Organizations that run these facilities using supervisory control and data acquisition (SCADA) gear are still gathering data about threats and aren't close to implementing new defenses to counter them, says Eugene Kaspersky, founder and CEO of the company.
"I'm afraid some very bad incidents will occur" before they spring for improvements, he says. Organizations with critical infrastructure to protect are even slower to move on security infrastructure upgrades than corporate enterprises, which are pretty slow, he says.
After determining the threats these organizations still need to discuss the risks and develop strategies for dealing with them. "The good news: Not a lot of attacks like this are happening," Kaspersky says.
Kaspersky Labs is celebrating its 10th year with offices in North America, and Kaspersky was speaking at a lunch with reporters held to celebrate that anniversary.
He says Kaspersky engineers are contributing to work toward a secure operating system for the control systems environment.
And the company has created a cyber security board game that it brings around to conferences and customer sites that simulates a power company under cyber attack. Teams play Kaspersky Industrial Protection Simulation to protect their infrastructure, but it's a tough game. "Not many of them are able to survive," Kaspersky says.
The threat against critical infrastructure is getting greater and at the same time potential adversaries are learning techniques from the exposure of sophisticated state-sponsored cyber attacks, he says.
Conventional criminals like drug smugglers are already hiring software engineers to write malware that helps them carry out their illegal activities through computer networks because it is simpler, safer and less expensive. It's easier to infect the computer system of a port and create a record that certain cargo has already been inspected than it is to sneak it by inspectors, he says.
The next step is for cyber terrorists to follow suit and employ very professional software engineers to carry out attacks. "I don't predict any scenario that is greater than cyber terrorism," Kaspersky says.
To better battle attackers requires better cooperation between various security services within countries but also internationally, he says. "Services need to talk to each other," he says. Laws that mandate reporting cyber activities are needed and users and security professionals in corporate settings need to be educated about how to recognize attack attempts. Kaspersky says it's important to decrease the window of opportunity for criminals by making detection and remediation happen so fast they have little time to do damage even if they do compromise networks.
State-sponsored attacks are becoming more widespread, he says. The number of different languages within attack code is increasing, with English, Chinese and Russian the most common, but also French, Spanish and just recently Arabic in code for an advanced persistent threat.