NASSAU, BAHAMAS – The big data drumbeat is becoming deafening in the technology sector as vendors and analysts rush aboard the latest trend. But one leader in the IT security community is sounding a big warning about big data, and the death of privacy in our increasingly connected world.
Speaking recently at the Russian security vendor’s North American channel partner conference here, Kaspersky Lab CEO Eugene Kaspersky outlined the top five IT security issues that worry him today, and prominent among them was the loss of privacy that the big data trend entails.
“We can forget about privacy. There’s no privacy anymore,” said Kaspersky. “You can have privacy if you live somewhere in the jungle, or the middle of Siberia.”
Too much data is being collected about us, he said. In the U.K., cameras are everywhere. Google has a detailed picture of your online activities, as do other online services. And unless you pay cash and don’t use loyalty program cards, your shopping history is collected and stored as well.
“This is a national security issue. This data can be used not just against people, but against nations,” said Kaspersky.
He’s not sure what the answer is here, particularly with people more and more willing to voluntarily give up their privacy for convenience, but he believes it needs to begin with regulation.
“We should make it forbidden to collect so much information about you. I recognize this as a serious problem,” said Kaspersky. “In some years there will be serious issues based on the fact there’s so much data collected.”
As big a problem as it is, privacy was only fifth on Kaspersky’s threat list. At number four is cybercime, a problem that has been spiraling out of control, but he’s optimistic governments may be waking-up to the seriousness of the issue and taking concrete international action, such as the recent cyber security conference hosted in the U.K.
“I hope this will be the end of the golden age of cybercrime. We’ll see it soon,” said Kaspersky. “With better government controls there will be less attacks and much less pressure on the global economy.”
It’s not a threat per se, but third on Kaspersky’s list is a security solution that he thinks we’ll all be adopting soon: Internet IDs. They’ll be like a digital passport, allowing us to securely access government and private services online seamlessly.
“Kids today are born in the Internet age and they live their lives online. We’re digital immigrants, but they’re digital natives,” said Kaspersky.
Most of them will never go to an election office to vote, he said. That would be a foreign experience to them. They’ll want to vote online, and we need to make sure that can happen, and happen securely, if we want them to be engaged citizens.
“This generation will never vote for the next president or prime minister if there’s not an online election system,” said Kaspersky. “If we don’t have digital IDs even just for government services and online voting that will be the end of democracy. We need to make the system more secure first to make sure the kids don’t ruin it.”
At number two on Kasperky’s list is social media, which he says can be a very dangerous tool in the wrong hands. With traditional media you know who is responsible for the quality and veracity of the information published, but there’s no such controls in the world of social media. He’s fearful that social media is destined to become a dangerous propaganda tool.
“Social media was used to make the Arab Spring hotter, but not all the reports were correct,” said Kaspersky.
Every country has “sleeping problems” and Kaspersky said social media can allow people to light fires under those problems, turning them into revolutions.
“I’m afraid every country could become victims of this sort of attack. Except maybe Switzerland; they’re happy,” joked Kasperky. “China is the only country that’s safe, they have the Chinese firewall and international social media is not allowed.”
Faced with two extremes of 100 per cent freedom or 100 per cent China, both of which Kaspersky calls bad ideas, he said he doesn’t know what the answer is.
And the number one security challenge on Kaspersky’s list is the threat of cyber-war, fueled by attacks on unprotected industrial systems. Everything from power grids to hotel elevators and prison security doors are controlled by IT systems called SCADA, or supervisory control and data acquisition. These systems are old and vulnerable, said
Kaspersky, often running on outdated Windows or Linux systems or even MS-DOS. Many were designed 20 years ago and haven’t been updated since and the 2003 blackouts on the East Coast, he said, were caused by a computer worm that damaged Unix systems.
“An attack could seriously damage the infrastructure of the nation, and there’s no protection against that,” said Kaspersky. “I’m really afraid that cyber wars are the worst-case scenario, because cyber-weapons are much easier to develop and costs much less money. Cyber-weapons replicate themselves.”
There’s also the fact that cyber-weapons often won’t recognize their targets. A nation might build a cyber-weapon to attack a power plant in a neighbouring country, but many power plant control systems are similar so containing the attack can be impossible, with a high risk of collateral damage.
“The only way to prevent this is to redesign all the IT systems that run industrial facilities to run on a secure operating system,” said Kaspersky. “If we had a plan to do that within five years I’m afraid software engineers would be paid as much as football stars, because there’s not enough of them to do all the work.”
In the interim, he said there must be international cooperation and agreements to not develop cyber-weapons and not educate others in their development.
“A cyber-weapon is a boomerang,” he warns. “Sooner or later it will fly back to you.”
Follow Jeff Jedras on Twitter: @JeffJedrasCDN.