Welcome to inside story. Im ray suarez. When the german wings pilot comman deered a plane heading from barcelona to germany and crashed it on purpose in an act of suicide and mass murder. People asked wasnt there a way to take over a plane like that and fly it safely. It turns out there was, but people are afraid of aggressive hackers being able to pluck a plane out of the sky and fly it somewhere. As Companies Like google inch closer to perfecting driverless cars, it turns out you dont need to worry about whether the technology works, but whether advances will attract hackers for mischief and crime. Its not fun to have your 2 tonne s. U. V. s cars hacked as you park in front of a ditch. Reporter this video sparked a recall. Professional hack ertion taking hackers taking control of a vehicle in an sperms. An experiment. Fans. A dashboard interface ruled youconnect leaves millions of cars and trucks vulnerable to a hack attack. It was announced the bug would be fiffed. But any vehicle connected to the internet could be at risk. We are two guys with one car. We cant look at every car. We want to release this information. Problem. The open road is the latest battlefield in a hackable world. Last week the website Ashley Madison suffered a data breach. Thousands of members are at risk of having their names, addresses, nude photos and fantasies exposed on the web. Millions of people victimize the by cyber criminals over the past few months. 80 of attacks that we see are coming from organised crime. These are people going to work like you and i do. Presented. Earlier 100,000 accounts were hacked. Filing fraudulent returns collecting 50 million. The information they needed was simple name, social securitiy, birds day, home address. Domain. That data is in the hands of the hacker community. From retailers like target and home depot. Nefrl ever yoi corner. Marketplace fell pray to cyber crime. In june, the federal office of personnel manage was hacked, compromising information for millions of current and former employees. The pentagon and the white house were breeched last year. Russian hackers scooping up officials. We analysed the network activity, associated with network. An ibm study estimates that companies lost 3. 8 million to cyber crimes. 27 increase from 2013. Thats the result of more money spent on detection and prevention, combined with lost business and damaged reputations in the wake of a breach. The majority of that data winds up for sale at the online bizarre known as the dark web. On the dark side of the internet, to give you context. A credit card number is worth a dollar or less. A credit card number is worth 50 joining me now is the director of Vehicle Security Research at io active and charlie miller, an engineer in platform services. We saw you standing by your handiwork a few moments ago. Lets start at the beginning. For people who are trying to get clear on where their vulnerabilities are, if you are in possession of a machine that can talk to a machine, are you open. Investigation. Are you vulnerable. Really anything that looks at data can be vulnerable. That applies to cars, pcs or anything else. So is it as simple as just thinking about security earlier in the process . I think security should be thought about from the beginning. Its not just code, its the way you design things, the way you architect things, and it doesnt change overnight. Its not a problem to solve over the weekend. It takes a lot of maturity and experience. Its growing pains that every industry goes through and hopefully they get better overtime. Priffeders. Is the knowledge of how to do what you and chris did to that vehicle widely distributed or places. Its not widely distributed. Thats something that chris and i will change, sharing research with other researchers like us. We can work on a couple of cars. We looked at chryslers, who looking at forwards and g. M. S. We want to get that information out there so we can dig in and make sure cars are safer. It wasnt that chrysler was extra vulnerable, you picked them. They may be weaknesses that exist across the technology. We dont know for sure. We want to look at the car. Theres no reason to think chrysler is more susceptible. Had we looked at a forward, its likely we would have come to the same conclusions. Will this slow down the development of technology involving using the internet and automobiles . I dont think so. They are going to produce this technology and push it out. Consumers demand it. Consumers have to be baked into the process. Hopefully what we showed earlier was a nice learning tool. They can take these issues more seriously. Are we moving head long into a world of applications that we have not thought of yet. I mean, this happens to be one. I think its fair to say not long ago the idea that you had farfetched. The car i learnt to drive in was not on the internet. Some are surprised even that their car today is on the internet. If they dont pay for a service, they dont realise its on the internet. In the every car today is, plenty are, and in the future, 10 years, every car will be. It will be crazy to thing of a internet. Are we talking about common life in almost contradictory ways. We are trying to make it seamless, uncomplicated and easy so that children do it. And with another voice say be very worried. There was they pull out that device and check things at home. And go onto your work computer system, but dont do that. Its hard to keep up with it all, isnt it . Definitely. I love the new features and the high tech stuff. As a society, i dont want to stop doing that. We want to make sure we take a second to do that. I want to go in the coffee shop and use a wifi. The computer should be secure. We should drive the car and get traffic updates without worrying about updates. We want the technology. How far away are we from sitting in a car, popping in an somewhere . I wish i knew. I am sure theres a lot of people smarter than me working on that problem. It seems to be the way to go. We as humans are bad at writing coat and driving. Hopefully we can use the technology to help us get places in a safe reliable fashion. And use devices while we are sitting as a passenger in the driverless car, no . Absolutely. Who doesnt want to. You take your kids on vacation, they have the nintendo ds. Someone else can watch a movie on the ipad. We can have the technology and connectivity connectivity, and it makes life more enjoyable or convenient. As charlie said, we want to make sure security is not an afterthought and its thought about when making this thing. Chris from bioactive, and charlie from twitter great to have you both. We heard about the possibilities, both from upside, so what do you do. Can you set the exciting technologies free and at the same time build in enough protection that users are not waiting for the next attack. Virtual and vulnerable. Being a musician, theres no demand. World renowned artist lang lang the moment youre on stage, its timeless american schools falling flat. There are no music class in public schools. And his plan to bring music back. Music makes people happier. Every tuesday night. I lived that character. Go one on one with americas movers and shakers. We will be able to see change. Gripping. Inspiring. Entertaining. Talk to al jazeera. Only on al jazeera america. Brittany menards decision to take her own life last year. Sparked a national debate. Brittany didnt want to die the brain tumor was killing her, she simply took control over how that process would go. Now see what her husband is doing to keep his promise to change right to die laws nationwide. America tonight only on al jazeera america. Of exposure. If you go slower, building in protection, verification, multiple logins, hoops, you slow down the very process sees that have made the new world so attractive, so profitable and lifechanging for so many. Are you condemned to be virtual and vulnerable. Darryl west is director of the center for Technology Innovation. And roz bexstrum is the former director of the National CyberSecurity Center and joins us via skype from turkey. Darryl west, how about it, are we moving in a way that is not thinking of security early enough in the process, so we have to slam on the brakes repeatedly as we bring the devices into our lives. People dont take security seriously enough. Consumers have common passwords, like the name of their pet, the mascot of the college they attended or the maiden name. Thats the Information Available on social networks. Anybody who wants to do a misdeed against you can access your accounts through basic information like that. If its not Something Like getting on facebook or twitter, but Something Like activating the antiburglary devices in your home when you are away, which you have an app on your phone to do. Is it is it as easily accessed as all that . Are we being warned sufficiently when we by these things in the first place that theres a possibility that people could disengage them, for instance. Absolutely not. Most consumers are unaware of the risk they are facing. Part of problem is a lot of security is based on pass wards and people dont practice good hygiene when it comes to passwords. People are starting to move towards biometric. So that you have to check the iris on your eye for fingerprints or something unique. Things like that are harder to break into. Rob, if you harden up the defenses too much, do you make it harder to do the things seamlessly that we love this new Virtual World for . Yes. You do. Time. More critical to use. Users dont like that. Users want ease of use, functionality. When there are choices, they dont like it. Multifactor is a case. Using biometrics. Theres new technologies that need to be employed more broadly to address the problems. How do we square that circle. You talk about the desire for consumers to have that seemlessness, just at the time that people are inventing ways to make the ease of access more risky for them. Yes. Well, on the one hand you look at it, a lot of smartphones have fingerprint readers, and thats a more sophisticated method than a 4digit code or a password where some use the word password for passwords. Hackers have lists of millions of pass wards used to break into systems. Making it easier, like moving with the motion of the body theres a factor that can be done. Did our love of seamlessness overwhelm the sense of caution about this. Definitely, people like easy access. They dont understand the trade off betweened easier it is to access the device, the easier it is. People need to be more careful about how they use the pass word. If there is a hack. Protection. Earlier on, with people around sheets of paper and drawing things, was there an anticipation that along with millions of users, there would be thousands of people would be attempting daily to commit crimes against the systems. I think the early designers had a naive faith in humanity that the internet and Digital World will be used for good purposes. People talk about how Technology Empowers people. Small democracy around the world. People didnt understand that there are people out there who commit crimes, invade the privacy and do bad things. We didnt anticipate how prevalent that type of bad behaviour would become stay with us. If you had a store and thieves smashed the windows and stole the good, you would want public employees, and police to catch them and local judges to stop them. Many looked at government regulation and enforcement as interference and insisted on trip. Next, virtual and vulnerable, its inside story. In. The government has an Important Role starting with protecting information. Some of the dets and agencies need to do a lot better job of. Yet every time government seeks to intrude through regulation, through passage of new laws that govern the space, there are complaints from the innovators, the code writers, machine makers. They say look, we can figure this out. Are they not as ready to press the world are. They are looking out for business interests, wanting to reduce regulation and costs. Revenues and profits. The government has a role. Theres a lot of Critical Infrastructure there that is essential for the safety of the nation. The u. S. Government has to play a role and has to work smartly with the private sector to shore up the defenses around the Critical Infrastructure. The government has a role. Its not the calvary they are not coming in to save everyone. Every company has to get better at how to manage the security, from the c. E. O. To the board on down. Is there a punish. That can be meted out denying opper ability, warding off bad consumers. Its hard to ward off bad actors. If they want to get in, theyll get in. If they want to get in. Sometimes we have seen intrusions into banks or other types of institutions and consumers are not notified for weeks i, as a consumer want to know right away. I think that is a role that government can play. If its more expensive, if the engineering is tougher, on a phone, on a home computer, to be more secure, and one maker is an outplier in this regard in making cheeper machines, can they be sanctioned in an industry. Is that sorted out in a marketplace. Its not really sorted out in a marketplace, companies dont want to make public when the data is briefed. A role the government can play is encouraging solitary disclosures, but if not to mandate the information. The consumers see what is the good companies, Building Security into the design, and what are the companies not taking this seriously, and time. Two engineers that hacked a fiat christmas ler. These are not engineering in the security early enough in the process. Its too often an afterthought. Do we have to put security front and center. We should do more so. Its tough, its expensive. If you say its cheeper than doing it in the long hall. The reality is Companies Want knew features to the market. Functionality that the customer want. Whether its a phone, baby monitor or a device or controller. The reality is coming back to the broad issue, the internet was not engineered for security, it was engineered for flexibility, thats why it dominates every network in the world today. It thicks over the planet. We have to go back and rearchitect the internet. There are better standards and protocols. Governments should be pushing more to adopt the secure standards and protocols. This is more than doing the cost of business. Its like an existential threat. Yes. This is an nur wr issue, just as we have to design highways and build bridges so they are safe, we need to bring the same mentality to digital infrastructure. People are living their lives online, we do online banking. Health records are stored online. We need to treat it as seriously as physical infrastructure. Great to talk to you both. Darrell is the director of the center for Technology Innovation at the brookings institution, and rob is the chairman of the Global Council on the future of the internet. Ill be back in a moment with the final thought on convenience and necessity, and how one becomes the other. Stay with us, and send us your thoughts on twitter. Or follow me and get in such at ray suarez news or visit facebook and tell us about your own experiences. Wed love to hear it. Imagine from a tech savvy consumer, its just the machines are easy enough to use that the guy can take advantage of it. Im get on the plane with a boarding pass on my phone much none of this was possible a few years ago. It will happen quickly. With all the personal information zipping through the air we are breathing, making the details of daily life simple and frictionless, we are asked to surrender a little personal data here, some more over there, to make the transactions so quick. By the time its fully apparent how quickly we are counting on the eve of youth, it may be clearer how many we are giving up. The only thing that is scary, we dont realise with each step, the amount of risk, and the little bit of ourselves that we are willing to sell to make it possible. Im ray suarez, thank you for joining us for inside story. The u. S. And turkey agreed