Eugene Kaspersky, CEO and founder of Kaspersky Lab. Credit: Chris Player
National critical infrastructure, such as power, telecommunications and transportation will be the new battleground in the war against cyber crime, according to Kaspersky Lab founder and CEO, Eugene Kaspersky.
During his keynote presentation at the CeBIT business technology conference in Sydney on 23 May, Kaspersky warned that critical infrastructure systems - many of which are based on legacy supervisory control and data acquisition (SCADA) systems and have IP addresses - are vulnerable because the majority do not have inbuilt cybersecurity features.
The current size of the cybercrime industry is $600 billion per year, according to Kaspersky Lab estimates, which its founder said was 40 per cent of the country's GDP, or enough to pay all the salaries of all players in the AFL for 2600 seasons.
He said these kinds of attacks have already occurred, citing one attack on a Siberian coal mine, and another hitting an oil refinery by breaching the SCADA controllers.
Although both of these incidents involved theft of commodities, Kaspersky said this is not the worst we can expect in the near future.
He said there are three sub-sections of critical infrastructure that are the greatest risk to the general population - first and foremost is power.
"If we don't have electricity, that is the end of civilisation," he said. "Last year and in 2015 there were full-blown cyber attacks against the Ukrainian power grid."
"They switched the power off via accessing the SCADA and they also wiped all the SCADA firmware."
He warned that this is an issue for many such installations around the world - including in Australia - and both government and the private sector were not effectively addressing this issue.
Kaspersky then went on to cover transportation and the possible broarder implications of a cyber attack on these systems, saying that this would be almost as catastrophic as an attack on a power grid.
"We have not seen any reports on cyber attacks on transportation infrastructure yet, but we know at least that cars are vulnerable," he said.
Referring to the highly-publicised Wired car hacking story from the US in 2015, he said that while many think this was a gimmick, all modern cars are run by computers and therefore had potential vulnerabilities which could be important.
"Any good cyber criminal with a USB and physical access to a vehicle can own it," he said.
WikiLeaks revealed in 2016 that the CIA had been working on technologies to breach car systems and gain control remotely.
Kaspersky said this threat was not just an issue for individual transportation, but also for mass transit systems such as planes, trains or shipping.
Sign up for Computerworld eNewsletters.