A Human To Know: Keren Elazari

Conversations with the people who are changing the way we live our lives online
Blog Post
Flickr/Photo: James Duncan Davidson
Sept. 29, 2017

Growing up in Tel Aviv in the 1980s, Keren Elazari read encyclopedia volumes for fun — “that’s as nerdy as it gets!” — and devoured science fiction novels. Fictional characters like Angelina Jolie’s character, Acid Burn, from the movie Hackers, inspired her to become a cybersecurity expert. Known for her 2014 TED talk where she argued that hackers are the Internet’s immune system, Elazari recently became the first hacker to grace the cover of Forbes Israel. I caught up with her over Skype this week to talk about her legacy and work, and what she sees as the biggest cyber misunderstandings and threats today. An edited version of the interview is below.

What do you see as the beginning of our current era of cybersecurity — when the world woke up to these issues as significant threats?

The summer of Stuxnet was a watershed moment for age of cyber warfare. Of course things happened before that, but from a global perspective, the discovery of Stuxnet in 2010 also brought with it the realization that 15,000 lines of code, when deployed with a surgical and strategic goal in mind, can change course of history by preventing nuclear armaments from being developed.

You’ve been immersed in this field since the late 1990s — what do you see as the biggest misconception that people have when it comes to understanding cybersecurity today?

Cybersecurity is not about protecting secrets. When people think about cyber, they think about passwords and privacy — that the purpose of cybersecurity is protect our secrets online. Really, cybersecurity is about protecting and safeguarding our way of life. That this way of life is under attack is evidenced in manipulations of elections, hacks into medical systems, hospitals. We need to focus on building up the trustworthiness, safety and resilience of the elements that we consider to be part of a 21st century society: electricity, freedom of speech, physical safety from cyber attacks via medical devices, cars, planes, shipping. Though of course there are privacy issues, those are not the biggest concerns — it’s not about protecting the confidentiality of the data being gathered by my pacemaker. The horses have already left the barn with regards to privacy and secrets. The safety aspect, that’s the biggest one we should be challenging in the years to come.

What are some of the most significant threats we face to safeguarding our way of life?

The first one is the consolidation of power by a few tech companies and service providers and cloud giants. We see the creation of potentially bipolar ecosystems — the U.S. and China. We could see a reality where you have Chinese web companies and U.S. tech companies, cloud giants that serve Americans and the rest of the world, and not a lot of alternatives or diversity in between. That’s not necessarily just a security concern, that’s a civic concern. What’s exciting to me is witnessing the innovation and tech breakthroughs coming out of European, Middle Eastern and Scandinavian regions. I hope that can tamper the bi-polar tides a bit.

The second is the cybersecurity industry’s massive talent gap between the people who are already working and the expectations of how many people and experts are needed and will be needed in the future. That’s a big challenge and it’s one that relates to inclusivity and diversity: If we try to address that gap without encouraging 51 percent of the population — women — to join the workforce, we’re setting ourselves up for failure.

There’s also a skills challenge in our current workforce. There’s no one who is an expert on IoT security that has more than 10 years of experience. The question is — how do we maintain our relevance and stay as fast as the adversaries? One thing that’s a given is that threat actors, rogue nations and adversaries are not standing still. They are constantly learning and inventing new capabilities, becoming more inventive and more innovative.

What’s next for you? In 30 years, what would you like to be known for?

I really like science-fiction thinking. I’d like to have the capacity to create some real world impact similar to the scope of science fiction — to bring about a massive change. How and which shape, I don’t know. I’m proud of the fact that a lot of people have embraced the point of view [from my TED talk] that friendly hackers are a necessary part of our world and big part of our future. I would like to write a sci-fi book.