The crux of the discussions at the Kaspersky Lab cyber conference in Mexico last month focused on the eventuality of cyber war and how best the world could avoid it. Pallavi Sharma writes.
Eugene Kaspersky, CEO, Kaspersky Lab recently debated the eventuality of a cyber war saying that while the evolution of the threat landscape is now plain to see, from ad hoc unplanned attacks to the evolution of advanced persistent threats, his biggest concern is the fact that the Internet provides a range of tools that could easily turn “internal conflict into international turmoil.”
“For instance, the Arab Spring is today inadvertently connected to social networking tools like blogging, YouTube, Twitter and Facebook drawing international attention to political unrest within the country. While the situation is far from being resolved, the country, its people and organisations there in are now fodder to international media attention that in one word is best explained as being negative,” he said.
“What scares me most is that very recently the bloggers associated with the initial reports of the Arab Spring are rumoured to have originated from outside the country in question. Having heard that, I now wonder, what if this was the work of another hacktivist looking to protest an age long, almost traditional way of life? If these rumours are untrue, then it’s good news but if they are true, we have a lot to worry about; for if the Internet and its many tools can be used against one country, how far are we from a scenario where these tools may be used again to recreate a cold war scenario?” Kaspersky added.
The conference brought together a host of international media representatives along with members of Kaspersky Lab’s Global Research and Analysis Team (GREAT), the company’s CEO Eugene Kaspersky and various representatives of internationally recognised law enforcement and regulatory bodies to discuss the eventuality of a cyber war.
“While I do believe that the term ‘war’ is pretty harsh, there is no doubt that nation states are already investing in the latest and the most advanced technologies for espionage and other military operations,” said Michael Moran, assistant director, cyber security and crime at Interpol.
Moran added that cyber criminals have been successful in using the medium of the Internet for financial gain and even to discredit an international organisations reputation. “We fail to realise however, that nation states can or are using the same advanced tools and technology that groups of cyber criminals have so expertly developed and tweaked. A cyber war, then, will only drive attention away from the fundamental issue at hand, is cyber crime, leaving civil society at the mercy of sophisticated criminals that will continue to use the medium of the internet for financial gain,” Moran added.
“ICT is vital for socio-economic development. The repercussions of a crash of this industry would be far more serious and resounding than those of the financial crisis across the world. I believe that although cyber war hasn’t happened yet, it is a real and evolving threat as nation states begin to amass advanced technologies to equip a country’s cyber defences,” said Alexander Ntoko, head, corporate strategy division, International Telecommunication Union (ITU).
During the ensued panel discussion, the experts went on to discuss the need for international governments and law enforcement bodies to collaborate against the growing threat of cyber war.
Kaspersky recommended creating the “International Cyber Security Agency (ICSA)”- an independent global platform for international co-operation and treaties on non-usage of cyber weapons and cyber security regulations for critical infrastructure. “ICSA should also investigate incidents and combat cyber terrorism.”
“I believe that the world must not wait for an international treaty but work towards reaching an accord based on what local law enforcement and governments have already been working on – best practices and theories established. We must consciously establish a framework for collaboration that is based on formalised partnerships between international and local law enforcement together with industry members like Kaspersky and other security companies,” said Ntoko.
Seger suggested that these frameworks and policies must separate issues into manageable portions and not deluge the lines between cyber war and cyber crime. Moran agreed adding that the establishment of an international framework would help agencies like the Interpol do a better job of protecting civic society and citizens by helping law enforcement categorise action based on the spread of the criminal operation, either local or international.
Stefan Tanase, senior security researcher, EEMEA, Global Research and Analysis Team (GREAT), Kaspersky Lab, said that although the efforts of law enforcement agencies and other regulatory bodies aimed at apprehending and prosecuting cyber criminals is fast gaining, there is yet more work to be done.
“2012 marks the year when cyber crime hits maturity, as we see an increasing number of these groups operate like business entities; reinvesting their profits in exit strategies or legal business operations. These groups tend to operate in countries where they can work unhindered by the local authorities, and where cooperation with international law enforcement agencies is poor. On the other hand, international agencies are overwhelmed by reports of cyber criminal activity and lack the resources and skilled manpower to tackle it effectively. Therefore, it comes down to organisations like ourselves to help monitor and track the movements of these groups to help make their jobs just a little bit easier,” he said.
The gathered experts agreed with Tanase’s statements and agreed that while the responsibility to avoid a scenario of cyber war falls to governments, the responsibility to fight cyber crime falls on the shoulders of citizens and law enforcement.
“Nobody is exempt from the threat of a cyber criminal because the Internet provides access to borderless platform for both criminals and victims alike. This is why people and organisations must be proactive and invest in the right anti malware and antivirus technologies; they must establish and execute robust security policies. Most importantly, they must be smart when using the Internet,” said Kaspersky.