(Based on a speech at the Group of 77 Workshop on Preventing and Combating Cybercrime, supported by the Russian Federation and the United Nations Office on Drugs and Crime, Vienna, September 11-12, 2018).
By Evgeny Grigorenko, Head of Public Affairs, Europe
Today, an important topic related to fighting cyberthreats and cybercrime is about challenges related to data management, the resulting deficit of trust in cybersecurity globally, and the respective responses by the private sector. As an example of such a ‘response’ strategy, we would like to provide details of our flagship project – the Global Transparency Initiative.
In their digital investigations of late, public agencies face the issue of data access and collection of so-called e-evidence. While most parties recognize that the right balance should be struck between the two concepts of security and privacy, in reality it’s not easy to get it right – even among like-minded countries. To give few examples:
Globally, law enforcement and security services and, more broadly, nation states, define ‘limits’ to which they can control and manage data in different ways. Related to this, challenges like data localization, access, and suspicions about intentional backdoors and vulnerabilities do not make the lives of data collectors and processors – digital companies – any easier.
Meeting some set of data management rules – nascent regulatory practice – is only part of the challenge. Balkanization, militarization and the collapse of cyber-dialogue are making the task even harder:
What do we – as a private company – see as a way of handling the emerging deficit of trust?
We are focusing on international cooperation with other actors to fight cyberthreats – regardless of the origin and purpose of those cyberthreats. For this goal, we work with organizations like INTERPOL, national CERTs and cyber-police agencies. We organize regular training sessions for them and assist in their cyber-investigations.
In addition, the trustworthiness challenge may be addressed with more transparency – we are ready to give answers to questions about our data management practices and security of products and even to change IT infrastructure to address some theoretical concerns. We are working on putting into practice our Global Transparency Initiative and storing and processing users’ data at our Swiss Data Center. In Switzerland we are also going to open the first of our Transparency Centers. For some regions, we plan to relocate the assembly line of Kaspersky products and threat detection rule databases (AV databases) to Switzerland, where they’ll also be signed with a digital signature before delivery to endpoints. Finally, a new, non-profit organization qualified to conduct technical software reviews and process requests from governments for data access will be established. Its role may be even wider – to create a framework of transparency and trustworthiness for software development.
Overall, we believe that these and some supporting measures will become a kind of gold standard for the cybersecurity industry, and look forward to IT companies, public agencies, NGOs and academia – joining us to become partners in building a safe and secure model for raising trust.