It’s the End of the Net as We Know It.

Hi everybody!

Time to tell you about a bunch of really exciting events I’ve been to over the past few weeks. It’s been a fairly crazy mini-tour covering Geneva, Dublin and London non-stop. Two or three days in each city and each time talking to some very interesting people on all sorts of hot topics.

It all started with the United Nation’s International Telecommunication Unit (ITU) meetings in Switzerland. The organization is showing great progress towards developing a common approach to fighting cybercrime on an international level. However, I’m afraid I can’t tell you any further details. It was a very hush-hush private meeting behind closed doors where we discussed some issues I can’t share with you at the moment. Nevertheless – stay tuned and soon I’ll be able to uncover some details…

Next up was Dublin and the F.ounders 2011 conference, which we’ve already mentioned here.

Last stop – the London Conference on Cyberspace. This was quite something – in fact, it unexpectedly turned out to be this year’s best event I was involved in!

The conference, organized by the British Foreign Office, took place on November 1-2 in the Borough of Westminster. I would like to thank the British Foreign Secretary and First Secretary of State William Hague for his personal invitation to me to take part in the event. I must say it was a surprise to find myself as the only “boss” from the IT security industry to address the audience. But then on the other hand I think the Foreign Office made the right choice – big-wigs from competitors would only have given the audience the same old BBB (Boring Business Blah blah blah) and spoiled the event!

The British government did a really great job organizing and promoting the conference, and this is from someone who’s attended hundreds of similar events. Among the speakers were some real heavyweights: British Prime Minister David Cameron, US Vice President Joe Biden, and of course the abovementioned British Foreign Secretary William Hague. James Brokenshire, the British Minister for Crime and Security, was very kind in acting as moderator during my speech. Later I had a private meeting with him discussing pertinent issues regarding cybersecurity. I also had meetings with Ed Vaizey, the UK Minister for Culture, Communications and Creative Industries; Stephen Pattison, the Chief Executive of the International Chamber of Commerce in the UK, and a many other top-ranking officials and businessmen. All meetings were interesting, insightful and enjoyable.

The conference was attended by a couple of hundred VIPs from 40 countries. That’s not all that many for an authoritative infosec gathering, but this one was invitation-only and it wasn’t that easy getting invited. On the flipside the conference was broadcast live over the Internet and widely covered in social media. It was amazing – in just two days I got as many new Twitter followers that I normally get in a fortnight! Thanks everyone!

Plus there was a ton of media attention. I can’t remember so many interviews in just two days. And not just any old interviews, but INTERVIEWS! See for yourself: live talk on Sky News and BBC World; mentions in Forbes, The Financial Times, The Sunday Times, Spiegel, Deutsche Welle and some 50 other high-profile printed and online media. Oh yeah – we had a real blast!

Now, let’s get to the point.

Frankly speaking I thought the conference was going to be just another humdrum phrase-mongering session. Believe me, this is what most infosec events are like. However, things turned to just the opposite. I mean this was the first time I’d ever heard top government officials directly supporting my long-held firm belief that we urgently need some game rules for cyberspace.

And that’s why all the bigwigs got together in London: it seems a lot of the people at the top have finally got their heads round the idea that today’s Internet is on a Highway to Hell, and is a breeding ground for malware and growing cybercrime. Of course, the Net should stay more or less as it is, but we should realize that it has changed to become more than a hangout for meeting people. It directly affects our lives through its use by all kinds of vital services like airports, hospitals, banks, the police, military… you name it!

It comes down to this: the critical global infrastructure depends on the Internet! This is not some kids’ game anymore. A seemingly harmless prank can lead to disastrous consequences. One day we might experience electricity outages, or banks, hospitals or airports stopping functioning – all because of some random malware, or worse – because of a targeted terrorist attack or cyberwar.

The question is not “will it happen?” but “when will it happen?”. Just think of the north-eastern US Blackout in 2003, the Spanair flight 5022 crash in 2008, the infected military drone ground control centers, or the South Korean Internet shortage caused by the Slammer worm outbreak… History contains a lot of examples where malware had really disastrous effects.

With so many aspects of our lives now depending on the Internet I think things will get even worse – especially if we add to the last list the cyber-attack on Estonia and the Stuxnet worm. We are about to experience something even worse – cyber warfare and cyber terrorism. Some governments have already announced they are forming dedicated cyber defense units. I’m pretty sure many others have done the same, but on the quiet. Meanwhile the Pentagon without a moment’s hesitation has equaled a cyber-attack to an act of war and has granted the US military the authority to respond to hacking with physical force. And unfortunately many Hollywood blockbusters (like Die Hard 4) might very possibly become reality – I don’t see it being too much of a stretch of the imagination. Ok, I think I’ve made my point by now.

So, in the face of all the doom and gloom, what are we to do in response? How can we save ourselves from the Internet getting out of control? Are we doomed and gloomed?

These questions, thankfully, were top of the agenda at the London conference. What I liked most of all were the serious intentions, and the problem’s acknowledgement at the highest level – the top international level. There are no borders on the Internet – so those fighting its negative aspects need to also lose borders – at least in this particular fight. Indeed, we can only save the Net (and ourselves too) by joining forces and going beyond national borders and interests. Yes, I mean i-Interpol.

A correct perception of the problem and full understanding of the possible ways of solving it is the way to go and that was what London was all about. David Cameron, Joe Biden, William Hague and many others almost verbatim repeated my long-held idea that without game rules the Internet has no future since it would become way too hazardous for life on the planet. And aye, I did get a kick – or rather, ego boost – by all the top-ranking officials sharing my original thoughts about the future of the Internet :-)

Internet regulation is a moot point and very divisive when it comes to discussing the idea.

Ever since I first outlined my general ideas about Internet regulations I’ve been attacked by all sorts of supposed upholders of net freedom and anonymity. But hold on. We haven’t had the luxury of possession of such things for years already. Internet regulations can’t be said to target freedom and anonymity – because no one has them. Online activity is logged at the Internet service provider level, and is available for both real-time and post-factum investigations. Governments officially declare traffic is snooped upon (and we can only speculate about the number of governments that snoop on traffic unofficially). Just look at online advertising – they know the websites we visit, what search keywords we use, our social preferences, you name it! Net freedom and anonymity are delusions! And the upset and banging-on that accompany their so-called demise are no more than populist rituals based on a lack of understanding of what’s really going on.

So we have public opinion largely believing the populist slogans about age-old freedoms coming under attack. Thus, those who are meant to take care of our security (the authorities) prefer to sweep this topic under the carpet. As a result, by some queer twist of responsibility-taking, instead of protecting our right to freedom we actually sacrifice it! We sacrifice the right to safe Internet surfing and to not get infected by some nasty piece of malware at every step. And of course we also sacrifice the right to high-quality (malware-free) services from banks, companies, hospitals, police, etc.

Could regulations defeat cybercrime once and for all? Certainly not. But the idea is to complicate the cybercriminals’ lot, nip amateur cyber-hooliganism in the bud, and catch the cyber-recidivists. Also to introduce an effective identification system protecting users’ identities, a cyber-law enforcement framework, and a supra-state organization capable of implementing the regulations. Hacking and stealing will stay forever – we’ll just have to live with that. However, hacking and stealing will become much less widespread if regulations come in, reserved to a small, hardened elite – like the bank robbers in Heat, only cyber-robbers. The rest of today’s cybercrime crowd will get the message: no more games, harsh punishment follows the crime. And farewell to amateur hackers’ romanticism!

But, let’s get back to the conference. Let me say it again: I liked it a lot. It was a clear signal that things are finally starting to move in the right direction. I saw there both political will and understanding at the top international level. That’s very positive. It now seems to be dawning on those that count – at the top – that the security industry and governments should start to actively fight cybercrime together.

Still, the issue that keeps me awake at night and which can level our efforts in bringing peace-of-mind to the Internet is the threat of cyber warfare and cyber terrorism. We must try our utmost – together – to prevent both.

Should the Internet become a military-free zone? Should we regulate the usage of cyber weapons the same way we regulate nuclear power with international treaties and organizations? Well, that’s another topic I’ll cover in my next post. Stay tuned!…

You can see more photos fro the London Conference on Cyberspace on my Flickr account.

Trackbacks/Pingbacks

  1. Net voine! | Nota Bene - November 25, 2011

    […] Unlike traditional weaponry, malware can replicate itself ad infinitum. And while a missile can often be controlled in some way, malware tends to attack indiscriminately: nobody knows who it will harm, which corners it will worm its way into. On the inscrutable trajectories of the web, as soon as some black hat launches a malicious program to make some quick cash anything can happen. It’s impossible to calculate what effect it will have, what might be affected by accident and how it could even boomerang back to harm its creators. People tend to make mistakes in everything they do – and writing code, malicious or otherwise, is no exception. There are numerous examples of this kind of “collateral damage” – read my previous post about the fortunes of the Internet . […]

  2. CEO de Kaspersky: “La actividad militar está convirtiendo a Internet en un gran campo minado” | OhMyGeek! - January 10, 2012

    […] A diferencia de las armas tradicionales, el software malicioso puede autorreplicarse indefinidamente. Y, mientras que un misil se puede controlar a menudo de algún modo, el software malicioso suele atacar de manera indiscriminada: nadie sabe a quién perjudicará ni qué caminos atravesará para el ataque. En las inescrutables trayectorias de la web, cuando un ciber-criminal lanza un programa malintencionado para ganar dinero fácil, cualquier cosa puede suceder. Resulta imposible calcular qué consecuencias tendrá, qué podría verse afectado de manera accidental o incluso cómo podría dañar a sus creadores mediante un efecto bumerán. Las personas suelen cometer errores en todo lo que hacen, y la creación de código (malintencionado o no) no es la excepción. Existen numerosos ejemplos de este tipo de “daño colateral” (lean mi artículo sobre el destino de Internet publicado anteriormente). […]

  3. Cyber-Thriller, ver. 2011 | Nota Bene - January 16, 2012

    […] this subject a lot’s already been written, like here and here. So, […]

  4. The Big Euro Freeze & The Munich Security Conference. | Nota Bene - February 7, 2012

    […] I’m a newbie here – I’ve never been involved at this level before (well, if you discount the London Conference on Cyberspace and Davos), but everything seemed to go well! I was on the roundtable, a few meetings and […]

  5. Woodpecker Summit 2012. | Nota Bene - February 20, 2012

    […] the Internet, presentations by Interpol about organizing Cyber Interpol (At last! Eugene has been talking everybody’s ears off about it for ten […]

  6. Cassandra Complex… Not for Much Longer. | Nota Bene - March 17, 2012

    […] The London Conference on Cyberspace […]

  7. The Flame That Changed the World. | Nota Bene - June 14, 2012

    […] of cyber weapons. It’s hard to believe that some virus, a few kilo/megabytes of code can suddenly cause, say, an accident at a nuclear station, a fire on an oil pipeline or a plane crash, isn’t it? But […]

  8. Worse than Cheese: Scary Scenarios Causing Nightmares Now – the Five Main Issues of IT Security. | Nota Bene - July 3, 2012

    […] hundreds of billions. Fortunately, the governments of different countries have at last started constructive dialog on this issue and international projects and regional/national cyber-police units have been […]

  9. Appel à l’action : Internet devrait devenir une zone sans armée. | Nota Bene - September 17, 2012

    […] Contrairement aux armes traditionnelles, le logiciel malveillant peut se reproduire à l’infini. Tandis qu’un missile peut souvent être contrôlé d’une certaine façon, le malware a tendance à attaquer sans faire de distinction : personne ne sait qui il touchera, ni quel virage il prendra sur son chemin. Sur les trajectoires impénétrables du Web, aussitôt qu’un black hat lance un malware pour gagner de l’argent rapidement, tout peut arriver. Il est impossible de calculer l’effet qu’il aura, ce qui pourrait être affecté par accident, et même comment il pourrait nuire à ses créateurs via un effet boomerang. Les gens ont tendance à faire des erreurs dans tout ce qu’ils font – et écrire des codes, malveillants ou autres, n’est pas une exception. Il existe de nombreux exemples de ce genre “de dommages collatéraux” – lisez mon article précédent sur les fortunes d’Internet. […]

  10. Richiamo all’azione – Internet potrebbe diventare una zona franca militare | Nota Bene - September 17, 2012

    […] A differenza delle armi tradizionali, il malware può riprodursi all’infinito. Inoltre, mentre un missile spesso può essere controllato con qualche artificio, il malware tende ad attaccare in modo indiscriminato: nessuno saprà mai in anticipo né di esserne colpito, né attraverso quali canali ed in che modo. Qualsiasi cosa può succedere attraverso le imprevedibili traiettorie del web, una volta che degli hackers abbiano lanciato un programma maligno per racimolare facilmente un po’ di denaro. E’ impossibile in questo caso prevedere quale sarà l’effetto, cosa potrebbe esserne intaccato per caso e se possa avere di riflesso anche un effetto boomerang che danneggi anche i suoi stessi creatori. L’uomo tende a commettere errori in tutto ciò che fa – e la scrittura di codici, la creazione di malware  (o altro), non fanno eccezione. Vi sono numerosi esempi di questo genere di “danni collaterali” – leggete il mio precedente post sulle sorti di Internet. […]

  11. Cenários assustadores que dão pesadelos – os 5 principais problemas da segurança TI | Nota Bene - September 17, 2012

    […] milhões de dólares por ano. Felizmente, os governos de vários países iniciaram, pelo menos, um diálogo construtivo sobre este tema e alguns projectos internacionais e unidades ciber-policiais regionais/nacionais […]

  12. The Flame: a “chama” que mudou o mundo | Nota Bene - September 17, 2012

    […] É difícil de acreditar que um vírus, uns poucos de megabytes de código podem, de repente, causar, por exemplo, um acidente numa estação nuclear, um incêndio num oleoduto ou a queda de um […]

  13. Apelo: a Internet devia ser uma zona desmilitarizada | Nota Bene - September 17, 2012

    […] Ao contrário das armas tradicionais, o malware pode replicar-se indefinidamente. E enquanto que um míssil pode ser controlado de alguma forma, o malware tem tendência para atacar indiscriminadamente: ninguém sabe quem é que vai ser prejudicado, nem que caminhos o malware poderá percorrer até chegar ao seu destino. Nos recantos insondáveis da rede, a partir do momento em que um black hat lança um programa malicioso para ganhar dinheiro fácil, tudo pode acontecer. É impossível calcular que efeito poderá ter, o que é que pode ser afectado por acidente e como pode, até, o “feitiço virar-se contra o feiticeiro”, prejudicando os seus próprios criadores. Há sempre uma tendência para cometermos erros em tudo aquilo que fazemos – e escrever códigos de programação, maliciosos ou não, não é excepção. Há vários exemplos deste tipo de “dano colateral” – falo de alguns num post anterior sobre as fortunas na Internet. […]

  14. Casos e Historias de Miedo que Causan Pesadillas – las Cinco Cuestiones Principales de la Seguridad IT | Nota Bene - September 17, 2012

    […] de millones.  Afortunadamente, los gobiernos de los diferentes países han comenzado por fin un diálogo constructivo sobre este tema, y se han establecido algunos proyectos internacionales, nacionales o regionales en […]

  15. The Flame That Changed the World. | Eugene Kaspersky - November 6, 2012

    […] of cyber weapons. It’s hard to believe that some virus, a few kilo/megabytes of code can suddenly cause, say, an accident at a nuclear station, a fire on an oil pipeline or a plane crash, isn’t it? But […]

  16. Woodpecker Summit 2012. | Eugene Kaspersky - November 6, 2012

    […] the Internet, presentations by Interpol about organizing Cyber Interpol (At last! Eugene has been talking everybody’s ears off about it for ten […]

  17. Call for Action: Internet Should Become a Military-Free Zone. | Eugene Kaspersky - November 6, 2012

    […] Unlike traditional weaponry, malware can replicate itself ad infinitum. And while a missile can often be controlled in some way, malware tends to attack indiscriminately: nobody knows who it will harm, which corners it will worm its way into. On the inscrutable trajectories of the web, as soon as some black hat launches a malicious program to make some quick cash anything can happen. It’s impossible to calculate what effect it will have, what might be affected by accident and how it could even boomerang back to harm its creators. People tend to make mistakes in everything they do – and writing code, malicious or otherwise, is no exception. There are numerous examples of this kind of “collateral damage” – read my previous post about the fortunes of the Internet . […]

  18. The Big Euro Freeze & The Munich Security Conference. | Eugene Kaspersky - November 8, 2012

    […] I’m a newbie here – I’ve never been involved at this level before (well, if you discount the London Conference on Cyberspace and Davos), but everything seemed to go well! I was on the roundtable, a few meetings and […]

  19. 10 Most Significant Events in the Security Field in 2011 | Eugene Kaspersky - November 8, 2012

    […] this subject a lot’s already been written, like here and here. So, […]

  20. Increased Attention Being Paid to Cyber Security Issues | Eugene Kaspersky - November 8, 2012

    […] The London Conference on Cyberspace […]

  21. What Are The Top IT Security Threats? | Eugene Kaspersky - November 8, 2012

    […] hundreds of billions. Fortunately, the governments of different countries have at last started constructive dialog on this issue and international projects and regional/national cyber-police units have been […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: