Cyber espionage 'extremely dangerous' for international trust: Kaspersky

Cyber espionage 'extremely dangerous' for international trust: Kaspersky

Summary: Individual national strategies for 'cyber resilience' have no place on the borderless internet.

SHARE:
TOPICS: Security, Privacy
2

International agreements are needed to limit online espionage and develop an "international cyber-resilience strategy" to address the threat of digital attacks on critical infrastructure, according to Kaspersky Lab chief executive officer and chairman Eugene Kaspersky.

The ease of conducting cyber espionage is "extremely dangerous" for international trust, Kaspersky told the National Press Club in Canberra on Thursday.

eugene4
Eugene Kaspersky (Image: Screenshot by Chris Duckett/ZDNet)

"If nations don't trust each other in cyberspace, the next step is to separate it [into] two networks. One public network, and one enterprise and government. It's an obvious step, and I'm not the first man to talk about that," he said.

"I'm afraid it's a very bad option ... governments and enterprises will be happier, because they have a secure, unhackable network. Good news? No. First of all, there will be much less investment in the public segment. Governments and enterprises leaving the public space means that the budget's running away. Second, do you have enough engineers to build an Australian national network?"

Kaspersky called for more education for network engineers and security specialists several times during his speech.

He also reinforced his oft-repeated message that attacks against critical infrastructure have the potential to cause collateral damage, as systems other than the intended targets can become infected, and that once a cyber weapon has been deployed, it can easily be reverse-engineered and used by others.

"Unfortunately, the internet doesn't have borders, and the attacks on very different systems somewhere far, far away from you in the very 'hot' areas of this world — maybe in the Middle East, or somewhere in Pakistan or India, or in Latin America, it doesn't matter — they have the very same computer systems, they have the very same operating systems, the very same hardware," he said.

"Unfortunately, it is very possible for other nations, which are not in the conflict, will be victims of the cyber attacks on the critical infrastructure."

Kaspersky cited the examples of American oil company Chevron reporting that its networks had become infected with Stuxnet, the malware originally targeted against Iran's uranium enrichment program, and of Stuxnet reportedly being found in the control network of a Russian nuclear power station whose network was supposedly physically separated from the internet.

"Because cyberspace is exactly the same in all the nations, I think that there is no place for national cyber-resilience strategies," he said.

One key problem is that different government agencies tend to look at cyber espionage and attacks through different lenses.

"Departments which are responsible for national security, for national defence, they're scared to death. They don't know what to do," Kaspersky said.

"Departments which are responsible for offence, they see it as opportunity. They don't understand that in cyberspace, everything you do, it's a boomerang. It will get back to you."

Stilgherrian travelled to Canberra as a guest of Kaspersky Lab.

Topics: Security, Privacy

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Nevertheless

    Spying will continue to occur. I think "cyber-warfare" is likely to inflict a lot of collateral damage (as Stuxnet did), and will therefore (hopefully) fall out of favor, but I don't think national intelligence services (or industrial spies) are ever going to stop trying to intercept communications, which is why encryption needs to be standard on the Internet.
    John L. Ries
  • Well...

    ... he would say that, wouldn't he?

    Careful with that fud, Eugene, your wallet is showing...
    btone-c5d11