Governments are late in discussing online threats and collaboration around tackling them, according to Eugene Kaspersky,...
chief executive of Kaspersky Lab.
It is good that these discussions are finally taking place, but they are late and should have begun at least eight years ago, Kaspersky told the London Conference on Cyberspace.
Now the discussion is underway, speed is of the essence to ensure businesses and governments respond at the speed of the internet to rapidly evolving threats, he said.
Cyber crime is international in scope, but existing processes for collecting and sharing crucial information to identify the source of attacks are typically slow, said Scott Charney, corporate vice-president, Trustworthy Computing Group, Microsoft.
"Cyber crimes need to be investigated in near real time because logs and other evidence for tracing the source of attacks disappear very quickly," Charney said.
Faster mechanisms for tackling criminal activity are required than the Budapest Convention on Cybercrime will provide, Kaspersky told the conference.
The peer-to-peer approach advocated by the convention - if it ever overcomes resistance by some nations to achieve full ratification - will take too long to deliver results, he said.
A more agile process is required, such as that being piloted by the International Multilateral Partnership Against Cyber Threats (Impact), which falls under the UN's International Telecommunication Union (ITU).
The Impact pilot process does not rely on peer-to-peer communication between law enforcement agencies, but uses a supervisor to facilitate information exchanges.
"This is faster and much easier to achieve; if we wait for the Budapest Convention to come into effect, it will be too late," Kaspersky said.
Of equal importance is building cyber capability and capacity in countries around the world and then establishing 24X7 points of contact to freeze vital data before it vanishes, so that it can be analysed, said Charney.
Like Kaspersky, he emphasised the need for accelerating response across borders, which often involves multiple jurisdictions.
It is key to build relationships and contacts before they are needed so that in an emergency the contact person is known and a relationship with that person is already in place, said Charney.
Having made a late start, Kaspersky said governments need to be more proactive and rapidly increase capacity to share and analyse cyber threat information, especially in the area of industrial attacks.
This kind of attack was highlighted by the discovery of the Stuxnet worm, widely recognised as the first known cyber weapon.
Industrial attacks will only continue to happen and cyber defences need to be designed for extremely professionally designed malware such as Stuxnet, said Kaspersky.
"While Stuxnet had only one target or victim, imagine the consequences of a less well-designed cyberweapon that fails to recognise its true target and attacks thousands of systems that look similar to the target system," Kaspersky said.
In the face of such threats, Kaspersky said computer systems need to be redesigned to military standards to fit reality and respond to attacks in real time.
"If we fail to do this, we may have to take extreme measures such as disconnecting all systems that contain data of high value or introduce some form of internet government," Kaspersky said.
Charney said it was essential to harmonise international approaches, even where legal systems differ. He said this could be done by focusing on ways of achieving agreed outcomes, such as tracing the source of attack.
"By focusing on desired outcomes, a way can usually be found for getting it done," Charney said.