Security Experts:

Eugene Kaspersky: Definition Of 'Cyberwar' In Flux, Threat Of Cyber Weapons Underestimated

Kaspersky Lab's CEO is on a mission to save the world from cyber-war. And along the way, if he can stop those cyber-criminals, that's a bonus.

Enterprise systems are at risk of becoming collateral damage as malware designed to compromise a specific target can get out of control and infect their networks, Eugene Kaspersky, CEO of Moscow-based Kaspersky Lab, told attendees at a student cyber-security conference and competition at NYU-Poly on Friday. In a freewheeling question-and-answer session, Kaspersky fielded questions from the audience on a range of topics, including cyber-war and cyber-terrorism, the difficulties of attribution, and growing cyber-crime.

When talking about the company's current plan to build a secure operating system for industrial systems, Kaspersky emphasized the goal was to make it costlier for adversaries to attempt an attack.

Eugene Kaspersky, CEO Kaspersky Lab"As long as it's cheaper to send cruise missile than to hack then I'm happy," Kaspersky said.

Cyber-warfare and cyber-weapons were very much on Kaspersky mind that day. While it's much easier to know who is behind the attack using conventional weapons, it's difficult to know who is behind a cyber-weapon attack, Kaspersky warned. Stuxnet, to date, is the only cyber-weapon researchers have identified and it was made in a "very professional way" to compromise a nuclear facility in Iran. However it still spread and infected over 100,000 computers around the world, including Chevron, Kaspersky noted. "Governments still don't understand how dangerous cyber-weapons really are," Kaspersky said.

Despite how frequently the word gets bandied about, Kaspersky believed there was still no set definition on what constitutes cyber-terrorism. The definition is in flux because there are distinct groups with different levels of motivation, he said, noting that nation-states will have different reasons for resorting to cyber-terror tactics than hacktivists. Traditional terrorists will also be a player, Kaspersky said.

"The next 10 years we'll see more and more attacks. I'm afraid that other states will join the game. We'll see much more sophisticated attacks," said Kaspersky.

Even when an attack happens, "we can only guess who is behind" the incident, Kaspersky said. It's easy to lay the blame on other countries—U.S. intelligence officials believe the devastating attack on Saudi oil company Aramco this summer was backed by Iran, for example—but there isn't a lot of information available to definitively know who was responsible.

Defense Secretary Leon Panetta hinted last month that Iranians may have been behind the wave of denial of service attacks that affected financial banking institutions, despite there being no hard evidence the Iranian government sanctioned the attacks.

"We're very far from attribution," Kaspersky said.

Kaspersky has said several times in the past that he wasn't concerned about the "who" of attacks, but more about the "what" and "how" when it comes to understanding cyber-threats. While Kaspersky Lab is focusing some of its research and development energies towards the attribution question, the bulk of the effort is on defenses, Kaspersky said.

He discussed how the cloud has made it possible for security companies to detect threats faster and to push out protection sooner than it used to be.

Related Reading: While Connections Exist Between Cyber Weapons, Many Secrets Remain

Subscribe to the SecurityWeek Email Briefing
view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.