The creation of a cyber arms agreement between nations that limits or bans the use of cyber weapons will occur only after something “bad” has happened, according to Kaspersky Lab security researcher David Emm.
Emm told V3 that he believes such a treaty is vital, as cyber weapons, such as Stuxnet, Flame, Duqu and Black Energy, are increasingly developed and deployed against critical systems.
“We’ve got to have a mechanism whereby governments, nations sit down and say: ‘You know that we need rules and regulations, just as we don’t use nuclear and chemical weapons,’ and we know most signatories will agree to that,” he said.
However, Emm is dubious that this will occur until a major incident forces the issue.
“We need to get to the point where we have cyber arms limitations and that might well come, but I think something bad has to happen before there will be enough impetus to do it,” he said.
Cyber weapons have already had real-world impacts, most notably with the Stuxnet attack against Iranian nuclear facilities and BlackEnergy used against Ukrainian power plants late last year.
Kaspersky regularly tracks such incidents, although Emm said that it has recently gone slightly quiet on this front. However, this doesn’t mean that attacks or new threat vectors have been created but that they remain undetected.
A digital kitemark
Emm also told V3 that a digital kitemark is needed to help ensure that internet-connected devices, from Internet of Things (IoT) sensors to toys, follow basic security practices.
Emm said that recent incidents, such as the discovery that hackers could access WiFi networks via a Hello Barbie doll, showed that security is not being considered when looking at new technology ideas.
This situation is only going to get worse as more internet-connected products enter the consumer and business worlds.
Emm explained that manufacturers could use a digital kitemark to show that they have built in the necessary controls such as encrypting data sent over WiFi, or that software can be patched.
“If you buy a child’s toy and it’s not fire retardant or doesn’t have the build quality that a child’s toy needs there will be an issue and it will get fixed,” he said, adding that kitemarks give the assurance to parents that these vulnerabilities are covered.
“We don’t have a digital kitemark but it may be that we need one. Parents can't be expected to know about technology at an in-depth level, in the same way that they don’t know if it’s fire retardant. But having a kitemark gives that assurance.”
Emm suggested that the government should lead on such an initiative, as it is unlikely that global cyber agreements it can be reached individually in the UK.
The government could do it unilaterally, he said, and say: 'If you want to sell these things here, you need to go through this.'
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago