10:10pm UK, Tuesday November 01, 2011
Sam Kiley, security editor
A leading internet security expert has warned that a cyber terrorist attack with "catastrophic consequences" looked increasingly likely in a world already in a state of near cyber war.
Eugene Kaspersky is not given to easy hyperbole. But the Russian maths genius who founded an internet security empire with a global reach, clutched at his thick mop of hair with both hands.
"I don't want to speak about it. I don't even want to think about it," he said.
"But we are close, very close, to cyber terrorism. Perhaps already the criminals have sold their skills to the terrorists - and then...oh, God."
Speaking privately at the London Cyber Conference, Kaspersky told Sky that he believed that cyber terrorism was the biggest immediate threat to have emerged to confront nations as diverse as China and the US.
"There is already cyber espionage, cyber crime, hacktivisim (when activists attack networks for political ends) soon we will be facing cyber terrorism," he said.
Prime Minister David Cameron, talking at the conference, added to the growing chorus of world leaders sounding the cyber alarm.
"We are here because international cyber security is a real and pressing concern," he said.
"Let us be frank. Every day we see attempts on an industrial scale to steal government secrets – information of interest to nation states, not just commercial organisations.
"Highly sophisticated techniques are being employed ... These are attacks on our national interest. They are unacceptable."
He warned that "we will respond to them as robustly as we do any other national security threat".
Britain announced £650 million of extra funding for cyber defence in the Strategic, Defence and Security Review last year and took the threat to 'tier one' making it a top priority.
In the last fortnight two items of malware have been identified which targeted industrial processes and infrastructure.
Duqu, identified by McAfee and Symantec, is believed to be a spyware worm specifically targeting the manufacture of industrial items in European companies.
It shares code with the notorious Stuxnet work which wrecked the uranium enrichment cylinders at Iran's nuclear facilities last year.
This week Symantec published details on Nitro, a piece of malware used to spy on chemical industries, defence contractors and other elements critical to national security, mostly in the UK, the USA and Bangladesh.
Using hacked email accounts and social networking it was injected into systems by unsuspecting workers getting apparently benign emails from people they knew.
It then transmitted stolen information to a 'command and control' location identified as Chinese.
Such attacks are becoming so commonplace that many cyber experts believe that it is certain that they will be used to attack critical national infrastructure - which could mean anything from traffic lights to nuclear power plants.
Foreign Secretary William Hague set up the conference to deal with the problem that there are no international norms or processes to call nations to account for their actions in cyber space. Nor any transnational structures to deal effectively with cyber spies and even criminals.
He has insisted that there would be no British support for suggestions from countries, like China, to impose restrictions on the use of the internet by political activists and social networks.
But delegates will be wrestling with how to deal with one another in this new sphere of foreign and defence policy.
No comments:
Post a Comment