Alexander Erofeev answers Kaspersky Academy questions

Alexander Erofeev talks on who is the most interested in IT security knowledge, on life without technology and on predictions of the Internet existence.

In today’s post, we’ll offer the answers to some questions that Kaspersky Academy fielded to Chief Marketing Officer at Kaspersky Lab, Alexander Erofeev. He will tell us about the role that he believes IT security should play in university curriculums and who is most interested in enhancing their knowledge of IT security. He will also talk about the first “predictions” of the Internet by science fiction writers.

1. How would you respond to the claims held by some in academia that IT security is not a science that can or should be included in university curriculum?
IT security is definitely not a science-centific discipline, but should certainly be included in the university curriculum for many established subjects. IT security is a necessary field of knowledge for students who are engaged in a variety of engineering, social, economic and financial problems; as well as those directly involved in IT security. It’s like a course in philosophy or mathematics that is read not only by philosophers and mathematicians.

In my opinion, if we are talking about standard knowledge in the 21st century, it should necessarily involve an understanding of how the IT world works and what dangers are lying in wait for users. Information security is also a must because ignorance of this issue is fraught with unpleasant consequences.

IT security is definitely not science. It is an applied discipline that explains phenomena discovered by other sciences: mathematics, computer science, physics, psychology, and even sociology, because social aspects are especially important here. To draw an analogy with the engineering disciplines: IT security is like the theory of the strength of materials, only in the cyber-world. The difference is that the theory of the strength of materials is necessary for engineers who work with physical objects, whereas in the cyber-world there is a bit of an engineer in all of us even if we do not deal with IT.

2. Who should be the most interested in improving their knowledge of IT security? Government? Intelligence services? Business? Science? The general public? Authorities?
I think this primarily concerns society as a whole, because a higher level of IT security awareness among different groups of people reduces risk and raises the level of credibility in the environment where we live.

People who are engaged in developing cutting-edge technologies should also be interested because there are no state-of the-art technologies without software. This, of course, is important for entrepreneurs too as they would like to have employees who do not need to have obvious things explained, and who clearly understand the consequences of their actions. I do not know if scientists would be interested, but as members of society they probably are. And she secret services, of course, for obvious reasons.

We recently had an interesting experience. We work closely with the Business School at Moscow State University and we told them about our game dedicated to Critical Infrastructure Protection. And suddenly, they responded: “We are interested, we want to participate in that!” I said: “Look guys, you are all businessmen, you’re not IT specialists, you are studying to get an Executive MBA. All of you will run businesses, and none of you, as far as I understand, are going to be engaged in the computer industry”.

They said: “That’s true. But we believe that if we are the ones making the decisions we need to understand which of the threats that jeopardise corporate networks fall under the umbrella of information security. We need to understand that to take right decisions, when we are working with the IT specialists and organising the work of the company in general”. Well, that would be a good way to comprehend the situation.

This is a very good example of why IT security knowledge is important.

3. In the 18th century the doctrine “Back to nature!” was born, calling on mankind to reject technological progress… Is life without computers, cell phones and Internet possible in the 21st century?
The doctrine of “Back to Nature!” was formulated by the French philosopher Jean-Jacques Rousseau. The core of the doctrine was the theory of Natural Human. Its main idea is not in the fact that “humans in the state of nature” lived in a hut but that within each of us lives a “natural human” with “uncorrupted morals” yet we fall prey to the negative influences of civilization and thus need to return to basics. The point is that man is virtuous by nature. Rousseau was not suggesting that we turn away from technological progress.

I’m not sure that modern civilization can remain stable without using a large number of technological achievements. We should understand that even people who now live in isolation from the rest of the Earth’s population to a large extent depend on what is going on in the wider world. They get their medicine, food and information from it; they are connected with it one way or another. Therefore, rejecting technical progress will lead to a drastic reduction in life expectancy, to begin with, and to deterioration in the quality of life.

4. Science fiction writers predicted planes, submarines, atomic bombs and video phones — but none of them predicted the appearance of the Internet. What is the reason for that?

Alexander Pushkin, who is considered by many to be the greatest Russian poet and the founder of modern Russian literature, wrote in one of his fairy tales in verse:

“Tell me, pretty looking-glass,
Nothing but the truth, I ask:
Who in all the world is fairest
And has beauty of the rarest?”
And the looking-glass replied:
“You, it cannot be denied.
You in all the world are fairest
And your beauty is the rarest.”

In literature, not necessarily in science fiction but in the works of famous writers, we often come across descriptions of a place where knowledge is kept. There has always been an opportunity to receive images or to share information remotely, to start an interactive “chat”, just as we have seen in Pushkin’s verses. People could imagine all these things quite well. Maybe it wasn’t called ‘the Internet’, but the general idea of access to knowledge has existed for centuries.

“According to the Ancient Greek philosopher Plato, who definitely wasn’t a sci-fi writer, we have a large but finite resource of knowledge, much of which we cannot remember. If we try, we can recollect more of this knowledge. Plato did not have a practical way of accessing this common pool of knowledge, but he formulated it as a theory. In some ways, this could be viewed as a kind of ‘Internet’, a place where all information can be stored.”

5. What do you think of predictions that soon the most effective — and therefore the only — way to wage war will be to hack the enemy’s computer networks, while tanks, missiles and aircraft carriers will become museum exhibits?

The people who think so suggest that the aim of the war is to inflict maximum damage on the opponent. This is the logic of terrorist-guerrilla warfare. If we proceed from the assumption that future conflicts will involve that kind of warfare, then indeed this proposition has some merit.

But if we open a classic study of military strategy, we see that wars can have different objectives. Damaging the enemy or increasing revenues might be among them. But often the goal is not to capture resources but to annex territory. Yet another goal is to oppress the enemy, not necessarily causing damage. And we must understand that even having captured the enemy’s cyberspace, one must still be able to exploit it correctly.

Although the role of the Internet environment will be very important in the wars of the future, unfortunately conventional methods of warfare will not disappear.

6. If the Nobel Prize was also awarded for IT security, who would be the first winner?

It’s not an easy question. Among the current candidates, maybe Eugene Kaspersky?