Peter Coddington’s name is probably not a household word in the overall business community. But given the tenuous state of cybersecurity in the United States today, it probably should be.
As a leading expert in both the text extraction and mobile phone cybersecurity fields, Coddington is well known in certain very important circles of influence. He is CEO of two cutting-edge technology companies that offer software with the capability to sift through millions of data files at almost light speed. His two companies, PaRaBaL and InTTENSITY, provide critical analysis of the massive amounts of communication generated in today’s fast-paced digital world.
According to Coddington, there are just “too many pages for human beings to read and analyze accurately and efficiently. We can scan and extract at computer speed, providing human researchers with the data they need without requiring them to pour over thousands of documents.” This seamless melding of verb and noun extraction technologies, along with Coddington’s new “human in the loop” module, is taking text extraction to the “point of perfect or near perfect” results.
Cybersecurity, especially as it applies to the newest iteration of mobile phones, is Coddington’s other passion. His company, PaRaBaL, actually trains technology gurus on how to hack into new smartphones like the iPhone so they can lock down security in their organizations. Graduates of Coddington’s iPhone classes even receive an “Ethical Hacking” certificate, acknowledging their readiness for battle against the offshore hacking onslaught.
Right now, the federal government has taken the lead in the emerging text extraction and cybersecurity industries. Private sector companies, Coddington says, are also jumping in, preparing for what promises to be the front end of future cybershock.
Contributing Editor Ken Mays sat down with Coddington in his new offices in the UMBC Research Park recently to discuss the current state of cybersecurity and information analysis. His answers were engaging, eye-opening and perhaps a little unnerving. So fasten your mobile phone seatbelts and read on.
Can you give us an assessment of the current atmosphere for security — what should businesses be doing to protect themselves?
The real problem is philosophical. The main problem with beefing up security is that it’s a hindrance to the operations of any organization. As soon as you have to put security in the way of your company’s objectives or a government agency’s mission, it slows operations down. Most companies and organizations want to avoid this.
Also, cost is part of the equation. Most organizations look at security as an additional cost instead of a mandatory cost. Over $1 trillion in intellectual capital has been lost through hacker theft in the last few years.
So why not just avoid it?
Every business and organization in operation today is open to the nefarious elements out there that want to cause harm to companies or government. To put it in perspective, what we’re talking about here is 2.1 billion Internet users in the world. That adds up to a massive threat load. Anyone with access to the Internet has the potential to hurt any enterprise, whether it’s private organization or the government.
Just how easy is it for someone to do that kind of damage?
It depends on how secure the organizations are, but there is always a way to get in. It all comes down to the willingness of a company to protect itself from this kind of threat.
Is it true that most of the threats are from off-shore?
I don’t know if that’s fair to say. I’m not necessarily an authority in this area. However, it stands to reason that if you’re off-shore in an impoverished area of the world and have Internet access to the wealthier parts of the world, the temptation to grab something for yourself is there. With high speed Internet access, thieves no longer need a car, plane, boat or gun to become a threat.
Research shows that the public is adopting smartphones and mobile devices like iPads as their primary method of communication, including sensitive activities like banking and purchasing products and services. What are the dangers here?
Many people don’t realize that when they use a tablet or a mobile phone, they are moving from a wired connection in their home or office — which can be secured — to a wireless connection which dramatically increases the threat matrix. The threat matrix is expanded because mobile devices are not tethered to a wire. Breaching wireless communications is so much easier — at least five times easier than a wired connection.
Why are mobile devices so hackable?
Tablets and smartphones — like any device that has not been on the market for long — tend to be flimsier and less battle tested. However, there are some major differences. Android phones are more open to threats because they don’t vet their application developers. Anyone can write an Android app. iPhones are safer because they vet every app to ensure quality. Still there are many ways to compromise an iPhone. That’s what we teach in our classes.
So in these classes you are showing how phones are hacked so programmers can write an application that is not hackable?
That’s one aspect to it. However, the other aspect has to do with businesses and organizations that are mainstreaming mobile devices, rolling out iPads and iPhones to their workforce. They need to know where the soft spots are so they can protect themselves by preventing root access to these devices. And root access, as we know, is a very bad thing.
Right now, we have the only real Apple Forensic Lab in the country. We’re the iPhone and iPad security experts.
Since Android has now taken the lead away from Apple in smartphone sales, let’s go back to the Android phones. What do people need to do to protect themselves?
The Android is much more porous because it’s an open system. This makes it much easier to attack. Open standards invite creativity but they are just easier to hack, period. People using Androids need to be very careful about the applications they download and use.
If you had a crystal ball and could see the near future, is there something bad on the event horizon for mobile phone users?
I think there is a major shock event on the horizon, probably involving a high profile hack into the banking or financial industry. Then we will probably see a tightening of security on the now-wild mobile west.
Programmers writing apps out of their basement probably will be affected. There is a loss of creativity there. That’s unfortunate, but increased security often inhibits creativity.
People will also begin looking at open Wi-Fi connections differently. With an open Wi-Fi, someone else can see your mobile device. A smart hacker can easily find a way to login, putting all the information on your phone at risk, including financial data and passwords you have stored.
Changing topics, I understand that you are now able to monitor and analyze social media?
What’s being talked about in the social networks has become a very big deal. Those 2.1 billion people now have their own microphones and their own platform. Now events can happen that create mass hysteria and change the way people think and act.
We have a piece of software in place called The Social Media Command Center that monitors all the activity on the major social networks — tracks what people are saying by subject matter and geographic location. It will even uncover the thought leaders, the people influencing public opinion, so they can be tracked more closely.
For example, we were contacted about the London riots and were able to watch Twitter in real time to see what people were planning. This is very powerful technology, able to protect us from a catastrophic event. We can see in Twitter if someone is threatening the president, or we can monitor pirates communicating with each other in the Indian Ocean. We can monitor and tag the child molesters who are bragging about their exploits on Twitter.
It’s a way to find out what the bad guys are thinking and planning before they have a chance to attack. It’s about turning the social network into an early warning system.
How can we make Maryland a center of innovation for creating technologies to cope with these problems?
I feel passionate on this topic after working for startups in the Silicon Valley in California for 24 years. Both of my companies here in Maryland have a major mission to bring that innovation to this part of Maryland.
The challenges with making Maryland the next center for technology innovation has to do with employee culture and how intellectual property is created and protected. First, let’s look at the culture. Employees here in Maryland can innovate. We have the schools and the talent. What we don’t have is the culture.
Too many employees here are too influenced by government work and the wage labor culture. In other words, many employees feel little or no accountability to where they work — no feeling of ownership, drive and interest in their place of work. Many have a “punch the clock” mentality. They are not focused on how they can actively change the world through their contributions at work.
We need to change this outlook to become a center for innovation. In terms of intellectual property creation, all the government grants are currently geared towards universities, leaving small, innovative companies who want to build new products out of the equation. We need to give these companies the same opportunity as we give the universities.
Ken Mays is president & creative director of Mays & Associates (www.ad-mays.com). He can be reached at 410-964-9701 or at ken@ad-mays.com.
