not tied down to a desk. But also, it’s a means of collecting information. So, if you’re operating a water dam, or a data center, and you want to know what the environment is around that water dam, or that data center, there are sensors out there that are reporting information. That’s much part of the internet of things as a mobile device, or a connected car. So, all of those things can be included.

Subscribe to the What’s Working in Washington podcast on iTunes.

ABERMAN: This is an enormous trend, and I think it’s going to accelerate as we deploy much faster cellular wireless capability. Technology is moving forward rapidly, so that every electronic device in some way will be connected with the internet into other devices, so what we do, how we do, what we read, what we think, how we go through our lives, is collected, as is the various things you mentioned—water treatment facilities, oil processing, whatever—it’s all connected for business efficiency, but it’s creating enormous hacking threats.

SAUNDERS: Absolutely. And I’d like to say, there isn’t such a thing as mobility without some semblance of security. So, securing the internet of things, or protecting critical infrastructure, and enabling that collection information is key, and the threats are are real. With every new device that’s connected to the internet, that gives hackers one more angle of attack, or increase to their attack surface to compromise information data, or location information.

ABERMAN: My understanding is that the issue of hacking, stealing credentials, taking over computers so you can use them to do cryptocurrency mining, these things are all happening, but computers have a lot of processing power. There are a lot of ways to take advantage of them, but my understanding is a lot of these devices—-webcams or sensors, and so forth—they don’t have the same amount of computing power, but in some ways, it makes them more useful as a hacking tool, because you could just get in there by mastering a small amount of code, just taking the damn thing over. Is that what’s going on?

SAUNDERS: Yeah, you know, there’s a good example from last year, the end of November of 2016, when over three thousand video cameras and other internet of things devices were compromised. And hackers know, if they figure out how to vulnerability in a device, they can then use that device for their own purposes, beyond what that camera was originally intended to do. So, part of the internet that was the brown-out that occurred in November 2016 was a result of over three thousand devices being controlled maliciously, by a hacker or a group of hackers, and they embedded malicious software in there to then target websites, and take down the internet.

Obviously, that was not the intended use of of a video camera. To your point on cryptocurrency, mining the blockchain, and using that otherwise dormant computing power has been proven to show that there’s—Europol just came out that over five and a half billion dollars of laundered money has occurred through cryptocurrency. Part of that is leveraging devices that that can’t be traced back to the original person who’s perpetrating the fraud, or the laundering, or the malicious activity.

ABERMAN: Basically, what’s happening is that people are using internet of things devices and computers in a disguised manner to create massive computers that they’re using to steal information, to create cryptocurrency, to divert information. It’s the Wild West out there. You started this company, RunSafe, here in town, you went through the Mach 37 accelerator, you clearly have been through the process of starting a business. What was it about this that was your “aha!” moment where you said that this is a problem that you want to solve? Did somebody hack your toaster? What happened?

SAUNDERS: It comes back to a program I worked on on behalf of the U.S. Government, which was really looking at the theft of intellectual property. One of the common themes was cybersecurity attacks. From there, the problem magnified in my head in terms of, what is at stake here? The threat of intellectual property is one aspect, obviously it undermines our economy if nation-states are stealing our intellectual property, which they are.

If you take that a step further, though, and you say, if you want to compromise or undermine other activities, if you want to cause a power outage at a utility or a data center, and, all of a sudden, computing facilities can’t operate, then that has an economic impact as well. So, it’s kind of a convergence of an economic impact that’s a real threat to our country, as well as a desire—our team is built around making the world to safer place. We think that begins with protecting water treatment centers, protecting water dams, protecting utilities, protecting energy facilities, and without those basic services provided, we’re all going to have suffering.

ABERMAN: So, you were in the government, and then you started a business. Do you think that your life journey over the last few years is indicative of how entrepreneurship really happens in this town?

SAUNDERS: That’s what’s amazing about the D.C. area. You’ve got tremendously talented people, say, at the NSA, or the Department of Defense, or across the intel community, or at the FBI. In all of these government facilities, cybersecurity is the paramount. So, the D.C. area has a significant number of very talented cybersecurity people. To your point, I think there is an opportunity for all sorts of people. What makes D.C. great, in part, is that there is an ecosystem for cybersecurity as a viable commercial approach, and an enterprise. So, with that, I do think that’s part of what makes the D.C. area great. With all the people here, there’s a tremendous ecosystem to support that.

ABERMAN: I’ve had folks from outside the region say that there’s no tech talent here, that everybody here is a service guy, a plumber. Do you buy that argument?

SAUNDERS: There’s definitely specialized capability in the cybersecurity area. There are some of the world’s best security researchers here. They’re being funded by NSF programs, are being funded by government programs. There’s DARPA, which is attracting a lot of interest, or IARPA, for that matter. There’s a lot of dollars here that goes towards R&D, and some of the base things that are used to enable true security solutions, they’re being funded out of programs like that, and launched.

ABERMAN: And if you weren’t solving this problem, what would you be doing with your spare time?

SAUNDERS: I grew up in the great state of Michigan, and I, at one point, considered that the center of the universe. I’m a big fan of the Michigan Wolverines, so that’s near and dear to my heart, and that keeps me busy, but I do think it’s in the area of various forms of risk and security, professionally speaking. It’s really looking at what is at risk, and how you can solve something economically. That’s my professional mission—how do you solve a risk problem using economics?

ABERMAN: Technology’s catcher in the rye, ladies and gentlemen. Joe Saunders, CEO of RunSafe Security. Thanks for joining us.

SAUNDERS: Thank you very much.