AusCERT 2012: Kaspersky says cyber-attacks could “take us back to the pre-electric era”

Eugene Kaspersky has reiterated his long-standing support for Internet IDs, and called for all SCADA systems to be redesigned around a secure operating system, to protect critical infrastructure from cyber-attack.

SCADA is so vulnerable, Kaspersky told the AusCERT audience: “It’s not possible to protect. Stuxnet told us that modern systems are not protected at all. SCADA could be very easy victims – the result of an attack could be like Stuxnet but everywhere.”

He said his company’s research suggests that malware costs the world economy $US100 billion each year, and noted other vendors estimates of the total trillion-dollar cybercrime industry mean that, “because of cybercrime, we have the equivalent of two or three Japanese tsunamis a year” of economic damage.

People “need to understand the danger of cyber-weapons and of cyber-war to ruin national infrastructure. Transportation, power-grids, power plants … it would take us back to the pre-electric era.”

“The only way to protect critical infrastructure – is to redesign SCADA systems based on a secure operating system. It is possible to do, but it requires a redesign of all the software for industrial systems.”

However, Kaspersky said, the only possible way to achieve such a radical redesign of the SCADA world would be with government support. He noted increased government awareness of Internet issues: “Governments have to be leaders … they have to make this world more regulated, more secure. The good news is that finally they recognize that cybercrime is a very serious issue.”

However, at the same time Kaspersky lamented the heavy-handedness of laws such as those being implemented in the UK.

Likewise, Kaspersky said, the increased participation of government in cyberwarfare leads him to believe that escalation is almost inevitable – and, he said, the similarities of different systems around the world means that a cyber-conflict between two countries could result in critical infrastructure attacks in unreleated countries.

“It’s our responsibility to design this world in a more secure way for our children,” was Kaspersky’s conclusion.

#auscert2012

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Vulnerabilities in some Netgear router and NAS products open door to remote attacks

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Continuity Management Solutions

Automate business-continuity and disaster-recovery planning and enable crisis management in one solution.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.