The connected world in which we live could suffer a catastrophic blackout unless critical infrastructure is secured, warns Eugene Kaspersky founder and CEO, Kaspersky Lab.
The ramifications of a blackout, like the one recently experienced in Ukraine, are deep reaching. During a blackout none of the devices connected to the lauded Internet of Things would be able to ‘talk’ to each other. By a cyberattack on critical infrastructure taking control of a country’s power grid, simply nothing would work. No urban facilities, no water, no air conditioning, no elevators, no Internet, no mobile network.
“Unfortunately this scenario is very real. The world we live in is based upon technologies and ideas which were made 50 years ago. Many of them rely upon an architecture that pre-dates the era of cybercrime. The hackers simply didn’t exist then,” explains Kaspersky. “As we increasingly depend on technology as the backbone of our civilization, we need to ensure our critical infrastructure is built upon a robust architecture that is not only secure, but immune. If we don’t adopt a security first approach, we will face a very uncertain future.”
Kaspersky Lab experts recently revealed that more than 13 thousand industrial control systems (ICS)[1] hosts are exposed to the Internet, most of which probably belong to large organisations. More than 90% of these ICS hosts have known vulnerabilities that can be exploited remotely, the majority of which are located in the US (around 30%) and Europe (around 14%).
Kaspersky warns that to fully appreciate a connected world, a redesign needs to take place to protect the critical infrastructure at its core. All the while critical infrastructure continues to run over vulnerable platforms, it remains at high risk of being attacked and leading to a blackout. A ‘security first’ framework, where information security is implemented from the very core, is the best strategy for the future. Although, with the burgeoning skills gap, the industry is at danger of not being able to fulfil such a future requirement, so needs to do all it can to train up the next generation of cyber security expert.
“It is my dream to live in a world of unhackable devices and I think it is now possible. We have the technologies, we have the solutions, we have the ideas and we have the platforms to be able to design a new generation of software that can keep critical infrastructure secure,” he adds. “But we need the cyber security talent to bring it to fruition.”
[1] Kaspersky Lab expert analysis, based on Shodan ICS Radar & KSN statistics.