Eugene Kaspersky says change is needed in order to defend against IoT security threats during theatrical appearance at MWC 2017
The halls of Mobile World Congress (MWC) are populated with countless stands extolling the virtues of connected cars and the Internet of Things (IoT), but Eugene Kaspersky used his keynote address to urge the IT industry to make sure the connected future is secure.
In typically quirky fashion, the conference hall was plunged into darkness before Kaspersky claimed to have come from the future to tell the world how to get control back. The premise was simple, he argued.
As more and more critical systems, such as public services and utilities, are moved online, the greater the risk from cybercriminals. He cited massive DDoS attacks, an assault on a Finnish heating system and a campaign against the Ukrainian power grid as examples.
Kaspersky said the problem was that many connected systems and applications are based on aging technology built decades before the issue of cyberattacks were a consideration. Only when they underlying systems that power things like connected cars are changed will this be different.
“The first [connected] car was hacked in 2015 and it was the first known remote hack,” he said. “In 2016 and 2017 there were more, but these were penetration tests from security vendors, not bad guys, who found out all cars are vulnerable.
“Unfortunately we rely on ideas and tech from 40 years ago. [Much of this was] designed when there was no such word as cybercrime. It didn’t exist. We rely on tech that was made without provision for security. If we don’t change that we face bad scenarios.
“I think the only way is to design new systems based on secure software and architecture. Make them not only secure but immune. Is it possible, I think yes.
“It’s my dream to have an unhackable world and you can connect your car to the Internet and it will be secure. I’d like to live in the world of connected devices but we have a lot of things to redesign.
“Let’s live in a world that is safe, secure and machines are under control.”
Kaspersky has been in the cybersecurity industry for 27 years and said the one good thing about the apparent insecure nature of the IoT was more work for his company – and he needed more staff.
“Tell your kids to get to the cybersecurity streams at university,” he asked of the audience, lamenting an apparent skills gap. “I need more employees.”