Infosec 2013: Key industries must prepare for cyberwars, says expert

In a year that has seen international tensions in the cyber sphere increase significantly, Infosec 2013 was always likely to be dominated by speculation over what this means for businesses and organisations that are critical to the infrastructure of a nation.

And matters intensified this week when Infosec attendee BAE Systems Detica released a statement claiming the Chinese military unit accused of launching mass attacks on the US in February was once again active. The report arrives just a month after South Korea suffered a serious cyber assault on a number of its banks and television broadcasters, so with incidents coming to a head, we sat down with Director of AlienVault Labs Jaime Blasco, whose work includes advising governments on emerging threats.

“The problem is there,” Blasco told us frankly. “We have to work on improving our defence capabilities from those political attacks.”

Causing increasing alarm at government level is the way attackers are managing to target a country’s critical infrastructure, going beyond merely striking a blow at business level. “Specific industries such as energy, transportation, online banking” are more at risk than ever said Blasco. “If these are hit it’s going to cause a lot of problems.”

The AlienVault researcher pointed out that a general lack of harmony in cyber space is exacerbating the problem. Suspicious states continue to build online barriers and withdraw from the wider Internet, accelerating a worrying trend that Blasco predicts will last.

“The Internet was designed to be free and be open, but I think in the future we will see small networks [breaking away]. We have already seen that in Iran with their own intranet. It’s normal and I think we will see that.”

The UN hosted a (largely unsuccessful) behind-closed-doors event to discuss regulation of the Internet in Dubai last December, but Blasco believes the ruling powers are not presiding over Internet governance in a healthy manner.

“The problem with that event and others that are happening right now is that those events should be public and the information there should be public,” he said. “We don’t want 20 or 30 companies managing the future of the Internet.”

The debate was equally prominent at RSA Europe in October last year, when experts debated whether the very future of the Internet was under threat.