‘Everything can be hacked’: Cybersecurity experts explain the dangers of internet connections

1:30 p.m. update: The Greater Columbus Economic Development Corp. offered the following clarification to source statistics given in this story.

Jason Hester, Greater Columbus Indiana Economic Development Corp. president, clarified source material for a statement about cybersecurity job openings in Tuesday’s story about the EDC annual meeting. The information was sourced from Cybersecurity Ventures who estimates there will be 3.5 million cybersecurity job openings by 2021.

ORIGINAL STORY

The City of Columbus bought cybersecurity insurance a couple of years ago, and the message shared by the keynote speakers during the Greater Columbus Economic Development Corp.’s annual meeting reinforced that decision, Mayor Jim Lienhoop said.

“There is no silver bullet in cybersecurity. Everything out there is hackable with enough time, with enough tools, with enough expertise,” said Stephanie Domas, vice president of research and development for MedSec, a cybersecurity research company that helps the health care industry and medical device manufacturers.

Even a pacemaker can be hacked, she noted.

She and husband Christopher Domas spoke Monday to a near capacity lunchtime crowd of 384 guests at The Commons for the EDC’s annual meeting. Christopher Domas is a senior researcher for Intel Corp., which specializes in embedded systems reverse-engineering and vulnerability analysis.

[sc:text-divider text-divider-title=”Story continues below gallery” ]

Click here to purchase photos from this gallery

He spoke about offense — trying to attack weaknesses — while she spoke about defending systems.

The need for security against electronic systems used by hospitals, businesses and local governments is real, they said.

“Cyber crime is a multi-billion dollar a year industry,” Christopher Domas said.

He noted that last year a cyber criminal organization stole 600,000 patient records from an organization of hospitals. Not only can criminals make millions selling that information over and over, but a medical record — with all the personal information it contains — is a “veritable blueprint for identity theft,” he said.

In January 2016, for example, Hancock Health ended up paying a $55,000 ransom to hackers — believed to have been located in eastern Europe — to regain access to its computer systems. Ransomware targeted more than 1,400 files, including patient medical records.

“The city (of Columbus) has cybersecurity concerns because there have been stories around of other cities subject to ransomware. We’re fortunate that we’ve not been hit by that, but the concern is why we got the insurance,” Lienhoop said.

The couple stressed that hacking can take various forms, from unintended hacks by “script kiddies” — unskilled hackers — to organized cyber criminals all the way up to multi-year efforts by nation-state groups.

Hackers also write malware tools that can be used by unskilled hackers.

“We find that this is one of our biggest threats online,” Christopher Domas said.

The couple said that cyber crime is a problem that everyone must take seriously.

One way is with ethical hackers who look for vulnerabilities in computer systems in order to point them out so better defenses can be designed.

Companies, health care organizations and local governments, for example, also need to weigh how much risk they are willing to take in terms of their cybersecurity, Stephanie Domas said.

There is also a need for more people with cybersecurity skills to meet the growing need for that expertise, the couple said.

The Bureau of Labor Statistics projected that the employment of information security analysts will grow 32 percent in the next 10 years, and there will be 3.5 million cyber security job openings by 2021, Steven Combs, chancellor of Ivy Tech Community College — Columbus, said when introducing the couple. And, some predict a shortfall of 1.8 million cyber security partners, Combs added.

Cybersecurity has become so important that Ivy Tech and the Indiana National Guard partnered last year to start a cyber academy at Muscatatuck Urban Training Center near Butlerville. The program allows students to earn a cyber security/information assurance associate of applied science degree in 11 months through an accelerated program.

Additionally, the National Guard’s first Midwest cyber battalion was awarded to Indiana and will be based at Muscatatuck in Jennings County, where about 100 soldiers will be trained in cybersecurity and cyber warfare.

Lucy Smyth, of Franklin, is a National Guard soldier who started at the cyber academy in August.

“I originally joined the National Guard because I wanted to get into the cyber field, because that’s where everything is really heading. Right after I finished my training I heard about this program and knew that I wanted to get in,” she said.

Cybersecurity also is an industry in which the City of Columbus is targeting business investment, just as it is with pharmaceuticals and aerospace in an effort to diversity the local economy so the city is not so reliant on the automotive industry.

Lienhoop said cybersecurity is appealing as a growth industry because it’s not cyclical like other industries, doesn’t need physical plants that manufacturing operations do and requires a smaller workforce — which is helpful with the county’s low unemployment rate of 2.5 percent.

[sc:pullout-title pullout-title=”Other meeting highlights” ][sc:pullout-text-begin]

Jason Hester, president of the Greater Columbus Economic Development Corp., presented the organization’s annual report Monday during its annual meeting at The Commons.

Some of the highlights:

  • Trips to cities such as Chicago, New York and Las Vegas domestically, Pune and Bangalore in India and to Japan seeking business investment in Columbus.
  • This year trips are planned to Japan and Germany.
  • This year, six business expansion projects by local companies resulted in $60 million in investment and 257 more jobs. Last year saw $135 million in investment resulting in 189 jobs.

[sc:pullout-text-end]