"We have always lived with this tail of Russian hackers"

The general director of Kaspersky Lab, Yevgeny Kaspersky, talks on cyber security in Russia and the world.
"Kaspersky Lab" in recent months has actually been dragged into an international scandal - one of its employees was arrested on suspicion of state treason along with a number of FSB officers. Has this situation affected the work of the company and how is it perceived in the West against the backdrop of growing tension in international relations in the field of cybersecurity, "Evgeny Kaspersky, the main owner and general director of Kaspersky Lab, told Kommersant.

- Kaspersky Lab recently published its financial results for 2016: the company's dollar revenue grew by 4%, to $ 644 million. Do you, as the majority owner of the company, agree with the results?

- I do not like the question, because I do not want to relax the morale of the company with my answer.

- That is, you are hoping for more significant results?

- Simultaneously, yes and no. In general, the company's condition is fairly stable, the balance of revenues and expenses is positive. But three-fourths of our revenues come from national currencies - the euro, rubles and others, which have greatly subsided. And even despite the economic situation, I think that the company has a great potential, which we did not fully implement last year.

- Will it be possible to return to double-digit growth rates?

- It is extremely difficult to return to such indicators, because we have a very large size - the company's volumes no longer allow us to grow on such a scale. Probably, we will be able to grow by 10% or more, but more than 20% are unlikely, something very serious must happen for this, and not on our side - some kind of global upheaval should happen. But in individual businesses, which we are just starting to develop - say, industrial security, services - there I hope not only for double-digit, but also for three-digit growth rates. In addition, we have regions in which, for various reasons, we are not yet very strong. For example, Japan, where the market share is rather small, or Scandinavian countries. Here we can have serious opportunities for growth.

- Is China one of the most promising regions? Despite the fact that the market is very conservative, you recently agreed to resume supplies to the public sector.

- Yes, we agreed, the supplies are already underway. The Chinese market is extremely difficult - it was, is and will be. The Chinese always have a lot of time. If you want to do business in China, be prepared for the fact that you should have a lot of time. These are constant negotiations, meetings, arrangements, then other people come, something else is happening. This is a very long process. When there are real achievements in this process, I do not even make a guess.

- To lift the ban on supplies to the public sector in China, did you resort to the help of Russian officials or diplomats?

- I would not say that we resorted to help, but we once the Russian Embassy in Beijing offered its conference room for the event. We were going to do a mini-conference for the Chinese public sector - the embassy provided its territory.

- Did the diplomats not participate in the negotiations?

- No, here we are.

- Did they plan to attract local investors from these regions to help them develop in complex and promising markets?

- We do not need this. The company is profitable, we are quite satisfied with what we earn.

"Sometimes investors are attracted not only for the sake of money, but also to enter and gain a foothold in a certain market.

- We had such an attempt several years ago, with the General Atlantic Fund, but we were not happy with the experience with investors. There were plans to hold an IPO, I supported them. We tried to operate as a public company, that is, we had a board of directors, strict accountability. But no, it's not mine. Too long decisions are made, too much bureaucratic burden on the company, and not only is the time stretched and the number of pieces of paper increases, but the work that has to be done becomes much more. To get the same effect, a public company, unlike a private company, has to do much more paper steps. What for? Companies go to the exchange to get a simple, easier access to money to motivate employees with options, well, to know how much you are worth. We do not need this method of obtaining cash, we do not pursue an aggressive policy of buying and merging with other companies. If we need money, we have normal, stable ties with the club of banks. The key employees we motivate by the fact that they participate in the program of profit sharing. That is, we do not distribute options-promises, but simply pay with money.

- And what percentage of the proceeds goes to employee benefits?

- I'm not ready to answer this question.

- Do you plan to transfer the position of the general director to someone?

- I'm planning. Nothing is permanent, sometime it will be necessary to leave.

- In the short term?

- When we fully release our safe operating system KasperskyOS, we will maximize this direction, then I will leave. It's just a little beyond the horizon.

- And who are going to convey?

"I will not say, I do not know yet." This is a long process.

- Maybe someone from relatives, sons?

- No, the children are not ready yet, and I'm not sure ... This is absolutely not a family affair, or rather, not necessarily a family one. I do not think that it will be someone from the family.

- You completed the development of KasperskyOS less than a year ago. On what devices is it already in use?

- The first device on which this OS is installed was the Kraftway router. In the line of "smart machines", we recently signed an agreement with AVL - the developer of technologies for automobile engines. We will promote Kasperskyо's platform, expand, and now it is ready to work on the most diverse devices of the "Internet of things", for example, video cameras, WiFi access points. In general, the problem of security of the "Internet of things" is even wider and covers, for example, all transport: cars, ships and locomotives, aircraft. In addition, we are ready to raise our OS on a special application computer (say, for a clerk), where a set of applications is fixed and known in advance. We can also raise a virtual machine on this thing, which then launches various Windows and Linux operating systems, including Astra Linux, which is certified for government agencies.

- Kaspersky Lab was publicly involved in an international scandal in connection with the arrest of the head of the investigation department of computer incidents of Ruslan Stoyanov on suspicion of state treason. How did this incident affect the company's reputation and impact on sales?

- On the reputation ... but not very much. Probably somehow affected, but we did not feel much influence. What really happened, we do not know, and I do not rule out that we will never know. I have no friends in the Investigation Department of the Federal Security Service, I can not know what is happening there. Those different versions that print in the press - this is the information on which I'm trying to build my picture, but so far it is not very evolving.

- But you cooperate with the FSB in the framework of the investigation of cybercrime.

- They are different units, they will not tell me anything, even if they know.

- Was there a negative reaction from clients and partners?

"I did not notice anything like that." But noticed the changes when working with journalists, they began to ask me the same question, this was the main thing.

- Yes, the topic, naturally, excited the press.

- Yes, it's unpleasant.

- In foreign media there was information that Kaspersky Lab and other Russian companies reduced contacts abroad, in particular, they began to cooperate less with American partners and law enforcement agencies.

- With the American - yes, but this is not connected with this situation. This, rather, from that side, there was some cooling and reluctance to directly contact - geopolitical frosts.

- How did you find out about the arrest of Ruslan Stoyanov? As far as I know, it was not in the office.

- No. The employee flew to China and sent his wife an SMS that zachechinilsya. And did not fly. We had an event there, and they tell us that the person was missing, there is none. And then we were notified that an arrest had occurred.

- And he did not say to one of his colleagues or to you about his fears before that?

- Me - for sure, no, I did not really cross with him, that is, in the dining room at the level of "hello - hello."

- In connection with this arrest, the desire to work with law enforcement agencies has not dried up?

- Nothing has changed, we have continued to cooperate and help them solve computer crimes, so we will. The department, which was headed by this employee, continues to work, but there, of course, the head has changed.

- And who is the new leader?

- One of the employees of the department is appointed as acting officer.

- Do not you plan to apply more stringent measures to employees? In Group-IB, for example, they say that they check all employees on a polygraph.

- Absolutely not. In this case, this person worked very closely with the FSB FSB. Even if they did not immediately disclose it, then we will not be able to do it anyway. Checking all in a row is paranoia and it's not right.

- There is a paradox in relations between Russia and the US: American law enforcement agencies responsible for cyber security accuse employees of a similar Russian division - the FSB CIB - of hacking Yahoo. Given such accusations, apparently, the joint work of Russia and the US on combating cybercrime is not going now?

"I'm afraid so." But I would not want this to sound like a signal for Russian cyber crime.

- The fact that states are engaged in proceedings with each other, can provoke the growth of cybercrime in the world?

- Well, I now do not want to answer this question just.

- In the history of "Russian hackers", Yahoo's hacking, arrests of a Kaspersky Lab employee and officers of the FSB, the founder of Chronopay Pavel Vrublevsky, who says that in 2010 he suspected the defendants of the case in the state treasury, wrote letters to the authorities about this. At the same time, Mr. Vrublevsky himself was imprisoned several years ago for organizing a DDoS attack on a competitor, and you, after passing his sentence, wrote about it on Twitter and supported this decision. Did his accusations of many years ago have been the basis of today's business?

- I saw his comments. But I only operate on what I saw in the press. I have no more information - I can not say whether this is true or not. I have no additional elements for this puzzle, which could either confirm or disprove his words.

"Well, you see, now, according to him, he helps punish other criminals."

- Yes, only according to him. I myself do not know him, and I do not want to be a sign either.

- There is such a theory that the third world war can begin precisely with a clash in cyberspace. How realistic, in your opinion, is the unleashing of military conflicts due to actions in the virtual world?

"It's real, but I hope that cyber-weapons will never be used by one state against another or an alliance against the alliance." Because cyber weapons are a very dangerous thing, at least from what I know. I think it will be the same as with nuclear weapons. Two times it was used - and that's all, because it's ugly. Cyber weapons have already been used once - Stuxnet in Iran. The problem is also that cyber weapons are still software and knowledge, and it differs from conventional weapons in that it falls into the wrong hands, it can be implemented, copied and modified. This requires only programmers and hackers, which are quite accessible. My favorite example: even with a cruise missile on hand, few states can copy it. Having on hand a sample of cyber weapons, any state will be able to hire hackers who will deal with it and create an analogue. This is a great danger.

- At the same time WikiLeaks recently posted archives allegedly leaked from the CIA, with information about vulnerabilities and exploits.

- I categorically do not like that the source codes were stolen. If they lay out all the sources, it will be a very bad time for everyone. Because all the bastards of this world will begin to pull these sources and learn from them. We have repeatedly seen that the leakage of some spyware program after a while leads to the emergence of technology used in it, holes and vulnerabilities in criminal crafts. However, it is not necessary to go far, WannaCry demonstrated all this perfectly.

- Did you parse WannaCry? Did it really use technology from a published CIA archive? And, in your opinion, what was the purpose of this action to infect computers - earnings or some testing of opportunities?

- What the attackers had a goal, only they know for sure. It seems that they did not succeed in earning them. But to shake the market and finally show the world that the approach to security needs to be changed, it turned out to be quite right. WannaCry has every chance to become the turning point, which will make companies take a more serious approach to protection. After all, in fact, nothing would have happened if everyone had updated Windows in a timely manner and used complex protective solutions.

- At the end of 2015, you announced a direction for the protection of critical infrastructure (CII) and the release of the Kaspersky Industrial CyberSecurity platform. Tell us, how is it developing now?

- The direction to protect the KII is working, we have customers. There are tasks that we see. First, this thing is very difficult to scale. Is traditional cyber security how it works? The user clicked on the link, downloaded and installed an antivirus. In the office the same: network administrators downloaded the product for protection, deployed, configured and monitored. That is, all solutions are scaled. Industrial safety is not about protecting computer systems - it's protecting technological processes, and at each enterprise they are unique. Therefore, every time we bring our customer technology almost like a box with spare parts, from which we then collect the solution depending on what critical technological processes are in the enterprise. This is not a finished product, each customer has to "twist the bolts." In general, almost as ERP from SAP. Is it scaled? No, it only happens through partners who are certified. We are now in the process of building such a network of partners. But customers can already brag. For example, we protect technological processes at the AGC enterprise - it is one of the world's largest glass manufacturers, including automotive. From Russian clients I can name TANECO. With the "Rosset" they recently launched a pilot. Due to the difficulties with scaling, some of our customers are still waiting in line for implementation. We are actively working with the manufacturers of industrial systems themselves. Emerson, Siemens, Schneider-Electric, GE have already issued us a certificate of compatibility, the list is constantly growing.

What is still important, many already understand that putting defense is not enough. People need to be trained, many incidents happen because of the human factor. We have now fully developed the training process on industrial cybersecurity. This is a two-day training. Now, for example, it is being held by employees of production departments of Rosneft and Tatneft.

- Does Russia's roots and the entire international agenda for "Russian hackers" not hinder the development of this direction abroad? Still, for admission to the objects of CII, you need to gain serious confidence from the customer.

- It all depends on the region. For example, in North America, not taking into account Mexico and Greenland, from the state sector and large enterprises, including those managing objects of the CII, a very conservative attitude to all foreign IT solutions. If you are not an American, forget about supplies to government agencies. That is, they have import substitution - this is not only a slogan, like ours, the entire system is initially built in such a way. Therefore, in North America, we have very little chance of getting any market share. In the rest of the world there are no such barriers. We have always lived with this train about Russian hackers. It was never easy to be a Russian company on foreign markets. When we were just entering the West European market, we started participating in the first exhibitions, we were approached and asked with disbelief: "Russian software company? What, it happens? "Now they are used to it, but they began to add:" Ah, Russian hackers! "So what? Almost nothing has changed. It was not always easy for us to work. We always felt this headwind, which was slightly stronger or slightly weaker - we are used to it. On the contrary, it makes us stronger, clever, clever and inventive, so even more interesting.

- And the image of Russian hackers as the most dangerous consider justified?

- Attribution is very difficult, in fact, we can only do language attribution. All that we see is computer data: applications, traffic, some connections, some language features or time zones. Very often it turns out that Russian-speaking gangs have not only Russians, but also Ukrainians, people from Eastern Europe, that is, it is in fact international. But yes, behind the most complex and professional criminal attacks are Russian-speaking groups. In the world of cyber espionage, according to our observations, except Russian, the loudest sound the correct native English and Chinese. These are the most prominent languages represented, but, besides them, there are many others.

- The State Duma from the beginning of this year is considering the draft law "On the Security of CII Facilities." Have you seen the document and how much it corresponds to the international practice of protecting CII?

"I have not studied it yet, I only know approximately what it says." As usual, this is good and bad. It's good that he finally appeared, and there are the right things. Bad - well, in 2017 in the yard, this should have been done about ten years ago.

- His ten years and wrote - the first version in the middle of zero still appeared.

- "Strong nutlet-4" in 2007 looked and immediately sat down to write, right? Do you remember the film? There about cyberterrorists in their pure form. All other countries that respect themselves have long ago passed the relevant laws. I think Russia was the last one. On the other hand, Russia was the last in the list of countries that admitted that they have cyber armed forces. Everyone said: Americans, Europeans, both Koreans confessed, Japanese, India. Then Russia is somewhere in between: "Well, yes, and we have."

The first countries, which, I think, had real movements motivated by the protection of the FDI, are Israel and Singapore. Even the Americans, who began to think about this for a long time, got stuck in their bureaucratic system and for a long time figured out who their boss is. As a result, smaller but more flexible public entities were the first. In general, the protection of FDI has three stages: understanding the problem, building a plan and implementing it. And most countries have only recently moved from the first stage to real actions to build a protection plan.

- The Russian draft law describes the need for very close cooperation between the KII and GOSOPKA, which is being developed by the FSB. At the same time, many commercial companies, whether banks or telecommunications operators, which are also referred to as KII, do not always willingly share information with law enforcement agencies about incidents in the field of information security.

- Let's share criminal attacks and attacks on KII. For example, from the point of view of financial services, the purpose of an attack on the FIS is not stealing money, but stopping the work of the bank. Yes, banks do not always want to share the details of how many tirits they have from their customers - that's fine. But if the robbery is professional and mass, they still report the data to the authorities for the investigation. Attacks on FDI are essentially terrorist, they concern the very existence of these services, and to protect them they will have to work quite closely with the authorities.

I have not read the Russian definition of CII yet, but in my understanding it is the following. The point is how much the impact on a particular industry paralyzes and damages the rest of our society's activities. That is, KII is a kind of pyramid, where energy is located at the very bottom, because if there is no electricity, then there will not even be a phone to charge. It is clear that the generator will work for a while, and then everything. The second level of the pyramid is transport, telecom and finance. If something from the second level is paralyzed, then the energy will still work, and everything else will stop. And at the third level, everything else is water purification, for example. There is no water - well, we will hold out for some time, for which we will have time to repair, everything else will not arise.

- The "law of Yarovaya", signed last year, also raised a lot of questions from the point of view of cybersecurity. Since July 1, 2018 telecommunication operators will be obliged to store all telephone conversations and Internet traffic of Russians up to six months. How to ensure the safe storage of such an array of data?

- Yes, the volumes are huge. If such information drains, it will be very painful, therefore security measures should be as serious as the amount of information. Not only technical methods of protection should be used, but also logic - for example, splitting information into pieces. With this approach, all bits are stored in different places and are protected in different ways, which reduces the probability of breaking into times. But this is just a huge amount of work. As it is going to regulate the state, I still do not understand. The risks that arise, and the amount of resources that will need to be spent in order to reduce all these risks - well, somehow, yes, I ... Respect, well so swung.

- Tell us about the antitrust case with Microsoft.

- We have two antimonopoly proceedings - one in Russia, and the other in the European Commission. In fact, these are not our first negotiations with Microsoft, they often go. Microsoft regularly makes some changes to the OS, sometimes we do not like it, and then we agree. This time it did not work out.

- In connection with the complaint in the FAS, relations with Microsoft have become more acute?

"Microsoft is a very large company, so if we have a relationship with their legal department, it does not mean that they will somehow influence other aspects of the work. For example, the relationship between the US and Russia is now going through at the best of times, but American cosmonauts are flying from our cosmodromes, titanium is being shipped to Boeing, the economy continues to operate.

- Did other antivirus vendors support you in the lawsuit against Microsoft?

- This problem is common, it is relevant not only for us and even not only for the cybersecurity industry. It is much wider. Some vendors already supported us with a suit in the European Commission, the rest express their position in other ways. We are not accustomed to fighting for fair competition and user rights, and our victory over patent trolls is a good example. If someone else from competitors or colleagues in the workshop decide to join us in this fight, we will be only happy.