The connected world could suffer a catastrophic blackout unless critical infrastructure is secured, warns a cyber security industry figure. Eugene Kaspersky founder and CEO, Kaspersky Lab, warns that the ramifications of a blackout, like the one recently experienced in Ukraine, are deep reaching. During a blackout none of the devices connected to the Internet of Things would be able to ‘talk’ to each other. By a cyber-attack on critical infrastructure taking control of a country’s power grid, simply nothing would work: no water, no air conditioning, no elevators, no Internet, no mobile network.
Kaspersky says: “Unfortunately this scenario is very real. The world we live in is based upon technologies and ideas which were made 50 years ago. Many of them rely upon an architecture that pre-dates the era of cybercrime. The hackers simply didn’t exist then. As we increasingly depend on technology as the backbone of our civilization, we need to ensure our critical infrastructure is built upon a robust architecture that is not only secure, but immune. If we don’t adopt a security first approach, we will face a very uncertain future.”
Kaspersky Lab recently reported that more than 13,000 industrial control systems (ICS) hosts are exposed to the internet, most probably belonging to large organisations. More than 90pc of these ICS hosts have known vulnerabilities that can be exploited remotely, most in the US (around 30pc) and Europe (around 14pc).
Kaspersky warns that to fully appreciate a connected world, a redesign is needed to protect the critical infrastructure at its core. All the while critical infrastructure continues to run over vulnerable platforms, it remains at high risk of being attacked and leading to a blackout. A ‘security first’ framework, where information security is implemented from the very core, is the best strategy he says. Although, with the burgeoning skills gap, the industry is at danger of not being able to fulfil such a future requirement, so needs to do all it can to train the next generation of cyber security staff.
He says: “It is my dream to live in a world of unhackable devices and I think it is now possible. We have the technologies, we have the solutions, we have the ideas and we have the platforms to be able to design a new generation of software that can keep critical infrastructure secure. But we need the cyber security talent to bring it to fruition.”
