Q+A: What Wednesday’s tech glitches signal for industry, drones, Las Vegas

By Daniel Rothberg

Thursday, July 9, 2015 | 2 a.m.

In the span of hours, Wednesday provided a clear example of how some of our most advanced global businesses and essential infrastructure are vulnerable to cyberattacks. After apparently mundane outages, United Airlines grounded flights, the New York Stock Exchange had the longest computer-related shutdown in its history and the Wall Street Journal’s website went down.

To Chris Coleman, the CEO of LookingGlass Cyber Solutions Inc., incidents like this signal a new reality: As companies become more complex and reliant on technology, they also become more vulnerable to technical failures and cyber threats.

Coleman, who was in Las Vegas Wednesday morning waiting for his delayed United Airlines flight, sat down with the Sun to talk about cyber issues Nevada might have to face in coming years, including threats to drones, local governments and Las Vegas.

Las Vegas Sun: United. New York Stock Exchange. That’s just in one morning. Is this the new normal?

Chris Coleman: Hopefully it’s not the new normal. We shouldn’t live with these things being the new normal. I think what it does do is it speaks to the complexity of the digital world we’re living in. This is not a power generation terminal that just runs and spins. This is a complex system of systems that have interconnections and different programming languages and a lot of different complexity. With complexity can come challenges. Complexity can open vulnerabilities to a cyberattack. It’s this complex environment we’ve created that not only allows, like with the New York Stock Exchange and United, for administrative technical issues to happen, but opens the opportunity for someone malicious to take advantage of that complexity.

Is there a way to reduce complexity on the technical level but continue to create increasingly complex organizations?

Complexity is driven into our information technology systems not just by the technology itself but some of the organizational issues. Organizations independently make different choices with technology. There are acquisitions. United and Continental merge, they have two different systems. How do you interface those systems? I think a lot of complexity is driven by organizational issues. You look at the New York Stock Exchange. How many different systems does the New York Stock Exchange interface with? Every one of those systems can also be a vulnerability into the New York Stock Exchange.

Drones are big in Nevada, which is a testing site. How vulnerable are drones and other autonomous systems to hacks and technical issues?

Super easy. They are unprotected command and control links that can be intercepted. If you go back a few years, there was the big deal about the Predator drone that was being intercepted in Afghanistan. The costs to encrypt and secure such a high-speed line and allow the real time updates to happen (make it) super difficult. So what do we do? We don’t encrypt it. What does that allow? That allows someone with the capability to basically intercept that signal, to do such, and for somebody that is more sophisticated, to inject a command and control into those signals. So highly, highly vulnerable.

The federal Office of Personnel Management got hacked. If the federal government can be hacked with that degree of ease, what protections do state governments have? Are state governments sitting ducks?

Don’t assume that it was with ease. Assume that it was a very well-funded and well-resourced attack … There are funding issues that since 2008 have been prevalent. They are underfunded. They have to rely on their tax base to generate that revenue. They have DMV systems that they run for our driving records. They have health records. They have birth certificates. They have a wealth of personal information that they are trying their best to protect but the dollar spent is simply not there. I can tell you it’s just not there. They are under resourced.

How vulnerable is Las Vegas and how vulnerable is the state?

What we have to remember is that it’s not just Vegas. This is software. All you need is an adversary that has the will, time and financial resources. And if they have the will, time and financial resources, (they will) be able to compromise whatever target that is, whether that is Las Vegas as a city, an individual resort or casino, or the Hoover Dam. It’s impossible to prevent in today’s age. Now what’s not impossible is to detect, preclude and mitigate these types of things. But it takes a change in the way we’re doing operations today.

This interview has been edited for length and clarity.