Escaping the “black hole”: how to measure cybercrime

How big a threat is cybercrime to UK industry, and how do we deal with it?

The vast majority of parliamentary committee reports do not prompt headlines containing phrases like “losing the war”, “falling into a black hole”, and “a bigger threat than nuclear attack”. Last week’s Home Affairs Select Committee report on e-crime was a notable exception. For those who make a living fighting cyber-crime, however, the report held very little that would shock. Indeed, my colleague Art Coviello spoke at length to the Committee, and whilst he agreed with their assessment that we weren't winning the battle, he had considerable praise for the way both British business and government were coming together around the challenge.

Now the dust has settled somewhat, it’s worth separating reality from hyperbole, and perhaps considering what might actually be done about the problem. To do so, we should begin on a positive note. The headlines came about because the UK features so high on the list of targets for cyber criminals but, in some ways, this is as reassuring as it is a point of concern. The reason we're such a persistent target of attack is because we have so much worth stealing – financial assets, intellectual property and the type of vibrant dynamic business that generates both. We shouldn’t worry if criminals wish to steal from us, but we must work to limit their chances of success. So, what can we do to thwart the criminals? And how well are we doing currently?

The second question is easy to answer, and the answer is: not too badly. We may not be winning the war, but we’re not losing either – the "black hole" of the report is really a sort of jurisdictive black hole, and it’s unlikely to swallow the nation’s finances any time soon. That’s not, however, to deny the scale of the problem, and the question of how we solve it is undeniably complicated. The issue is a truly global one, and criminals have more weapons at their disposal than ever before.

Cyber-security professionals refer to the "attack surface" to describe how cyber-criminals access their victims and, in the space of the last ten years, this has changed beyond all recognition. When the internet was primarily a means of accessing information, the avenues through which cyber criminals could reach their victims were limited, and so was the extent of their potential gains. Now, with almost any product or service available online, with a plethora of different social networks, and with smartphones and many different devices connected to the internet, there are few limits to the means criminals can employ to steal from organisations and individuals.

No individual or organisation can hope to stand alone against this threat. Companies that wish to defend themselves have little alternative but to collaborate on their response to cyber-crime. The criminals themselves see the value of such a strategy, and their information-sharing networks are extraordinarily effective. At our subsidiary RSA, we maintain cyber-security watch posts around the world, and from these we see criminals exchanging data on the vulnerabilities that allow them to steal money and intellectual property from organisations and individuals.

This is a sophisticated and agile underground economy which feeds parasitically on legitimate commerce, and which lawful businesses cannot hope to curb without concerted action. However, even recent discourse on the issue has not sufficiently stressed the importance of collaboration. For example, the CBI’s otherwise very sensible response to the Committee’s report struck a false note in its suggestion we should be "fighting crime in private". That would be a lonely and unsuccessful fight, and it’s crucial that British businesses are aware of how numerous, how skilled, and how efficiently collaborative cyber-criminals are. No organisation could hope to combat them alone.

However, with a coherent framework for businesses to share information on cyber threats, businesses are well-placed to beat the cyber threat. Many business leaders may shy away from the idea of engaging with their competitors and peers in industry, but strong precedents have already been set in sectors at high risk of cybercrime. Financial services is one of these and, while companies in the industry are more protective of proprietary information than those in almost any other, the scale of the threat is such that a formal means of sharing intelligence is a necessity. In financial services, the eFraudNetwork cybercrime watch service allows companies worldwide to securely share information about cyber-crime, so that once one attempted theft is thwarted, the perpetrators cannot simply move on to try the same methods at another organisation.

Such a network is very effective in curbing fraud and theft, and the good news is that this kind of information sharing is not complex or expensive, and need not negatively impact on the competitive advantages or information privacy of the organisations involved. It is a model that could easily be replicated in other industries. Much work is already being done to achieve this; indeed, RSA will shortly release a cyber-threat intelligence model, which will propose a global industry standard framework for business-to-business information sharing. Last week’s Committee report implied that a political intervention is possible so, however it chooses to do so, the business community should act while it is still able to shape a response according to its own priorities. After all, if there’s one thing that we know about cyber criminals, it’s that they never stop working to improve the methods they use. As the lawless learn to attack more effectively, so the lawful must learn to defend better – and no one organisation can succeed in doing this alone.

James Petter is vice president and managing director of EMC UK&I

Photograph: Getty Images

James Petter is vice president and managing director of  internet services company EMC UK&I.

Getty
Show Hide image

The deafening killer - why noise will be the next great pollution scandal

A growing body of evidence shows that noise can have serious health impacts too. 

Our cities are being poisoned by a toxin that surrounds us day and night. It eats away at our brains, hurts our hearts, clutches at our sleep, and gnaws at the quality of our daily lives.

Hardly a silent killer, it gets short shrift compared to the well-publicised terrors of air pollution and sugars food. It is the dull, thumping, stultifying drum-beat of perpetual noise.

The score that accompanies city life is brutal and constant. It disrupts the everyday: The coffee break ruined by the screech of a line of double decker buses braking at the lights. The lawyer’s conference call broken by drilling as she makes her way to the office. The writer’s struggle to find a quiet corner to pen his latest article.

For city-dwellers, it’s all-consuming and impossible to avoid. Construction, traffic, the whirring of machinery, the neighbour’s stereo. Even at home, the beeps and buzzes made by washing machines, fridges, and phones all serve to distract and unsettle.

But the never-ending noisiness of city life is far more than a problem of aesthetics. A growing body of evidence shows that noise can have serious health impacts too. Recent studies have linked noise pollution to hearing loss, sleep deprivation, hypertension, heart disease, brain development, and even increased risk of dementia.

One research team compared families living on different stories of the same building in Manhattan to isolate the impact of noise on health and education. They found children in lower, noisier floors were worse at reading than their higher-up peers, an effect that was most pronounced for children who had lived in the building for longest.

Those studies have been replicated for the impact of aircraft noise with similar results. Not only does noise cause higher blood pressure and worsens quality of sleep, it also stymies pupils trying to concentrate in class.

As with many forms of pollution, the poorest are typically the hardest hit. The worst-off in any city often live by busy roads in poorly-insulated houses or flats, cheek by jowl with packed-in neighbours.

The US Department of Transport recently mapped road and aircraft noise across the United States. Predictably, the loudest areas overlapped with some of the country’s most deprived. Those included the south side of Atlanta and the lowest-income areas of LA and Seattle.

Yet as noise pollution grows in line with road and air traffic and rising urban density, public policy has turned a blind eye.

Council noise response services, formally a 24-hour defence against neighbourly disputes, have fallen victim to local government cuts. Decisions on airport expansion and road development pay scant regard to their audible impact. Political platforms remain silent on the loudest poison.

This is odd at a time when we have never had more tools at our disposal to deal with the issue. Electric Vehicles are practically noise-less, yet noise rarely features in the arguments for their adoption. Just replacing today’s bus fleet would transform city centres; doing the same for taxis and trucks would amount to a revolution.

Vehicles are just the start. Millions were spent on a programme of “Warm Homes”; what about “Quiet Homes”? How did we value the noise impact in the decision to build a third runway at Heathrow, and how do we compensate people now that it’s going ahead?

Construction is a major driver of decibels. Should builders compensate “noise victims” for over-drilling? Or could regulation push equipment manufacturers to find new ways to dampen the sound of their kit?

Of course, none of this addresses the noise pollution we impose on ourselves. The bars and clubs we choose to visit or the music we stick in our ears. Whether pumping dance tracks in spin classes or indie rock in trendy coffee shops, people’s desire to compensate for bad noise out there by playing louder noise in here is hard to control for.

The Clean Air Act of 1956 heralded a new era of city life, one where smog and grime gave way to clear skies and clearer lungs. That fight still goes on today.

But some day, we will turn our attention to our clogged-up airwaves. The decibels will fall. #Twitter will give way to twitter. And every now and again, as we step from our homes into city life, we may just hear the sweetest sound of all. Silence.

Adam Swersky is a councillor in Harrow and is cabinet member for finance. He writes in a personal capacity.