Eugene Kaspersky on the cyber jungle
Steve Cassidy braves the tech jungle that is CeBIT to hear the security guru give some sage advice.
It was this audience that Eugene Kaspersky had in mind with his presentation. He didn't dive in especially deep to his topic - not one slide gave any hard numbers behind any of his assertions. What he provided was a rapid-fire tour of the motivations behind the attacks, not the mechanisms.
Every time I use a computer, I am aware of the possibility that someone government, or criminal could be watching.
He wanted the room full of CXO types to sit back in shock and think "wait, this isn't some crazy nerd talking here it's a chief exec, just like me, who knows the limits of my beliefs."
While stories of hackers making their own petrol station discount cards by hacking the sales system of the chain of garages didn't get much attention (they were caught within a month, apparently), the story of a heist lasting five years, of coal from Russian automatic loading systems for coal trains, clearly had a bigger impact.
Incredulity management didn't appear on his big screen, or on the cutesy cartoon board being drawn off to one side of the stage as he spoke. But it ran through his whole presentation. As techies, we all have a responsibility to figure out what the bosses are going to understand, given that they probably won't want to dive into the deep details of what makes an attack work or fail. And, at a certain level, the attack that gets through is the one that someone is too incredulous to spend money protecting against.
With a room full of CXOs, Kaspersky wasn't going to move much below appeals for international standardisation and cooperation to talk specifics about risks to net neutrality. Nor was he going to go into the differences between having to protect a vulnerable machine against its own security holes, or putting imperfect machines behind restricting traffic chokes of some kind. He wanted other people largely, regulators and various forces for social change to shoulder the burden of improving cyber security, mostly by way of very non-technical initiatives like education and legal changes to regulation.
He even had a section on the nature of cyber espionage, though at this point I suspect he realised he was treading on thin ice against his own preferred fixes for the lower-level criminals it's very hard to co-operate internationally when your co-operators are also spying on you.
Right at the end, the master of Ceremonies blindsided him with a final question: "Who worries you more the cyber criminals, or the NSA?"
Eugene Kaspersky hedged his bets with a 90 per cent non-verbal answer. He spread his arms wide and eventually shook the MC by the hand, limiting his words to a carefully non-committal "Thank you very much" before going on to say "Every time I use a computer, I am aware of the possibility that someone government, or criminal could be watching."
It doesn't matter how jolly or engaging you are as a speaker that's a pretty chilling thought.
In This Article
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download