Mikko Hyppönen, Chief Research Officer at F-Secure, travels the globe trying to raise awareness on cyber-security, the Internet of Things, connected cars, the Smart City – in short, anything and everything that could be vulnerable to a cyber-attack.
Interview with Mikko Hyppönen, Chief Research Officer of Finnish computer security company F-Secure, on the sidelines of the USI (Unexpected Sources of Inspiration) conference held in Paris on 2-3 July, focusing on digital transformation in companies, where his presentation caused quite a stir.
L’Atelier: During your presentation at the USI conference on Friday, you pointed to the increasing danger of cyber-terrorism. You explained that nowadays cyber-terrorists have enough information to cause havoc on the Internet…
Mikko Hyppönen: Yes, and the problem is getting bigger every day. However, for the moment, we haven’t seen any huge cyber-attacks. Those that have made an impression on us have so far just been about website-hacking, mainly content. But this isn’t going to sort itself out, far from it. Certain extremist groups are quite prepared to launch the kind of attack that no-one wants to have to deal with.
What measures have been taken at government level to counter this threat?
Nowadays it’s vital to be able to combat all kinds of online crime, not just extremism. The authorities need to be trained, organised to operate effectively online. And that means first and foremost understanding how the Internet works. Take for example the intricacies of the Deep Web, The authorities ought to be capable of tracking wrong-doers right down into the Deep Web.
But when you do this, you’re walking a tightrope. We need to give the police the means of working online. However, we also need to be sure that we’re not giving up some of our privacy to no avail. It’s therefore vital that all governments looking to go on the offensive on the Web work in a completely transparent way. As citizens, we need to know exactly what our governments are doing online. Let’s take an example: if I give the State my permission to hack my computer at will as part of a survey they are doing, I need to know if this is going to be useful. We need statistics that quantify how effective these initiatives are and verify that things are being done properly. For the moment, we don’t know which route to take. What is certain though is that we need transparency!
A recent report indicated that the connected car market would be worth $47 billion by 2020. But can we really say they’ll be secure? Wouldn’t cyber-criminals see them as a choice target?
In general, every electronic object that becomes Internet-connected is vulnerable to attack. However, that doesn’t mean the number of attacks will increase, unless there’s a good reason. A hackable car won’t necessarily get hacked. Of course you could stop the car from running properly, deactivate the brakes, for example. But why would anyone do that? More probably people would hack into your car in order to steal it. We’ve already seen weaknesses in the ‘smart’ locking systems of some German cars. And hackers have also targeted Ducati motorbikes.
So is everything that’s ‘smart’ also vulnerable?
Well, the problem with connected objects and the Internet of Things in general is that the companies that create them don’t make security their central concern when designing them. When you buy a connected microwave oven or toaster, online security won’t be a factor in your purchasing decision. We’re building a monster by connecting all these devices in the online world.
Another ‘smart’ market that’s booming is the Smart City. When you talk Smart City you’re talking O.S. Cisco, IBM and many others are designing their own operating systems to work at city scale. If a Windows operating system is vulnerable to attack, couldn’t a ‘smart’ city be just as susceptible?
Yes, in theory this type of attack is possible. But, I repeat, there must be a reason, a motive for an attack. I don’t believe that ordinary gangs and mafia groups are interested in the idea of bringing a city down. How would they make money out of that? On the other hand – and here I come back to my prime concern – cyber-terrorists could indeed target a city.