Cybersecurity of critical infrastructure is a 'mess' and nations must cooperate to fix it, warns Eugene Kaspersky

Kaspersky Lab CEO tells ZDNet that despite potential political tensions, it's in everybody's interest to work together to protect power plants and turbines from hackers.

Eugene Kaspersky, Chairman and CEO, Kaspersky Lab

Kaspersky says Russia and the United States face the same threats from hacking, so must work together to combat it

Image: Max Avdeev

Protecting critical infrastructure such as power and water supplies from cyberattacks is a global issue which requires governments to work together, regardless of any political tensions, because systems and processes which are supposed to keep us safe are dangerously out of date Eugene Kaspersky, CEO of Kaspersky Lab has warned.

His comments come following a string of incidents involving critical infrastructure; ranging from bringing down a Ukranian powergrid to hospital systems being held to ransom.

Kaspersky urged governments to do more to combat the threats hackers pose to power-grids, turbines, reactors and other essential facilities.

"Critical infrastructure; it's about national security, it's about global security in a global economy. So the leading role, it's got to be done by government because they're responsible for the national security and the national economy. They collect taxes, so they have to be responsible for that," he said, citing the importance of designing "cyber strategy to protect the infrastructure in order to make it immune".

Kaspersky pointed out how, when it comes to ensuring buildings are physically secure, there are regulations which must be adhered to, but that there isn't anything of this kind for cybersecurity at all, not even for critical infrastructure.

"Every building, it has regulation and penalties [for not adhering to regulation]. When companies design cyber systems, they do it as they want to do, there's no regulation at all," he said, adding "one of the important steps for governments is to introduce any kind of regulation for cyber systems to manage critical infrastructure, because now, it's zero".

He added: "What's going on with cyber in an industrial environment is a mess".

But how can different nation states work together when there's so much mutual distrust between nations - especially between the US and the likes of Russia and China? Kaspersky told ZDNet that it doesn't matter how those at the top feel about one another, what's important is the police and other agencies work together.

"Actually, what's going on at a political level, sometimes it doesn't reflect on a typical level. For example, cyber police, from Russia, from the United States, from Europol, they're cooperating on a daily basis, they don't have political problems," he said.

"They face the same enemy, so they're working together and the political issues, they're left behind", Kaspersky added.

Speaking at the same event, Cevn Vibert, industrial control security evangelist at industrial IT provider SolutionsPT, argued that governments do understand the challenges surrounding securing critical infrastructure, but rather the problem is they don't know how to implement the changes.

"I think the enterprises, they understand the challenges and the government understand the challenges, but actually, the practical steps of a 'stairway to security' is a very, very different one, where the steps in that stairway are very, very high."

"I think a lot of people are looking forward to some form of regulation; they have it in health, pharmaceuticals and food, for instance, even data protection regulation; we need something like that in the industrial cyber world, it needs some guidance," he said.

For Kaspersky, the ideal situation, he said, is that cybersecurity of critical infrastructure is so tough to attack, that it won't make sense for hackers to spend time and resources on taking it down.

"That's my dream of perfect security; when an attack costs more to implement than the damage it does, when attackers get a negative return on investment and it's so expensive to attack they won't gain a profit. My dream is to reach that level of security," he said.

READ MORE ON SECURITY