Skeeve Stevens [00:00:00]:
Cybersecurity is far more than your Facebook account being hacked or getting a virus over your phone. This isn’t about better passwords or 50 ways to authenticate yourself. Everything in the world sits on top of IT infrastructure.
Karissa Breen [00:00:27]:
Joining me now is Skeeve Stevens, director at Future Crime Agency. And today, we’re discussing that cybersecurity is about to change, and we’re not ready for it. So, Steve, thanks for joining and welcome.
Skeeve Stevens [00:00:45]:
Welcome. Thank you very much.
Karissa Breen [00:00:47]:
Okay. So let’s start right there. Now, I just got to say this, that you are probably one of the most out there dudes that I have met come across. I’m really interested to interview today because you are not shy of an opinion. And that’s what we want. We Just
Skeeve Stevens [00:01:02]:
a little bit. Just a little bit. Yeah.
Karissa Breen [00:01:04]:
Well, I mean, that documentary, I mean, you know, I was, like, definitely getting on the podcast. So here we are. But I really wanna start there. So cybersecurity is always changing. Right? And, you know, even day to day, week to week, minute to minute, depends on how granular you wanna get. There’s always something changing or something going on. But what’s your view on how do we get ready? What do you mean by that?
Skeeve Stevens [00:01:26]:
Firstly, let’s take a step back. It’s more meta than most people realize. It’s it’s far cybersecurity is far more than your Facebook account being hacked or getting a virus over your phone. This isn’t about bit of passwords or 50 ways to authenticate yourself. Everything in the world sits on top of IT infrastructure. And look at the recent CrowdStrike global outage as essentially a typo, some bad data and update rig havoc all over the world. So we’re talking airlines, banks, health care providers across Australia, Europe. And just saying cyber is like saying I IT these days.
Skeeve Stevens [00:02:04]:
And the way I look at and it’s I mean, it’s not the I guess it’s not the friendliest way to look at cyber. It’s through the lens of war share. We’re in the middle of a war. Some people are wearing stab vests. Some people are wearing bulletproof vests. Some have bulletproof windows in their cars. Some have an armored convoy with a navy SEAL team, but not many. But the problem is that the significant percentage of the population are blindly wandering down the street.
Skeeve Stevens [00:02:33]:
They’re already struggling with the basic underlying concepts of technology itself. There are still many, many who who barely even use smartphones. I was actually in the bank the other day withdrawing some money to buy a new motorcycle. And there was a woman doing a transaction, and she I don’t actually think she was that old, but she was using the old school passbooks. I actually had just assumed that technology disappeared 10, 15, 20 years ago. And there but there are still many out there in the IT world living, like, in the small country town mentality where they live their houses and their cars are locked. And these are the people that are that are suffering the most. Every day on the current affairs TV shows, you see people being scammed out of money, and the new attacks are constantly getting them.
Skeeve Stevens [00:03:19]:
So how do you get ready when the baseline of population barely understands? And to what you said is right, always being changing from the day that it started. And the sad thing is we’re not just in an operational world. We’re in a defensive world. Cybersecurity isn’t an offensive way. You can go and out there and pre attack and everything like that. So how do we get ready? That is a much bigger question. It depends if you’re talking about the general population, the technically aware population, the advanced population, people in IT, then you got the cybersecurity, and then you’ve got the, say, the law enforcement, government, military, like, what’s going on in Russia and Ukraine. Which level do you wanna talk about about where you’re already at? Because this is a very, very complicated space of life.
Karissa Breen [00:04:16]:
Okay. So there’s a couple of things in there. Number 1, I agree. I would say as a rule of thumb, people just aren’t aware. Totally get that. The amount of people that call me about, I think I randomly got scammed. Do you think someone’s listening to my phone? Like, I get that a lot from random people I may have met, like, once in my life. And I don’t mind helping them.
Karissa Breen [00:04:36]:
Right? Because obviously people are grappling to be like, I need an answer. We’re not sure. But I mean, wherever wherever that question takes you, I mean, I don’t mind. I mean, this is your interview, so I really wanna know. Like, how do we sort of get ready? Because if everyone I mean, from a media perspective, we’re seeing content, we’re seeing stuff on our side all the time. Everyone’s gonna make getting ready, but, like, what does that mean, though? Like, what what do we need to get? To your point, like, are people wearing, like, like, the the vest and stuff like that? How do we get that proverbial vest on so that we’re ready?
Skeeve Stevens [00:05:07]:
Yeah. This is this is one of the things that, on a daily basis, concerns me. A lot of people have come to me and and said, Heska, can you train cyber people to be more aware in how to defend an aptitude against the latest techniques? To be honest, they’re professionals. They can go and figure that kind of figure that out through other people or themselves. I actually more care about the normal people that are getting on a daily basis, that are getting more and more vulnerable. They’re they’re not as paranoid as they kind of need to be, and to be honest, they don’t really want to be. They want to live a peaceful, happy life, but everything’s coming at them. But we don’t have a choice.
Skeeve Stevens [00:05:47]:
The biggest problem that most people’s understanding of cyber, you know, your Facebook account and and things like that, but it’s far beyond that. It’s entering the real world when we’re talking about Internet of Things and what’s smart what’s happening in your home, your smart assistants like, you know, Alexa, Google, and all those kinds of things. Like, these things entering your home, we’ve got cameras. We’ve got, like, door cameras, like the Ring cameras that everyone’s using. These it’s not just an online thing. Our real personal, physical life is now part of the cyber problem. So and it goes through cycles. And and to your question of, you know, how do we get ready? There’s no concept of getting ready because you can’t ever be ready.
Skeeve Stevens [00:06:40]:
And as I said, it’s a defensive stance. You have to something happens and you defend against it. So a quick example might be people stealing Amazon packages off your porch and things like that. So now everyone runs out, goes and buys their door cams. Bunting sells all these kinds of things now, and even the most basic people could just wander in and buy one of these devices. So what are the what happens now? The criminals up their cave. Now they’re starting now the thing that’s in the big in the US is going to hit here towards the end of the year is personal jammers. So people will be, like, turning on a jammer, going up to your house, like and you because of the Ring cameras and that, they don’t have local storage.
Skeeve Stevens [00:07:20]:
They go over Wi Fi. They’ll jam the Wi Fi, and they’ll so you’ll just have this blank part. And this to me is still cybersecurity. It’s not just your password and logging into things and being scammed. This is now everything around us is relating to cybersecurity in in our actually, our home. I mean, I’ve just installed some mule locks here, and they’re all actually online and connected. So cybersecurity and this is one of the things that does frustrate me frustrate me a bit about the cybersecurity world. We’ll talk about that a little bit later, I think, about the education, is cyber people are still thinking about firewalls, protecting companies, protecting your data.
Skeeve Stevens [00:08:01]:
But there is so much. Like, everyone’s home is essentially needs to be defended in, and getting ready means being prepared for what’s knowing what’s happening now and getting prepared for what’s coming next. But how do we deal with the fact that 90% of the population barely understands what’s happening now?
Karissa Breen [00:08:24]:
Okay. Those are great points. Now this is interesting because okay. To your point around, like, firewalls. Again, like, if you’re an enterprise, of course, you gotta care about firewalls. But for the average person, to the 90% that you alluded to, I do agree with you. But then people come back and say, yeah, but KB, like, who cares? Like, I’ll give you an example. So look at all the data breaches that’s happened in Australia.
Karissa Breen [00:08:43]:
People go, oh, but who cares? I’ve already been in Optus and Medibank and whoever else in between. So I feel like people are gonna get that I feel like people may be desensitizing themselves from being breached and not caring because some so much has happened. And I’ve asked people in the industry, you think people desensitize now to breaches and cyber thing? I think the obvious answer to that is yes, but then that doesn’t solve the problem to your earlier point around the 90%. So how do we close that gap? And I know there are people out there trying to educate, but I’m seeing more and more of these I think I got an email before around, you know, how how many people in Australia, etcetera, are being scammed. Obviously, from a this was just, you know, from pyroiding, like, films and stuff like that. This was just one example. Obviously, the message isn’t getting through. But then I feel like people are just more focused on enterprise and stuff like that.
Karissa Breen [00:09:34]:
There are some people who, like, focus on, like, personal security, but I don’t know. I mean, what are your thoughts? I mean, I’m just rattling off sort of what I’m hearing and what I’m seeing. But what’s your view on that?
Skeeve Stevens [00:09:46]:
The problem is that it’s the way society functions. If a government comes and brings out laws about something that’s not an issue, like I’m just trying to give an example here. Let’s say they tried to bring laws into parliament that were banning people walking backwards. And you’d be like, but why would you do that? There’s no one there’s no one committing crows walking backwards and doing silly things like that. But then let’s say they know what’s happening. They see what’s happening in different parts of the world, and they know that in here in a year’s time is going to be a problem. Now that’s the situation we’ve got at the moment where all of these breaches so I was done in MediBank and I was done in the Optus 1, and and I’ve just clicked the button, yes, join the class action. Why not? And and I’ve actually looked deeply.
Skeeve Stevens [00:10:33]:
I actually got copies of the actual information that was breached. And let’s say that when I was told that I was breached, I was like, oh, yeah. What? Another one. When I looked at the information they had about me, I was taken aback. I was taken aback. So what I mean by this, the order, is that the government can’t proactively do things. So we’ve all been breached through all the datas out there, and all these people are holding information. All these companies are holding information about us in the millions and millions of screens of people.
Skeeve Stevens [00:10:59]:
And then it gets bridged, and now the government is bringing in that new digital system where the companies can now authenticate through the government. But it’s years late after all the information about nearly all Australians is already out there. How do we preemptively as I guess, I just as a government society that they could elect the right people that happened to understand what they were doing, write the laws, and create the services that were required. They would go out and they would create things that we would think Like, the proposal that the government is doing now is already something oh, I can’t remember when it was. I think it was in the eighties. It was called the Australia card, and that’s like the American Social Security number. And when they even talked about bringing that in, we shut them down so hard. Now if we’d had that and the we’d be in a state now where we wouldn’t be going to real estates with pages full of identification, opening bank accounts, and giving these companies so much information they wouldn’t even need it.
Skeeve Stevens [00:12:02]:
But back then, we stopped them doing we stopped the government. Now I’m not a hardcore pro government person here. I’m I’m talking about the way society seems to function. We only close the door after the horse is bolted. And and the same problem with those, say, people getting scammed. We’re now bringing in scam laws or where people have their moneys transferred. They’re now trying to make the banks liable after squillions of dollars have already been, you know, bled from people. They’re bringing in it after the damage has occurred.
Skeeve Stevens [00:12:34]:
And that’s like setting your earthquake standards after Christchurch happens, not before. So that’s just the way that society functions. And do we think it’s actually going to change? Now I’ve given some examples here that have related to personal things. But when we talk about the corporate levels, like, there’s now new discussions about when companies do something bad, like, trying to prove that the actual directors knew what they were doing, whether it was lack security or some something bad that like, try right now, trying to get the actual people rather than the company is very difficult, but they’re bringing in new laws. Decades after, companies have been screwing people and doing the wrong things. So will we ever like, Bunnings right now sells all this home automation things, cameras, things like that. Now they’re all great, awesome tools that I’ve spent much much money there. But what about in the future, in 1 year, 2 years’ time, when there is a major hack and suddenly the homes of 3,000,000 Australians have been able to be looked into because there was a breach in some sort of new camera at 0 day? And then they go, hey, let’s do a law so it stops people doing camera blah blah blah blah blah blah.
Skeeve Stevens [00:13:48]:
So the problem is we it’s like it’s like having, you know, like, the gay Mardi Gras at Sydney, but let’s clean up the garbage 6 years later. Like, like, thankfully, it’s either cleared up that night. In cybersecurity, we like, the education is so lacking and so many years behind. The laws are lacking and so many years behind. How could we ever be proactive? Now getting ready, probably a bad concept in that we could never be ready for what’s coming next. And what’s coming next even keeps shocking people like me that who deeply understands this world. And so let’s talk about just now, like, trying to understand now. Now is constantly evolving and how do we educate everybody? That’s a very difficult thing.
Skeeve Stevens [00:14:37]:
I did a talk a few weeks ago and I actually used the pandemic as a as an interesting example. It took the pandemic and a global lockdown and virus that was killing many people to teach the entire planet a short course of hygiene, washing hands, face masks, you know, all the different things. And, like, the entire world was taught a short course overnight of how to defend yourself against, like, this virus and things like that. I feel like we should turn off the Internet for a week and suddenly try to tell so tell everybody what they need to do, and you’re only allowed back on once you once you sign the thinking read it. Because there is so many different stages in the world of awareness technology that there is always going to be people that are being scammed. And I’m and and, again, we’re dealing with critical infrastructure, industry, commercial, small business, and individuals. There’s, like, 5 layers there of people that need to know this at a different level. They’ve only just started to try and target, which, again, I find mind blowingly frustrating.
Skeeve Stevens [00:15:49]:
They’re finally starting to target wanting to target the people doing things, like creating deep traps and things like that. But now, that those laws are becoming irrelevant because it’s all AI. Now who do you go after? So in the cyber war, say, some guy’s gonna buy the black market, he’s gonna buy an AI bot tool, that he’s gonna give it a general objective. Who makes me money doing x, y, z? And AI is going to evolve and come up with its own attack. And it’s gonna go out there and do its own thing. How do you attack something and stop something? There’s going to be evolving faster than we can possibly handle, changing its techniques. And it’s it’s very frustrating. The best example that I’ve seen, it was a AI that they taught how to play one of the games.
Skeeve Stevens [00:16:36]:
I’m not sure if it was Fortnite or something like that. They had it playing, like, you know, thousands of hours a day of, like, so many scenarios. And then they put it in with the best e gamers in the world in those games, and it slaughtered them. So when you’ve and so so that could be a very interesting parallel to cybersecurity people versus, say, hackers and AI hackers. This absolutely annihilated them to the point that the actual human gamers started to emulate aspects of the way that the AI was playing, because it was just playing so out there. How can humans deal with swarms of AI attacks that are not only just they’re not gonna be brain dead just DOS attacks. They’re going to be very smart, very carefully designed, targeting specific things in different ways that are gonna that the humans are too slow to understand. And as far as I know, from a corporate and even military level, there is no firewall AI powered firewall defense apart from very simple high level scripting things.
Skeeve Stevens [00:17:45]:
You know, IDS, intrusion prevention, detection systems, which see this, do this, see this, do this. I have not seen and I have looked of an AI powered firewall systems. Cisco’s still selling the same stuff, ASAs. Juniper’s still selling selling the SRXs. I checked actually a week ago. I used to be a Cisco and Juniper engineer. I was like, oh, what’s changed in the past 5 years? Nothing. The the the same thing.
Skeeve Stevens [00:18:09]:
There’s no AI powered firewalls that are dynamically understanding defense and taking proactive things and going, if this is happening, rather than just doing an IPS IDS, which is responding and creating a rule. I see this, this, this. You know what that means? That means that this or this could come. So I might create preventive preventative rules of something that isn’t happening yet. And, like, there is no far far I know, there is no firewalls like that yet. So with the AI is in front, and then I guess it’s the same as here’s all the AI creating all the deep fake and all the videos and imaging, and we’re barely trying to create some laws to figure out how to defend against it. This whole the AI across the world, you know, everywhere it’s being used is the same in cybersecurity. And I’ve been talking to a few people, I mean, often, you know, and that the the sort of things that you and I talk about.
Skeeve Stevens [00:19:05]:
How in social things people just look at us and they glaze over. But they’re all starting to hear about deep fakes. They’re all starting to get a bit scared. And I feel like they’ve skipped an entire generation of understanding cyber, because to me, broad with AI and deep fake and audio and all these different kinds of things, that’s just a different form of cyber security. And they barely understand IT, much less understanding the cyber threats we’ve been dealing with over the past 5 to 10 years. And now we’re throwing them into the world of AI where we’re literally gonna be in a space where in the next 6 to 12 months, what’s being put out by AI is gonna be indistinguishable that we’re not gonna be able to figure out. This is gonna take cyber scamming, like, those phone calls you get and from an unknown spam number. Imagine that times a 100,000 because that’s what they can generate live communication out of data centers, and they’re not even gonna need those little Kenyan or, what, Nigerian call centers anymore.
Skeeve Stevens [00:20:05]:
There’s gotta be 1 guy with a programmer in a corner making a 1000000 calls an hour. And they’re gonna sound perfect. But then they’re also gonna sound exactly like your wife, your child, your husband, your best friend. They’re gonna the video generation is gonna be good. They’re gonna make video calls to you and be your wife, your husband, your child, and your best friend. How are people going to deal with what is but just on the cusp of and that is that is an entirely different meta level of cyber. I don’t know if we even if is the word cyber still good? AI AI cyber? I’m not really sure what we should be doing. That’s about to hit us really hard.
Skeeve Stevens [00:20:45]:
And how can anyone, even all the way up to the government level and the lawmakers, be ready when we can’t when they’re barely struggling with today?
Karissa Breen [00:20:56]:
Yep. I mean, look, there’s a lot of things in there that’s really interesting. I’m nodding as you’re speaking. I agree the horse has bolted. One sort of parallel I could draw when you were speaking is, do you think as well, like, back in the day when vehicles sort of you know, people were driving around without seat belts, And then, obviously, people started having car accidents and then dying, then they put the seat belts in. Is it sort of the same as, like, well, we’re not gonna do anything until it becomes, like, a serious problem to what you to what you explained before with the examples. Right? So it’s like, oh my gosh. They’re only retrofitting this stuff now probably because it became enough of a problem.
Karissa Breen [00:21:31]:
Do you think that’s sort of the same sort of, like, what you’ve what you’ve said before? Because originally, like, if people weren’t dying in car accidents and losing their lives, we probably wouldn’t have seatbelts, But that’s why they brought it in, and that’s probably the same thing for what you’re sort of saying. Now I’m not agreeing with we’re not being ahead of the curve because the horse has bolted. It’s gonna be pretty hard now to catch up. But We
Skeeve Stevens [00:21:52]:
can’t even see what’s coming. Like, yes. And that is a very good example is people move from horses to cars, and they drove around like crazy and died. There was literally a hard ivory kind of wooden stereo, which they just went splat against, and the set just one of the things that blew my mind recently is I actually saw a car with a historical number plates. Do you know that they are legally allowed to not have seat belts in them still? That breaks my brain. Like, are they allowed to be on the road? Yes. Do they have to have seatbelts? No. And you’re like, why do we do that to ourselves? It’s a weird parallel.
Skeeve Stevens [00:22:34]:
But yes, we don’t seem to ban anything, like they’re banning vapes now and things like that. You know, 3 to 5 years after they knew it was a problem. We’re not stupid. As a society, we know these things are a problem, but we don’t stop society doing all the things that that is necessary, politically, philosophical, things they fall under. But I think that the police really should be like, in in China, you have to go and get a license at the police station to use the Internet. Now that is and that’s so they can watch you and know what you’re doing, but it’s almost like, I think, we need it like a driver’s license where it’s you go in, you turn to go to 1 pager, like, this is is this a good password? No. Yes. You fail type of thing.
Skeeve Stevens [00:23:22]:
Like, you get a phone call and it says something something something, like, it would be do you know how much how many people would be less scammed and less at security risks if we actually did that for the general populace?
Karissa Breen [00:23:33]:
But how many people would even pass that test? Majority people would fail it.
Skeeve Stevens [00:23:38]:
That’s true. It is it is very true. It’s like, who would actually pass it in? Like like, the I know people that that would just would just absolutely struggle. You know what I mean? Like, people to this day and this is the problem that I’ve got. People to this day are still, as we said before, not wearing seat belts, talking on the phones in their go, drink driving, still smoking, where we know all these things are bad and dangerous, but they still do it. So how can we expect them to follow basic levels of cyber? And I’m I’m kind of to the point where I watch these current affairs and it’s like, oh, this person has been scammed and scammed and scammed. The biggest one of the biggest issues I see is with the scams. I kind of half feel sorry for them and half don’t.
Karissa Breen [00:24:24]:
Mhmm. I’m listening because I’m probably in the same boat as you.
Skeeve Stevens [00:24:27]:
Yeah. The my problem is is that is that most things relate to greed. There was one I just watched yesterday, some, woman was about to get married or scammed of $37,000 because she got a phone call. It was about a crypto thing and a job, and you put the money in and you do it. If it’s too good or it sounds too good, it’s too good. And the amount of people that are bleeding away 100 of 1,000 of dollars but this is no different than what happens 100 of years ago. They’re just con artists. They just are using a more digital form of it.
Skeeve Stevens [00:24:59]:
And, like, there’s no difference between stealing someone’s money and hacking an ATM and putting a skimmer on it. It’s the same technical concept that we’ve had for 100 of years where the bad guys are taking advantage of a population that is unaware of what’s going on. But it doesn’t help when the underlying problem is greed. You can make money doing this. You’ve got a woman in just as an example, you’ve got a woman in her fifties that gets this romantic scam online and she’s talk talks to a guy. She’s hopeful, but I don’t understand. She’s talking to him for for 3 weeks and that she transfers him $50,000 to help him because of a self story. I get we all want to take a shortcut or we all want to believe, but the cyber and while people are doing these bad scams, AI is going to start doing the scams.
Skeeve Stevens [00:25:51]:
The scams are going to increase by a 1000 fold, and they’re going to be better than ever before. And really do worry, and I’m I don’t I’m not I do not have the capacity to deal with and educate the general population. That’s just too many people. Even when I’m working for law enforcement and military, they go, you know, some some organizations go, oh, can you teach these 3,000 police? And I’m like, I’ll I’ll teach the teacher, but you gotta kinda start to learn and and build up your own skills inside your organization. Because there is it’s just not We just don’t seem to wanna help ourselves. I did talk to the Melbourne Council at the Federation Square where they were to what is what’s the the worst risk in current cybersecurity in at a personal passwords were a problem. So what did we do? We created 2 factor authentication, and then we put backdoors in. And what I mean by backdoor is you enter your 2 factor authentication, and there’s a little tiny checkbox, remember us at 30 days.
Skeeve Stevens [00:26:54]:
I I don’t understand. Why do we create ways like, 2 factor authentication is pretty cool as it levels up the requirement to, get past just figuring out someone’s password. We just check that little box because we’re a little bit lazy. We wanna make life a little bit easier for us. So someone comes up here, whether it’s your kid or or or someone else breaks into your house and they get access to your computer, and they just open your browser and it like, I mean, I keep my I got highly execute sensitive different things. So to get into my computer, facial recognition, it’s fingerprint, it’s it’s all different things. Because once I log into my computer me too. I’m gonna save time.
Skeeve Stevens [00:27:31]:
I have a lot of browsers open to a lot of very sensitive things. These are this is the thing that we don’t make it safer. And I think that there’s and because there’s no repercussions for the companies making these things, many and I’ll I’ll admit to this now. I don’t normally talk about this because I don’t wanna embarrass them, but it’s been so long now. Back in the days with ANZ Internet Banking, I contacted them and I said to them, you’ve got a major problem in your Internet bank. And they went, no. We don’t. Blah blah blah blah.
Skeeve Stevens [00:28:05]:
So I said, can I come and show you? And I went into the bank in Melbourne and they had this they had the dumbest backdoor to the Internet banking, which means once someone had logged in and then they logged out, and all you did was right click back, and it would go back to the login page
Karissa Breen [00:28:22]:
Oh my god.
Skeeve Stevens [00:28:23]:
And the password was in the field still, and you just hit enter again.
Karissa Breen [00:28:28]:
When was this?
Skeeve Stevens [00:28:29]:
This is about 20 years ago. The only the way they fixed it was they put a tiny bit of code in there that just cleared the password for you.
Karissa Breen [00:28:36]:
And this is what we’re relying on.
Skeeve Stevens [00:28:37]:
And but see, this is what I mean is if there was legal repercussions for doing bad things like that that your customers rely on your customers’ lives rely on this, whether it’s a bank account, whether you bought your Tesla, the software that people write affects lives in a big like, directly, not just a little bit of money stolen here, but can affect people’s lives. And there is no laws pretty much across the board that stop people screwing up. Like, they’re trying to figure out how to take Medicare Medibank to the to to to court. And what is the point of hitting them with a bit multibillion dollar fine? It’s just gonna screw all health care across the country. What happens if you take out Optus and give them a $1,000,000,000 fine? It’s gonna screw telecommunications for the com if they go out the back door. If we don’t do anything about it, like in the whole banking collapse in the US where the banks basically go scot free, these big companies, they’ve got software people that are that are writing code that are directly affecting our lives, and there is essentially no laws around the world that affect it. Like, how many people’s lives were affected by the the giant global outage with CrowdStrike. Like Oh, they’re on.
Skeeve Stevens [00:29:54]:
Yeah. Like, it well, it was it’s considered from what I last I heard, it was about a $100,000,000,000 worth of damage of of people being embarrassed in shops and banks and airlines and flights not being able to take off and all these different things. And how much what’s the penalty against CrowdStrike? For a start, how do you penalize globally a company? People seem to not understand that, like, there is no like, the concept of international law is around very small things. Globally, like, not every country in the world can take CrowdStrike to court in a global situation. I think, yes, you could suddenly have, like, a 100 countries or a 100 law cases and oh, and then what are we gonna do? Put them out the back door. It’s very complicated. I’m very confused about a little bit confused about how we do this. Because if we proactively try to do it, then does that mean people stop making software? Or they’re just gonna be more careful?
Karissa Breen [00:30:47]:
The answer to that is who knows? But one thing you mentioned before with people. Right? I just let’s just look at general people. Do you think people’s mentality towards cyber is like, well, who cares? It’s not my problem. I’ll give you an example.
Skeeve Stevens [00:31:01]:
No one cares.
Karissa Breen [00:31:02]:
Correct. No one cares really about anything.
Skeeve Stevens [00:31:04]:
Yeah. No one no one cares about anything until it affects them. Like, you don’t care about the death of a close family member until you have one. Your friend’s mates down the road whose grandmother passed away, he’s distraught. Nothing that affects until it affects us directly. No one cares about smoking until you get sick. No one cares about riding a motorcycle like an idiot until you come off. No one that cares until, you know, it’s like I’ve I used to say this to people, like, they’re they’re standing on the roof with the towel around their neck going, like, I can fly, and I’m and we’re down there going, no.
Skeeve Stevens [00:31:40]:
You can’t. And you can’t tell them you can’t tell them that they’re going to hurt themselves. And that’s would be, like, proactively or preemptively creating laws about some things, and that’s where, you know, New South Wales gets accused of being that is state because it’s preemptively stopped a whole bunch of different laws and, like, doing types of weapons, and everybody just goes, oh, they’re the fun police. So I guess the problem is, will anyone care? These people being scammed that are on the Current Affairs, I’m sure they watched Current Affairs a month before, and some are getting scammed and looked at it and went, that would never happen to me, and now it happens to them. How do you convince people of the implications of something where they do not believe it? And that’s why we have anti smoking ads. We have don’t drink drive. We have to have the police on the streets because they still do it until they get caught. And even then, stupid people keep doing it afterwards.
Karissa Breen [00:32:41]:
The reoffenders. Yeah. So okay. This is interesting because I agree with you. Like, not like, at the end of the day, like, no one really cares about anything unless it impacts them or it’s it’s, you know, they’ve been, you know, harmed by the thing. So someone, I think, before on the show has spoken about, like, you know, kids touching the hot stove. Your mom will be like, don’t touch the hot stove, skeeve. And then eventually you touch it and you beat yourself.
Karissa Breen [00:33:04]:
Then you sort of learn. Now I hate to be pessimistic, but would you say it has to get to the point where everyone has had some cybersecurity scam related thing for people to really get it. Now I asked that lightly. I’ll give you an example. When I was 18 years old, I just got my license and I obviously didn’t I hit someone. Okay? Not no. The guy wasn’t injured, But the thing was, I hit the guy from behind. But now I’m so cognizant of having that, you know, a fair few years ago.
Karissa Breen [00:33:33]:
Haven’t ever rear ended anyone since then because I’ve had that incident when I was 18 years old. So it’s like now I’m more mindful of I don’t want to do it because I’ve been there before and the problems and then I had to go the insurance. It was a headache. So if I’m more cognizant of not doing it, I would have to go through the entire, you know, ordeal. So do you think it’s gonna get to that point? Because the amount of people people have come to me and they haven’t really cared about cyber up until something’s happened. Like, oh, my ex boyfriend’s stalking me. Now I care. And look, I get it.
Karissa Breen [00:34:06]:
Right? Because you know what? There’s other things in life that people tell me about that I don’t really care about. Right? So everyone is in the same boat up until something happens to them. Right? But then that doesn’t solve the issue. So what would you recommend? Like, what do we do now?
Skeeve Stevens [00:34:20]:
That’s a very difficult thing. It’s like, don’t eat so much Big Macs, until you suddenly get diabetes. Like, we seem to need to experience something. As a this is just as a human, it’s nothing to do with the technology or even cyber. This is in life. You can’t tell the 16 year old girl who the boy smiles sweetly at, and the mom goes, no. No. He’s bad for you.
Skeeve Stevens [00:34:42]:
He’s where he rides up. He’s a pikey or something like me. And she’s like, but he’s so cute. And, like, she’s she’s not going to listen. This is just who we are as humans across the board. So I guess, from my perspective, we have to accept that that is the situation. We can’t preemptively explain to everybody in the world about everything that could go wrong. We’ve been trying to do that in all in modern history, and it it doesn’t work.
Skeeve Stevens [00:35:10]:
So what so given that that’s a thing and that people are not gonna listen until they’re personally affected, I guess, if you base it off that is the question is then, now what do we do? What do we do in this situation? So there are what they call reverse punishment, meaning if you do one of these bad things cyber wise, your ability to have a bank account with x amount of banks or these type of services gets suspended for 1 year. There needs to be some sort of punishment. The last thing you want is people losing 100 of 1,000 of dollars. So the problem is there needs to be something, like and I don’t know what that is. Like, maybe if we’ve all got that new government my gov website thing, maybe it’s if you do not set your website, your your password properly, and go through this 3 minute thing of how to do a good password, you know, your Social Security is suspended type of thing. That’s a very simplistic thing to say because there’s obviously so many people, there’s illiterate people, there’s poor people, there’s homeless people, there’s so many different things. But as a ignoring the simplicity or the complexity of that, having repercussions is the only way to get people to do the right thing. So people obey the road rules, not because they want to, but because they’re gonna get in trouble if they don’t.
Skeeve Stevens [00:36:35]:
Like, I mean, there are good people out there that do want to, but the problem is that doesn’t seem to be the significant amount of populations. Like, it’s one of those questions that I I like the moral questions where it’s, what would you do or get away with if all laws are suspended for a day? And most people go, well, I would. But it’s only like 10% of people that just go, well, nothing. Just be myself and do the right thing. And that’s the problem is that the percentage of those people are are small. So we do need to somehow bring in some laws where it goes on the lines of, if you are a part of x y zed and you don’t do the right like, maybe some very basic simple things, then you lose access to something. Or, say, one thing I learned about the other day was you can get a motorcycle license in Australia, and you can ride anything you want after all. In Japan, you can ride a 460 motorcycle, then you need another license.
Skeeve Stevens [00:37:33]:
So maybe it might be one of those things where you’re not allowed to use all these online government services, Medicare, service blah blah blah blah blah, unless you go into Centrelink or Services Australia, sit down, like a driver’s test, and do a 10 minute basic thing. Like, if you do that, then you’re allowed to use all these online services, and you just go and put in your little QR code. I wanna open a bank account with ComBank. The ComBank guys have you done your little your your thing? And this is not actually that complicated. I sent a package to United States yesterday, and the guy hands me a a QR code. And it may sent me to this government website that I had to just fill out 5 little questionnaires about an export thing, just like what was in the package. We have systems in place for this. Anyone wanting to send a package overseas that’s worth more than x has to do this.
Skeeve Stevens [00:38:23]:
So, clearly, we have the functionality functionality in society. So why would it be that complex to suddenly say, if there’s any online services that involve monetary or things like that, like bank accounts and trading accounts and and health and everything, that you’re not allowed to use those until you go to your state governments, the services of Australia or the RMS or whatever, and do this little thing of basic cybersecurity, our familiarity. Like, that doesn’t sound that burdens them on society, and that would pretty much quickly educate. You’d have everyone at whatever age, like, and this could be this this could actually be actually, I thought about this last time. This could be a very interesting thing. You’ve got the, New South Wales and South Australia social media youth, conference on the next 2 days. That, why not make the same for kids? Like, like, if you’re if you’re 14 and and you want to get on the Internet to be able to use social media before you’re 16 or 18 or something, Go down, do this do this little test that it run you through a few questions, which is no different than a 15 9 month old person getting their license. We have these solutions in place.
Skeeve Stevens [00:39:36]:
Why not? They don’t seem to be too about too burdensome on society, and it would mean that everyone that is online and doing these things had at least done a basic test. They’d answered the 3 questions about what involves a good password and what a scam might seem like. Because the people that are being scammed and having the big problems at the moment and having risk of security are the people that have no idea, that do not even have the most basic of knowledge. We’re putting them it’s almost like putting them in high performance motorcycles without a license. That’s what the Internet is like to some people.
Karissa Breen [00:40:17]:
But wouldn’t you say as well that look, I get what you’re saying. But then my mind goes, people probably haven’t implemented this because they’re trying to hedge their bets. So what I mean by this is there was a retailer in Australia that got breached. Now I asked them that question. Do you think you sort of hedged your best with your customers? So they’re sort of like if there’s too many barriers to entry specifically for an ecommerce site, People just won’t shop at them. It’s too hard. I can’t get it. I don’t know anything about the Internet.
Karissa Breen [00:40:45]:
It’s all too hard. Right?
Skeeve Stevens [00:40:46]:
So make it look at all of them.
Karissa Breen [00:40:48]:
Yes. But they hedge their bets because they want the revenue through the door. If it’s too hard and it’s all too difficult, people are not going to, you know, transact. So I think that companies potentially, would you agree, are gambling that to be like, well, let’s just hedge our bets. You’re probably right in theory. Let’s just prey on the fact that people are at Skeev’s level and not at, you know, a year 1 sort of level. So I think that I hear what you’re saying, but there’s, you know I could go on and on about this. Just do the conversations I have.
Skeeve Stevens [00:41:21]:
Companies are companies are never gonna spend money that they don’t have to.
Karissa Breen [00:41:25]:
Well, that’s what I’m saying there. They’re preying on that, though. They’re preying on the fact that, well, hopefully, yeah, you’re right, but let’s gamble that and see. Because, you’re also we wouldn’t have half the things that have occurred.
Skeeve Stevens [00:41:36]:
But see, the thing is, no one wants to be singled out. I mean, the biggest argument I hear about the the so I’m not gonna have to be pro smoking or this or that is but the like, the on the papers that are here, oh, but there’s alcohol people and there’s these people and there’s that people. You have to treat everyone the same. So one of the things that’s been frustrating me for years is just typical, you know, your home routers that they didn’t just didn’t bother putting IPv6 in. We have been out of IPv4 for so long. The Internet is having lots of problems regarding this. Problem is there’s no decent case for rolling out IPv6 on a large scale. But if the government suddenly went, we’re not buying anything that doesn’t have dysfunction in it.
Skeeve Stevens [00:42:19]:
If the government said to every retailer, at the same time, you like which they’ve done many times regarding privacy laws, blah blah blah, all these different things. If you say everyone is bound by the same thing, then the retailers will do what they’re supposed to do. They they will and they won’t feel singled out, and they won’t whinge about it too much. That’s how you do it. You get everybody and I’m not I I what I do hate is laws that do nothing.
Karissa Breen [00:42:47]:
Give me an example of a law that does nothing.
Skeeve Stevens [00:42:50]:
Laws that do nothing are things like the new deep fake laws. Firstly, it’s gonna be an offense to distribute some deep fake images or or nude images of someone, and you go, that’s reasonable. And then they go, it’s also an offense to create it. And I’m like, like, create an image for myself or I mean, it’s really technically, it’s not much different than me hand drawing something. Many of us but in the privacy of my own home, like, there are laws that just don’t make much sense to me. Like, the one that was prosecuted in the Victorian court about the the Nazi assault. They’ve literally and and, by the way, completely against it against that sort of thing. But they literally put a law in place of how someone moves their hand, and I’m finding some of these laws are just a little bit bizarre.
Skeeve Stevens [00:43:34]:
They’re telling us how we could think. There’s a new law coming about, like, online defense laws, and the sad thing is it seems to be an offense to discuss the online offense law. Like, this whole new look at the woke culture and things like that, putting laws in that wrap themselves around each other that make it complex. And I don’t like laws that don’t seem to have any actual purpose or that they’re very very easy to circumstance. So to get every and anything that you can circumvent easily is an issue to him.
Karissa Breen [00:44:08]:
Okay. Look, this is interesting. So what is the premise then of putting into your to your point laws that do not is it just to give the illusion that we’re doing something even if they don’t make sense and they contradict what they’re saying.
Skeeve Stevens [00:44:22]:
I’ve spent 10 years advising politicians, and that’s exactly what they do.
Karissa Breen [00:44:26]:
I’m so rattled by that.
Skeeve Stevens [00:44:27]:
I’ve seen things that have made me walk into it and put my head into I mean, I was in parliament house, like, about 5 years ago. And I was in a room and there was discussions happening with some, like, federal level MPs, and I literally walked over to the corner of the room and put my head into the corner, because they were talking absolute nonsense. And some of the laws that have been proposed over the last 10 or 15 years, and I don’t know how to say this, have actually been proposed to see if the public will be upset by it by it at all. Like, Abbott did the whole no one can talk about anything to do with the boats and things like that. The sad thing about that, they expected the public to push back. Public didn’t. So they were like and the amount of national security laws that, like, I mean, Dutton and Turnbull did not get on, but Dutton went, I’m gonna push this through. And Turnbull actually thought sometimes, that’s not gonna get through.
Skeeve Stevens [00:45:24]:
Australian public, if they do not understand it, do not care. It’s like when, I think it was about 4 elections ago when the broadband was coming out, and the broadband and 100 megabit to the home, and who needs this like that. The public had no idea what anyone was even talking about. There’s a lot of these things that go through that if the public doesn’t clearly understand what the purpose of it is, sometimes, and I know this sounds odd, the politicians want the public to push back. It’s like case law. Like, there are actually and this and this sounds funny, most people kind of probably unaware of this. The ATO. If you have a questionable situation, the ATO goes, we don’t agree with you.
Skeeve Stevens [00:46:06]:
We’re taking you to court. And you go, that’s not very nice. And they go, no, no, no, no, no. You misunderstand this. We are gonna pay your defense of our case. And they go, and that’s because the ATO hates ambiguity. And if something’s ambiguous, they want it, like, sorted out sorted out in court. So they all go, we think this, even though it might not be clear in law, and we’re gonna take you to court, but we’re gonna pay your defense.
Skeeve Stevens [00:46:33]:
So they can get a ruling on it, it makes it non ambiguous in the future.
Karissa Breen [00:46:37]:
Woah, that’s crazy.
Skeeve Stevens [00:46:38]:
But it’s not merely because the last thing you want as a government organization or any organization that’s run by regulations is to have something completely ambiguous, because it means you
Karissa Breen [00:46:50]:
I get that.
Skeeve Stevens [00:46:50]:
You freeze and you get stuck. So paying someone else to run a legal case against you was not really against them. They don’t really care. They just wanna enforce the rules. But when the rules are ambiguous and blurry, like back in the days when cryptocurrencies first came out and all these different things. The ATO just went, and by the way, we’re gonna fund these cases because we need clarity. And that does make sense, but so they do this a lot in, like, normal laws that come out. We wanna bring this out and but sometimes the public just shrugs their shoulders and goes, okay.
Skeeve Stevens [00:47:20]:
I mean, what did we do with the lockdowns? In America, you went, stay at home. And the Americans went, screw you. We’re not staying at home. I’ve got my rights. Blah blah blah blah. In Australia, we went, stay at home. Here’s the money to watch Netflix. It didn’t matter how right or how left you were, we went, okay.
Karissa Breen [00:47:38]:
So then I I was thinking about that as you’re talking before. So do you think, generally, I do agree the United States is like that. Do you think, in your experience, it’s better to be more of a compliant society than noncompliant? I mean, I get from a government perspective, they want people compliant. I get that. But just in your experience, what would be better to be? Because, I mean, we do need people challenging stuff. Right? Or else, you know, we’re not gonna ever get ahead of these cyberkundles, and we won’t. I I I don’t believe so. But I think this is interesting because you have had a, you know, crazy background.
Skeeve Stevens [00:48:14]:
They’re very crazy.
Karissa Breen [00:48:15]:
You know, I think you’re obviously well versed to answer this. Like, which one is a better
Skeeve Stevens [00:48:20]:
It’s complicated because people are complicated. And it’s like, I really love bipartisan politics where especially, I think it was Barack Obama. He won, but then he appointed a Republican in a big role. I think the right person for the right job is always the right thing. The problem is that we can’t, especially in Australia, at the moment, we are at the point where if Albanese said it’s daylight outside, that would pop and go, no, it’s not. That’s just a different perspective. And you’re like it’s like they have to disagree. Like, Turnbull was first rolled as the leader of the opposition because in 1 week he agreed with the opposition, like, the the labor goes in power.
Skeeve Stevens [00:48:58]:
3 times in a week he went, yeah, that’s reasonable, and then they rolled in because he agreed with the other side. There are so many people that will not agree just because it’s the standard, whether it be the Greens or or something like that. They’re always taking a different position. So but I believe that there is the what the thing is, I don’t think we disagree on what’s right. We disagree on how we go about it. So if you someone came up with the rule and went, here’s 10 points about safety for people relating to technology. It wouldn’t be hard to get probably an agreement from all sides, but could you get a law through about it? Of course not. Because the implementation and the way, like, I think what’s the part of the arguments at the moment? There’s a couple of arguments at the moment, like, whether about housing or the federal reserve.
Skeeve Stevens [00:49:46]:
There’s a there’s a few things where all sides agree, but they don’t agree on how it should be done and who gets money and where gets the focus and the process and and this is the problem is that we know we’ll never be able to get agreement from the population on how we go about it. There is a lot of basic baseline concepts in c society that you would agree with. No one out there in society, highly rare exceptions, are going to think that people should be allowed to just walk up to someone else and punch them in the face. No one’s gonna agree on that. But they’ll all just agree on the laws, the punishments, the penalties, the processes, the everything like that surrounding it. In cybersecurity, you gotta go, should should anyone be allowed to be frauded and should they all just respond to them? Everyone’s gonna go, absolutely not. Everyone should be protected from being fraud. How do we do that? And there’ll be 5,001 suggestions from 400 organizations, 360 of which you’ve never heard of before, not actually not even representing the organizations, the people that they claim to represent.
Skeeve Stevens [00:50:52]:
Like, I’m a Christian and the Christians are going down the camera, like, a few elections ago going, blah, blah, blah, blah, and I’m, like, I’ve got gay and lesbian friends that were, like, what? Centric marriage? I don’t want that. I don’t want her to propose. No. No. Like, the the problem is that these groups that are just the loudest people that get to talk, and we do I don’t know how we get a what is safe for society. Like, Albanese couldn’t even do, I think on 7th about the Palestinian Gaza conflict, where he said nobody should like, everybody should be safe and nobody should be dying, And the greens and the liberals went, you shouldn’t be saying that about the Palestinians, forget about them, it’s just about the Jew. Like, you can’t even say that people shouldn’t die, but they all kind of agreed, they all proposed their own versions of, but they couldn’t agree together of how to say it. This is what we can’t even get we can’t even get something as simple as we shouldn’t be killing children pushed through parliament.
Skeeve Stevens [00:51:50]:
We can’t even get an agreement on that on the words and the way it said. How are we going to actually get some basics of operation, which is and I’ll be honest about this, sometimes, with some things, I think you just don’t ask. I I I do I am frustrated that politics is getting in, spending the 1st year doing some things and 2nd year and then the next 2 years trying to get back into the next time. We we spend so long not doing anything while I try to get ready to get back in that we don’t have time to get any of these things done. Like, any government that ever promises a bridge being built by 2030 doesn’t mean anything, because in 2, 3, 4 years, the next government can completely change it. So how do we get things in place that require years? Like, we might like the current government, whichever that government might be, of the day, might come up with a very good baseline security awareness, funding for it in schools or something like that. The next government might turn it off. How do we deal with the fact where we’ve got we’re becoming more and more at risk by scarier, more indistinguishable from reality, and faster than ever, and more fantastical than even the movies that we watch.
Skeeve Stevens [00:53:10]:
This technology is getting to a point which is going to cause significant problems. The law is already freaking out right now. The problem is who writes the law? Scientists don’t write the law. Lawyers and politicians write the law, and they don’t they barely understand all of the deep fake and, like, what hap what’s happening in Hollywood about cyber generations and, like, AI generations of characters and movies and what’s real and what’s not real. The militaries and the police are dealing with these problems too of, like, images and what’s real and what’s not. And how do you, like, how do you deal with all the things that’s going on? And when organizations and governments are struggling to deal with it, people just go to be the victims in the meantime. And while they’re while this I mean, we’ve got other problems coming that are gonna be equally as devastating to people’s lives. For example, self driving.
Skeeve Stevens [00:54:06]:
We know the cars are ready. Tesla’s ready. When they get hit in the road, I’ve been I was in meetings about self driving so the self driving council in Australia, like, 2 or 4 years ago. The insurance companies don’t know what to do. Each state still has its own rules, so you the the car that might be allowed to do what it’s supposed to do might get to Victoria, it’d have to change its program rules as it goes over the border. And, like, what happened like, that’s going to affect everybody in a significant way because does the car abdicate on your benefit or the person that may hit benefit? Who makes these moral judgments? What if a government decides that in Australia, cars can only favor the person that’s outside the car? So your car may move to avoid a child and hit the semi trailer. But who’s gonna buy that car? The next government might change that more. So these are the things that frustrate me when some of these things may be common sense.
Skeeve Stevens [00:55:01]:
And I do agree that one government may do something that might not be great and the next one should fix it. Who decides where is the center point and where is the reasonableness of society? And while there is, as I said, there are there is many different things. We’ve got so much coming at us right now that people barely understand technology. I always say when I’m doing my futurist talks that most people’s understanding of technology is about 5 to 6 years before now. Like, very few people know that you can drive a car by thought. And I’ve got the technology sitting on my shelf shelf here, and it’s been around for 12 years. There is brain control things. There is so much stuff out there that people do not even know that exists.
Skeeve Stevens [00:55:46]:
Like, I’ve had my microchip implants in both hands for, like, 8 years, and people are still, like, wow, like, it’s sci fi. And the problem is that the general populace, that’s where they sit. They don’t understand about AI. All they hear is AI is gonna take my job, And they’re freaking out. An example of this, even in the IT world, was I was I jumped on a LinkedIn livestream yesterday. It was about IT queries. I was curious. Someone who I knew was doing it.
Skeeve Stevens [00:56:15]:
And it was about being web developers. And I’m like, from a start, there’s no such thing as a web developer. There’s too many funky on this front end, back end, CX, one stack languages. And AI is about to obliterate them. Like, on this chat, I actually went put a thing into chatty PD saying, design me a JavaScript that will take a form and enter this and do this blah blah blah blah blah. And I hit enter and I pass it the result. I’m like, web developers are done. Like, they need to be prompt engineer, front end something something somethings.
Skeeve Stevens [00:56:44]:
But they’re not even they they haven’t even thought about the training of this yet, and yet there is their entire industry is about to be obliterated. And we know this from what they can do, from from law researching to so I’ll be and they’ve already just proven that some of the new AIs can could do PhD level, like, PhD level, like, documents and do it in 3 minutes. And this is what we’ve got right now and the world doesn’t understand what’s about to come. And then they see and they don’t put the meta picture together. They see, oh, look, there’s lots of robots out there. Tesla’s making a robot dog. I’ve got a robot dog, and, like, I really would like to buy one of the new Unitree H1s. They’re only about, you know, $25,000.
Skeeve Stevens [00:57:29]:
And these are absolutely, like, humanoid robots. What happens when that’s walking around with Chachibuty, equivalent wobble of intelligence in it? We’ve got that tick. I can get my dog an upgrade, my that’s got Chachibuty in it, which I’ll be there and be able to put arguments to it. This is not the future. This is one of the reasons why I don’t call myself a futurist sometimes. I’m more of a now with. This is things and tech we have here today. 10 years ago, I was in Japan and I had a robot taking my hand and walking me around a store explaining to me.
Skeeve Stevens [00:58:02]:
10 years ago. And it’s about to converge where you start to see robots are about to be in our houses very, very quickly, like, within the next 2 to 3 years with AI that’s ramping up and the rate that is of Morozor It’s now Obliterated Morozor every 6 months, now it’s like every which is in fact, very short period of time. The power and the I consider myself quite knowledgeable in this space, and AI and all these different things. Honestly, I’m struggling. I’m struggling with the 10 YouTube video news things about AI that I have to watch a day to just barely keep up, and this is me who’s at the cutting edge of all those sort of things. But this is the problem, right, so the bad guys are gonna use AI to do the attacks. Do we have any cybersecurity professionals proficient in AI defense? Do we have any education even teaching you about it? Nope. Do we have any products that you can actually buy? No.
Skeeve Stevens [00:59:09]:
So we’ve got a war coming. No defense for it. This is the same as the Australian military. They had generally have a policy of human command, meaning a remote device that they can control remotely, can’t make a choice to shoot and kill. It must be approved by a human. But they did, however, invested a lot of the equipment that could be upgraded. But how do you defend I I I’ve had it over the last 5, 5, 6 years, I’ve had a fewer joint task force. How do you defend against a swarm of a 1,000 drone drones with a little more microplastic a exploit his own.
Skeeve Stevens [00:59:47]:
The only way you can defend against that is with a swarm of your own that’s allowed to do what it’s supposed to. Then we enter complicated world where what if someone takes control of your swarm and sends it over into the populous and other things like that. We’re all the people in this space is we’re all very, very careful watching Ukraine at the moment. They’re doing amazing things. They’re breaking all standard military rules. And what Russia and Ukraine are doing against each other, they’re taking drones and they’re changing on a daily basis. And one of the things I saw that Russia did really, I was really cool recently, is they caught a Ukrainian tank and then automated it and were driving around with remote controls. And this is not standard military and where you have our procedures.
Skeeve Stevens [01:00:29]:
This is just them making it up as they go. They’re like maker soldiers, and they’re like, let’s see what we can do today. The police are gonna reach that point here, where they’re gonna turn up to a fight, and they’re gonna have to figure out standard procedures are not gonna work. And what happens when my dog gets hacked and is out of control and it’s got some little basic iron in, and it’s running around the street zapping people. Let’s say it got out. It got hacked and got out. And they turn up to my door hours later, and they’re like, is this yours? And I like, oh, I didn’t even know it had gone missing. And then they arrest me because I’m the owner of a robotic dog that went rogue.
Skeeve Stevens [01:01:10]:
There is no laws to any of this concept yet, and they don’t know how to create them. Who do you blame if your Tesla has a software glitch and if it’s doing self driving drives through a shop window and kills 2 people? MCD. Is there a programmer in Texas that suddenly has a hand on his shoulder and they’re like, you did that update overnight. And by the way, your typo on this page, on this on this line of code has just killed 75 people around the world, but thankfully we’ve just stopped it. Like, does he get a life sentence? Does he get executed? Just like he’s in Texas, they’re still got execution, maybe. Like, who is responsible?
Karissa Breen [01:01:53]:
These are the questions. These are the questions. No one knows.
Skeeve Stevens [01:01:55]:
Well, it’s it’s not just no one knows. You could say you could suggest. So one of the examples I use, let’s say, with liability in self driving cars like Tesla. Let’s say the government went, we’re not allowing self driving cars on the road unless you show us the code. They won’t, but let’s say Tesla goes, sure, and hands them the source code for Tesla. Is the government got the capability to read the code? Who do they get? Do you think any third party consultancy is going to take that on? KPMG with its with its all its people goes, sure. We’ll take that on. We’ll declare it okay.
Skeeve Stevens [01:02:32]:
And then they’re liable when something bad happens. No one’s gonna want the liability. Not that anyone has got even got the skill. Like, we it’s a knowing comment at the moment. Right? We don’t actually know how it works. The CEO of OpenAI has openly admitted they don’t exactly actually know how their AI works. We’re basing the world on something that nobody knows how it works. A little scary.
Skeeve Stevens [01:02:58]:
But we’re going to put our entire lives in infrastructure, and we’re gonna build it on the back of something we actually don’t understand how it works. And then what if it gets hacked? And that’s where my brain comes in with, the weaponization technology. I look at everything that gets released that I see. I go, well, how could I abuse that? Like, years ago, I was working with some people, and I figured out how to hack a cochlear implant. And I’ll and I was working with people, talking details. But I was and I had a a a guy who had a cockney reply, and I said, can I test something? He went, sure. And I was able to generate the frequencies, which nearly knocked him out. And he was like, ouch.
Skeeve Stevens [01:03:39]:
Don’t do that again. I went, bull, you did agree? And he was like, yeah. Fair enough. But just please don’t let that happen again. And then I demonstrated I think it was about a month afterwards. I demonstrated how to remotely kill someone by hacking a a cardiac implant or a heart a pacemaker. And someone said to me, how on earth did you figure out how to do that? I said, I bought one on eBay for $200. And the problem is is that all these devices, whether it be a car, whether it be a pacemaker or cochlear implant, these are all amazing devices that are made by amazing people in in the medical world, but they’re not cyber security people.
Skeeve Stevens [01:04:21]:
On my computer and my phone, I’m allowed to use whatever brand of cybersecurity software that I deem fit, and I have options. Right? Norton blah blah blah and Cathy, etcetera. Can I put that into my Tesla? Can I load Norton for Tesla? Can I load something else into my dog? Is there a semantic for robot dog? No. And these people are not cyber security experience. Cyber security is as one of the things that is fundamental to what I talk about cyber security education. A, education is a joke and terrible, but there are still tens of thousands of professions that don’t exist. There’s no cybersecurity person that’s got different skills that also understands Internet of Things, that also understands agriculture, is gonna be able to protect our farms or mining or agriculture or manufacturing. You need to understand the industry that you’re in.
Skeeve Stevens [01:05:21]:
And those very specific professionals, they don’t exist. Or if there is if they do, there’s one guy. And that’s that’s the sad thing, is that and you now before and this is why we’re trying to struggle, trying to get there with cybersecurity and those areas, let’s add AI to that. And that’s where we’re stuck. We barely we’re probably 5% way into the maturity of cybersecurity knowledge skills that we needed to have. And now the game has already changed. We’re configuring, like, all everyone that worked on Cisco’s, Juniper’s, and everything like that is all irrelevant now. Now I was actually testing chat gpt to see what it and actually it did it did freak me out a little bit because I’ll being a Cisco and Juniper engineer, I was like, let me throw some questions at it.
Skeeve Stevens [01:06:11]:
And I just threw it in. I’m getting an attack from multiple things. I’ve got DGP rep with multiple app sheets, and I’ve got this and this and this and this. What code should could I apply? And it just wrote code out. And I just looked at it and I’m reading the current number. Oh, yeah. Actually, that would oh, no. Like, this $20 a month product eliminated the need has eliminated the the need for cybersecurity people in that in those roles, writing code and stopping things.
Skeeve Stevens [01:06:39]:
All we’ve gotta do, like, is give the IDS, intrusion prevention system, intrusion detection some capability functionality plugged into a back end of Chativity, and let it defend our networks. Doing what it needs to do given what the data it has at the time at a speed no human today, for for the rest of time, will ever be able to depend on. We should be able to do that now. So all and all these vendors are go these products, I can guarantee you, maybe by about February, March, they’ll start to hit. We’ll start to have the Juniper SRX with AI. Like, I’ve got my new Galaxy S 24 and the just rolled a Galaxy AI. Those things will start to hit the network engineering world and the corporate world very soon. So everyone’s got to buy their cybersecurity stuff again.
Skeeve Stevens [01:07:31]:
That’s gonna annihilate the entire cybersecurity workforce by eliminating a whole bunch of people that do, you know, really aren’t needed probably anyway. That’s where an entire industry is going. But then who’s left to teach everybody to help?
Karissa Breen [01:07:46]:
Look, there’s a lot of questions here, and I think that that’s why I run the show to get people unlike yourself to to share your thoughts and your insights.
Skeeve Stevens [01:07:54]:
It’s a it’s a nervous world. It made I I do want to create a bunker and go to live in some way.
Karissa Breen [01:07:59]:
I couldn’t think of anything worse than go and live in a bunker.
Skeeve Stevens [01:08:02]:
Oh, no. I just I
Karissa Breen [01:08:03]:
know you were the type of dude to do something like that.
Skeeve Stevens [01:08:05]:
Well, it’s not that. It’s more the cyber in the Internet used to be something you used to be able to get away from. Like, you know, you’d log off, you leave your phone at home. Now your car’s online, this is online, everything’s gonna know where you go. You got I mean, I’m talking to you over Starlink, which is the satellite of Elon Musk, and I can go anywhere and I can be doing this sitting on top of ASRock at the same quality. And you can be anywhere. The they’re just about Starlink is just about to bring out the mobile phone version of this, which is going to upset an awful lot of people because borders and everything get messed up and things like that. So you can governments can no longer intercept you.
Skeeve Stevens [01:08:42]:
We’re just in a very complicated world that I see not getting better. The educational paths, problem is education is a difficult situation. You need experts. So this is what I love at the moment. Right? People go, oh, I’m an AI expert. People say that? And like, really? What degree have you got in AI? What degree have you got in AI that you did over the last 4 years that lets you, and how many years experience have you got doing it to become the expert? There are huge hands, like, on each hand type of people, but everyone else is just talented amateurs. Like like me, I’m a talented amateur. I just happen to be in the right place with the right exposure.
Skeeve Stevens [01:09:20]:
I got no degrees in AI or anything like that. I’ve been around a long time. But I, type of people like me, need to be going and helping in the universities, writing the courses that teach the professors to figure out how to students. That is a 2 or 3 years to get it ready, 3 or 4 years to get them graduated before they get out. So that we’re talking about 5 to 7 years till capable people come out, and what is how long has a AI gone? How long has it been since AI’s gone absolutely off The last 2, 3 years. So by the time these people graduate, where are we going to be then? So that’s the whole education structure. And I’d say pre 2, 3 years ago, we had this world of certification. I’m a CCNP, CISSP, on all these different things, and it was a little bit calm.
Skeeve Stevens [01:10:07]:
We had a baseline of, if they’ve got that, they could probably do that. The entire cyber world is just about to be blown apart because everyone’s knowledge is about to become irrelevant. Work at a speed that the humans can no longer work at. It’s just a fun time. It’s a fun time and I’m a little scared about where it’s gonna go, but I’m gonna sit here watching it like a car slow moving car crash.
Karissa Breen [01:10:32]:
I have one really last question. You have to answer it quickly because I know you. Okay. What happens now? After this, like, everything you’ve discussed, all of the things, what do you think happens now? You’re a futurist. What would be some of your predictions on well, where do we go from here?
Skeeve Stevens [01:10:48]:
The problem is that we are not willing as a society to change the way we’re doing it. So everything we’ve been doing is what we’re gonna keep doing. It’s going to hit us harder and harder. The giant breaches that we’ve been seeing are gonna get worse and worse. I saw one at the bottom of my screen up here that shows me the news yesterday that the Australian government, Department of Foreign Affairs is unhappy about the leaking of passports in Bali. No. Like, these breaches are gonna get worse and worse and worse. And because of the nature of what this government wants to do about us centralizing our our data that the organization just don’t have to have it.
Skeeve Stevens [01:11:30]:
Who said that? They’re gonna get done. At some point, even they are gonna get done. So we need to have a different way of thinking. So they’re gonna get worse. They are gonna get to the point where it’s gonna actually hurt people. I have one significant worry, and that’s that what most people don’t understand about the next couple of years in warfare. Like, we’ve got little wars going on, Russia, Ukraine, and Israel and things like that. When China wants to start taking things seriously with, Taiwan and other things, if they don’t think the war is gonna end up in each of our houses where we’re sitting here and we lose power or we lose gas or we lose things like that, because that’s what they’re gonna go after, is the infrastructure.
Skeeve Stevens [01:12:17]:
Everyone thinks that war happens over there. Most people don’t realize the war is happening here. And I’m really nervous because there are things happening at different levels where if you get scammed with that today, you go to the police and they don’t know what to do. What happens when the police don’t know what to do? They don’t have the expertise. They don’t they might have some framework for laws, but the laws that they’re getting are more and more complicated. Like, all the all the laws around domestic violence and digital people like that. They’re now complicating them so much that even the prosecutors I know a couple of case prosecutors, and they are not looking forward to that. This is common law regarding something simple.
Skeeve Stevens [01:12:57]:
This AI, this, like, proving it wasn’t you or the AI did it. My AI home got out of control. These are going to go mad, and bridges are gonna become more frequently and just how we started this conversation. What’s gonna happen when we hear the big giant breaches? We’re gonna look at the TV, we’re gonna nod ahead and go, uh-huh. And is it gonna change our behavior? Nope. Has Optus and MediBank and the others changed our behavior in any way? Could they have? Is it anything that we could do differently to not we can’t not give our documents to these organizations, otherwise we don’t get anything. Do these big scary things actually enable us in any way to change our behavior? So I don’t it’s not like that we have I don’t see the government’s new service plan, what they’re trying to do, as being the final solution for us. It’s gonna be helpful, but given that these organizations will be connecting to the government to verify the data, all that you need is a network to be hacked before that that that same thing happens.
Skeeve Stevens [01:14:00]:
And they’ll be able to access the government’s data, maybe via that way. It’s not like we’ve even got some proposals in place that are gonna make things better. I there did hope that getting kids off social media will help them mentally and mental health wise and things like that. I think that that may help the 9 8, 9 year olds coming through. Don’t know. How we fix the ones that are already broken. I’d see that potentially better, but I don’t know how to help with the general population. I don’t know if the government spent $1,000,000,000 tomorrow on education if it would help.
Skeeve Stevens [01:14:34]:
The only thing, as I said before, is if you start to bring in laws that controls the thought, we have nothing like that, nothing on the table, nothing suggested for years, because obviously that thing gets talked that sort of thing gets talked about for years. Have we got lectures coming up? Has anyone mentioned that? No. Which means it’s not gonna be on anyone’s agenda for 5 years potentially. And where will all this be in 5 years? This political and government and election things moves and policy moves too slowly for what’s happening now. But imagine if the government suddenly tomorrow jumped up and put out all these laws, which the code would get through the lighthouse or something like that, depending on the housing policy through. How are they gonna get things that and and and those are designed to help society. These will be designed to help society as well. And if they can’t get them through, then we’re we’re stuck.
Skeeve Stevens [01:15:26]:
We’re just gonna go down further and further with more people being badly affected by the weaponization of technology. But I’ve already done simulations and scenarios. I’m not really gonna go into them because I don’t really want people coming up with ideas on how AI can be misused. And I’ve talked I’ve talked about it in a couple of closed briefings, and people just response is tell us that can’t happen. And other people were just like, yeah. That’s actually not the future that we could go and create that today. Got the tools to do some of these things today. It’s now it’s just what’s gonna happen.
Skeeve Stevens [01:16:05]:
So all we need is the bad people to do things worse, and it’s gonna happen.