The infrastructure that helps deliver electricity to homes, powers financial systems and keeps hospitals running is under growing threat from cyberattacks that will only become more complex and numerous in the very near future, warns the founder and chief executive officer (CEO) of security firm Kapersky Lab.
Eugene Kaspersky warns that governments, law enforcement agencies and the facilities and people operating critical infrastructure are not properly prepared for these attacks.
“Traditional crime has recognised the power of cyber,” says Kaspersky, whose firm recently held a panel event on the topic in London. “And the criminals are becoming more professional and more creative.”
Writing in a joint statement, a panel of speakers at the event warns that the world needs to “wake up” to the reality of the risk and respond before similar attacks paralyse more infrastructure.
The group, which includes Kapersky, Leon Brain, land transport security policy advisor at the European Commission (EC) and Jose Palazon, chief technical officer (CTO) of ElevenPaths (Telefonica) recommends industry-wide collaboration, dedicated government regulation, education and tailored protections.
Blurring of offline and online attacks
Historically cyber criminals have focused on digital targets, but the growing number of attacks on infrastructure points to a blurring of online and offline targets with potentially devastating consequences.
From a power station in Ukraine and a steel mill in Germany to banks and broadcasters, a spate of recent cyberattacks have highlighted how vulnerable critical infrastructure is to online criminals. The panel points out that while known targets include oil refineries, power grids, seaports and financial infrastructure, there are likely many more that have either not admitted an attack has happened or – worse – not noticed.
While in a different category of threat, the late-2013 attack on US supermarket chain Target, seen as the biggest in retail history, went unnoticed for months and enabled millions of customer credit card details and addresses to be stolen.
While there’s growing awareness of the issue, Cevn Vibert, Industrial Control Systems Security Evangelist at Solutions PT says organisations “can’t just change overnight”. The complexity of the systems they are trying to insulate, combined with the complexity of the attacks makes this a huge challenge.
Meanwhile Kapersky warns that there is a gap between the standards required of the infrastructure itself and the cyber systems wrapped around them. While there are likely to be regulatory fines if a building doesn’t meet requirements, the same system does not exist for the security software that’s supposed to be protecting it.
“Buildings are built with strict standards, regulations and penalties. Cyber-systems can be set up in whatever way they want,” he says, highlighting the recent discovery that a Paris airport is runs partly on Microsoft software from 1992.
“It’s a mess,” said Kaspersky. “And it’s a mess that criminals can easily exploit.”
Governments need to take the lead in controlling the situation, according to the panel, though education, training and collaboration also need to be features of risk management in these cases.
“Critical infrastructure is about national security, about global security and the global economy,” says Kaspersky. “So governments should play the leading role. They need to introduce regulation for the cyber-systems that manage critical infrastructures. Any regulation will do, as today it’s zero.
“All nations depend on infrastructure, and infrastructure depends on the cyber-systems. These systems are vulnerable so we need to redesign them to make them immune. We are all facing the same enemy and we have a lot of work to do.”
Deutsche Bank plans to partner with fintechs that have complementary business models, rather than buying out tech start-ups and competing in the market, bank executives said at press briefing this week. They also discussed future strategies for the technology, securities and payments spaces.
The European Central Bank's (ECB) hotly anticipated meeting on Thursday afternoon made the euro skyrocket, as president Mario Draghi announced interest rates would remain at 0% and its quantitative easing programme will stay until at least the end of 2017.
The “sad truth” of banking is that many jobs will be automated in the future, Deutsche Bank's chief executive said yesterday. Despite this, a recent survey found that 98% of European workers are optimistic about the changes automation will bring to their workplace.
The US Federal Deposit Insurance Corporation is suing nine European banks for allegedly contributing to the collapse of 39 US banks that had a collective value of more than $440bn (€375.6bn).