Daniel Maikowski: Are we in a cyberwan state with Russia?
Mikko Hypponen: Hackers associated with the Kremlin have always posed a threat to cyber security in Europe, but over the past few years attempts to attack critical infrastructure have intensified. It is not only about Ukraine, which has become a victim of a Russian assault, but also about other countries bordering Russia, including Poland or Finland.
However, Ukraine with Russian aggression in cyberspace coped surprisingly well.
When Russia attacked Ukraine in 2020, we all expected a real and complete paralysis of Ukrainian critical infrastructure. However, nothing happened. Yes, the Russians managed to break into the servers of the Ukrainian government and carry out several destructive cyber attacks, but they were rather individual incidents.
If we look at Central and Eastern European countries or Nordic countries, it is also difficult to talk about a wide range of Russian cyber attacks. Cyberszpiegia is still a much greater threat to our region.
Why?
Because such threats are more difficult to identify and neutralize. The Russians have been using this type of strategy for over 20 years. Hackers associated with the Kremlin can imperceptibly penetrate to government and even military IT systems and get information that can later be used, e.g. for blackmail or sabotage. So it will not be an exaggeration to say that in a “quiet” state of cyberwall with Russia we have been found not for several years, but for several decades.
What sectors of European critical infrastructure are particularly vulnerable to cyber attacks and cyberszpiegia?
Undoubtedly, energy. No country and any developed society are able to function without electricity today. Even a short Blackout could be catastrophic. Therefore, Europe should take care of this sector in a special way.
Unfortunately, it is different. Let me give you an example. In recent years there have been a series of mergers from the energy industry. This types of mergers were very often associated with the combination of several separate IT systems. Every specialist in the cyber security industry knows perfectly well that with such synergies it is easy to get mistakes and gaps that can be later used by cyber criminals.
Is Europe ready for the next waves of cyber attacks? Not only from Russia?
Both European Union countries and the United States have developed cybersecurity technologies. We have outstanding specialists, we know what threats we can expect and how we should react to them. Does this mean, however, that we are completely resistant to cyber attacks? Absolutely not.
Our biggest problem today is outdated ICT systems, on which critical infrastructure is still based. It is not only about power plants, but also sewage treatment plants or food factory. They often work based on equipment and systems from the 90s or – in a better scenario – from the beginning of the 21st century. Until now, we have tried to protect critical infrastructure by keeping it in “offline mode”, without internet connection. The problem is that isolating such systems is becoming more and more difficult and often impossible. In the end we live in a world where everything is connected with each other.
I always say that TCP/IP (communication protocol on the basis of which the Internet – ed.) Always finds the way to the destination. If connecting to a given network, even the best secured, is theoretically possible, then sooner or later there will be someone who can do it.
In recent months, the number one topic in technology discussions is artificial intelligence and threats related to its development. You are one of the people who refused to sign a letter whose signatories demanded temporarily suspending work on AI systems until “we are sure that their effects will be positive and the risk can be controlled”.
I did not sign this letter for at least for several reasons. First of all, I think that the benefits of the development of AI generative tools prevail over threats, which of course I do not question. Secondly, as humanity, we are not able to “abuse” a given technology. If generative artificial intelligence systems have already existed, they will be further developed and none of us will stop this development.
A similar letter could be written in 1993 and apply to the Internet. At that time, there were also arguments for stopping the further development of this groundbreaking technology. Viruses, internet fraud, dissemination of child pornography, and you could exchange further. If we suspended work on the Internet for six or 12 months, would these threats never occur?
Even if somehow the whole democratic West would agree to temporarily suspend work on AI, there are still “less democratic” countries that will continue such work, thus gaining an advantage over others. I will repeat again: we cannot “abuse” a given technology.
—
Mikko Hypponen –
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
