Governments must understand that cyber weapons are extremely dangerous and have to agree not to use them, according to Eugene Kaspersky, founder and chief of security firm Kaspersky Lab.
“It would be good if governments were to sign a treaty against the use of cyber weapons in the same way as they have done against nuclear, biological and chemical weapons,” he told Computer Weekly.
Kaspersky said there was also place for greater cooperation between the various national intelligence agencies to share information about threats and attackers in cyberspace.
Speaking earlier in a panel discussion at the Kaspersky Cyber Security Summit 2013 in New York, he said cyber weapons could easily “boomerang”.
Victims could conceivably modify any cyber weapon used against them, modify it, and then hit their attackers even harder, according to Kaspersky.
Howard Schmidt, former cyber security coordinator for the Obama Administration, said any government that creates a cyber weapon in the belief that it will not be discovered, reverse engineered, and used against it is “playing with fire”.
It would be good if governments were to sign a treaty against the use of cyber weapons in the same way as they have done against nuclear, biological and chemical weapons
Eugene Kaspersky, Kaspersky Lab
Victims of cyber crime alert to the dangers
In the corporate world, Kaspersky said awareness and perception of cyber threats among businesses is not uniform.
“Those corporates that have been attacked are extremely aware and are taking the necessary precautions, while others who are aware are not as committed to action,” he said.
Schmidt said a growing number of real-world attacks is taking cyber security beyond a focused community to company boards.
“Some are now very attuned [to the threats and consequences]. Once a company has been a victim, cyber security becomes an immediate and recurring board-level item for discussion,” he said.
But, where companies are not hit by a significant attack, Schmidt said the awareness of the real threats is filtered to such an extent that it is not being communicated accurately to boards.
Cyber threats demanding attention
At the recent World Economic Forum in Davos, Switzerland, cyber security was a topic of discussion among top world CEOs, but this level of discussion about how it affects business is not happening nearly enough, he said.
Kaspersky said that real data from attacks against major corporations is making it ever easier to talk to businesses about IT security.
“We no longer have to rely on talking about worst-case scenarios, we can talk about what has already happened,” he said.
According to Kaspersky, the highest levels of awareness are in the oil industry, mainly due to recently cyber attacks on oil companies in Iran and Saudi Arabia.
Unfortunately, he said, many in the transportation industry have forgotten the impact of the Slammer and Blaster worms around eight years ago.
“I am afraid we have seen that any industry can be a victim of attack, but the most likely sectors to be targeted include transportation, energy, finance, telecoms and military,” he said.
More on cyber weapons
- US to fast-track cyber weapon development
- Security researchers discover powerful cyber espionage weapon 'Flame'
- Israel launches cyber warfare training programme
- Stuxnet – the prototype cyber weapon?
- Cyber weapon Stuxnet hits China
- Howard Schmidt warns private sector of cyberwar impact
- Stuxnet worm is prototype for cyber-weapon, say security experts
Education in cyber security is called for
In the light of this reality, Kaspersky said business schools should be teaching future business leaders about cyber risks.
He said it is vital that business leaders are taught to think beyond traditional business risks to ensure that there is greater collaboration between business and IT security to ensure business are ready to mitigate cyber risks as well as other risks.
There also needs to be greater efforts by governments and companies to promote education in cyber security, according to Kaspersky.
“The reality is that no country in the world has enough resources. Every government and company should be doing more to ensure more people have the basic and specialist skills needed,” he said.
Schmidt said basic training should include ethics in the cyber world. “If we teach what is right and wrong, the cyber world will be a better place,” he said.
In conclusion, Kaspersky reiterated his call for international cooperation and a treaty on cyber weapons before the world starts seeing attacks that follow the worst-case scenario of cyber terror and global cyber catastrophe.
Financial services associations call for international cybersecurity standards