Home Insights Opinion Eugene Kaspersky: Why we need to prevent a cyberwar The Kaspersky Lab CEO explains why world powers must work together to avert the threat of a war in cyberspace by gulfadmin March 13, 2016 The history of mankind can make depressing reading. People have been fighting each other – individually or in organised groups – ever since the beginning of time; in every domain and with every available technology. There has been warfare on land, at sea and in the air. So far, thankfully, we have not seen a conflict in space. And we have not seen any serious military action in cyberspace, a manmade domain where warfare is also possible. There has been a huge amount of cyber-espionage in recent years and, of course, there was Stuxnet. The first and, so far, only known computer worm that is believed to specifically target and cause physical damage to industrial equipment. However, virtually all modern infrastructure is run by computers and has some sort of connectivity. And considering that much of the software used is vulnerable to cyberattacks, I am very pleased – and pleasantly surprised – that there has not yet been a major attack on critical infrastructure systems. But I am afraid it is only a matter of time until we witness one. Cyberspace is a fundamentally different battlefield from any other domain. First, the internet has turned the world into a ‘global village’, which means the world’s militaries are always just a stone’s throw away from their targets – and from a possible enemy strike as well. Second, everything can happen almost instantaneously. There is no need for warships to sail half way around the world to engage an adversary or for armoured divisions to be moved across a map. Third, cyberspace offers a lot of opportunities for clandestine warfare as it is often very hard to identify who exactly is staging an attack (offering ample opportunity for false-flag activity). And finally, it is relatively cheap to wage cyberwarfare with the main requirement being experienced computer specialists. No advanced propulsion systems, no cutting-edge armour and no high-end radars – just a sufficient number of motivated geeks and their computers. The big problem is that these seemingly harmless individuals are capable of causing considerable damage, devastation and even death. More and more industrial systems are becoming connected and, according to a 2015 Chatham House report, even nuclear plants around the world have various critical components connected to the internet. An organisation – a state or a terrorist group – that dedicates sufficient software engineering capabilities to target its enemy’s power grid, air traffic system or nuclear facilities could cause utter chaos. There is a paradox about cyberweapons. On the one hand, they can be used as precision-strike military tools. To some extent, this was the case with Stuxnet. There was allegedly a single target in Iran and no further damage beyond that. However, very similar technology can be used to strike civilian infrastructure. This could be viewed as a legitimate target or simply attacked to cause as much damage as possible by an unscrupulous actor. Immediately after this malware is used to strike against an enemy, it is highly likely that it will be researched by technology specialists, by governmentbacked hackers from other countries and possibly by terrorists. This is why any use of a cyberweapon could make the world a more dangerous place. In 2015 Barack Obama and Xi Jinping, the leaders of the United States and China, the two largest economies in the world, struck a deal to curb cyber-espionage. This was seen as a very important step towards building trust around the internet. In the future, there should also be a global cyber-arms control deal that minimises the risk of cyberwar, dramatically raising the stakes for any state willing to use malicious tools to damage critical infrastructure in another country. Recent history shows that arms control works. It may not be perfect but we have not seen many instances where weapons of mass destruction have been used in recent decades. Cyberweapons can cause indiscriminate damage to civilian infrastructure, so they should be treated in the same way as chemical or biological weapons. In spite of all the conflict throughout human history, we can make cyberspace – the latest manmade domain for communication, business, production and entertainment – safe and secure for everyone. 0 Comments