Escaping the “black hole”: how to measure cybercrime

How big a threat is cybercrime to UK industry, and how do we deal with it?

The vast majority of parliamentary committee reports do not prompt headlines containing phrases like “losing the war”, “falling into a black hole”, and “a bigger threat than nuclear attack”. Last week’s Home Affairs Select Committee report on e-crime was a notable exception. For those who make a living fighting cyber-crime, however, the report held very little that would shock. Indeed, my colleague Art Coviello spoke at length to the Committee, and whilst he agreed with their assessment that we weren't winning the battle, he had considerable praise for the way both British business and government were coming together around the challenge.

Now the dust has settled somewhat, it’s worth separating reality from hyperbole, and perhaps considering what might actually be done about the problem. To do so, we should begin on a positive note. The headlines came about because the UK features so high on the list of targets for cyber criminals but, in some ways, this is as reassuring as it is a point of concern. The reason we're such a persistent target of attack is because we have so much worth stealing – financial assets, intellectual property and the type of vibrant dynamic business that generates both. We shouldn’t worry if criminals wish to steal from us, but we must work to limit their chances of success. So, what can we do to thwart the criminals? And how well are we doing currently?

The second question is easy to answer, and the answer is: not too badly. We may not be winning the war, but we’re not losing either – the "black hole" of the report is really a sort of jurisdictive black hole, and it’s unlikely to swallow the nation’s finances any time soon. That’s not, however, to deny the scale of the problem, and the question of how we solve it is undeniably complicated. The issue is a truly global one, and criminals have more weapons at their disposal than ever before.

Cyber-security professionals refer to the "attack surface" to describe how cyber-criminals access their victims and, in the space of the last ten years, this has changed beyond all recognition. When the internet was primarily a means of accessing information, the avenues through which cyber criminals could reach their victims were limited, and so was the extent of their potential gains. Now, with almost any product or service available online, with a plethora of different social networks, and with smartphones and many different devices connected to the internet, there are few limits to the means criminals can employ to steal from organisations and individuals.

No individual or organisation can hope to stand alone against this threat. Companies that wish to defend themselves have little alternative but to collaborate on their response to cyber-crime. The criminals themselves see the value of such a strategy, and their information-sharing networks are extraordinarily effective. At our subsidiary RSA, we maintain cyber-security watch posts around the world, and from these we see criminals exchanging data on the vulnerabilities that allow them to steal money and intellectual property from organisations and individuals.

This is a sophisticated and agile underground economy which feeds parasitically on legitimate commerce, and which lawful businesses cannot hope to curb without concerted action. However, even recent discourse on the issue has not sufficiently stressed the importance of collaboration. For example, the CBI’s otherwise very sensible response to the Committee’s report struck a false note in its suggestion we should be "fighting crime in private". That would be a lonely and unsuccessful fight, and it’s crucial that British businesses are aware of how numerous, how skilled, and how efficiently collaborative cyber-criminals are. No organisation could hope to combat them alone.

However, with a coherent framework for businesses to share information on cyber threats, businesses are well-placed to beat the cyber threat. Many business leaders may shy away from the idea of engaging with their competitors and peers in industry, but strong precedents have already been set in sectors at high risk of cybercrime. Financial services is one of these and, while companies in the industry are more protective of proprietary information than those in almost any other, the scale of the threat is such that a formal means of sharing intelligence is a necessity. In financial services, the eFraudNetwork cybercrime watch service allows companies worldwide to securely share information about cyber-crime, so that once one attempted theft is thwarted, the perpetrators cannot simply move on to try the same methods at another organisation.

Such a network is very effective in curbing fraud and theft, and the good news is that this kind of information sharing is not complex or expensive, and need not negatively impact on the competitive advantages or information privacy of the organisations involved. It is a model that could easily be replicated in other industries. Much work is already being done to achieve this; indeed, RSA will shortly release a cyber-threat intelligence model, which will propose a global industry standard framework for business-to-business information sharing. Last week’s Committee report implied that a political intervention is possible so, however it chooses to do so, the business community should act while it is still able to shape a response according to its own priorities. After all, if there’s one thing that we know about cyber criminals, it’s that they never stop working to improve the methods they use. As the lawless learn to attack more effectively, so the lawful must learn to defend better – and no one organisation can succeed in doing this alone.

James Petter is vice president and managing director of EMC UK&I

Photograph: Getty Images

James Petter is vice president and managing director of  internet services company EMC UK&I.

Photo: Getty
Show Hide image

The rise of the green mayor – Sadiq Khan and the politics of clean energy

At an event at Tate Modern, Sadiq Khan pledged to clean up London's act.

On Thursday night, deep in the bowls of Tate Modern’s turbine hall, London Mayor Sadiq Khan renewed his promise to make the capital a world leader in clean energy and air. Yet his focus was as much on people as power plants – in particular, the need for local authorities to lead where central governments will not.

Khan was there to introduce the screening of a new documentary, From the Ashes, about the demise of the American coal industry. As he noted, Britain continues to battle against the legacy of fossil fuels: “In London today we burn very little coal but we are facing new air pollution challenges brought about for different reasons." 

At a time when the world's leaders are struggling to keep international agreements on climate change afloat, what can mayors do? Khan has pledged to buy only hybrid and zero-emissions buses from next year, and is working towards London becoming a zero carbon city.

Khan has, of course, also gained heroic status for being a bête noire of climate-change-denier-in-chief Donald Trump. On the US president's withdrawal from the Paris Agreement, Khan quipped: “If only he had withdrawn from Twitter.” He had more favourable things to say about the former mayor of New York and climate change activist Michael Bloomberg, who Khan said hailed from “the second greatest city in the world.”

Yet behind his humour was a serious point. Local authorities are having to pick up where both countries' central governments are leaving a void – in improving our air and supporting renewable technology and jobs. Most concerning of all, perhaps, is the way that interest groups representing business are slashing away at the regulations which protect public health, and claiming it as a virtue.

In the UK, documents leaked to Greenpeace’s energy desk show that a government-backed initiative considered proposals for reducing EU rules on fire-safety on the very day of the Grenfell Tower fire. The director of this Red Tape Initiative, Nick Tyrone, told the Guardian that these proposals were rejected. Yet government attempts to water down other EU regulations, such as the energy efficiency directive, still stand.

In America, this blame-game is even more highly charged. Republicans have sworn to replace what they describe as Obama’s “war on coal” with a war on regulation. “I am taking historic steps to lift the restrictions on American energy, to reverse government intrusion, and to cancel job-killing regulations,” Trump announced in March. While he has vowed “to promote clean air and clear water,” he has almost simultaneously signed an order to unravel the Clean Water Rule.

This rhetoric is hurting the very people it claims to protect: miners. From the Ashes shows the many ways that the industry harms wider public health, from water contamination, to air pollution. It also makes a strong case that the American coal industry is in terminal decline, regardless of possibile interventions from government or carbon capture.

Charities like Bloomberg can only do so much to pick up the pieces. The foundation, which helped fund the film, now not only helps support job training programs in coal communities after the Trump administration pulled their funding, but in recent weeks it also promised $15m to UN efforts to tackle climate change – again to help cover Trump's withdrawal from Paris Agreement. “I'm a bit worried about how many cards we're going to have to keep adding to the end of the film”, joked Antha Williams, a Bloomberg representative at the screening, with gallows humour.

Hope also lies with local governments and mayors. The publication of the mayor’s own environment strategy is coming “soon”. Speaking in panel discussion after the film, his deputy mayor for environment and energy, Shirley Rodrigues, described the move to a cleaner future as "an inevitable transition".

Confronting the troubled legacies of our fossil fuel past will not be easy. "We have our own experiences here of our coal mining communities being devastated by the closure of their mines," said Khan. But clean air begins with clean politics; maintaining old ways at the price of health is not one any government must pay. 

'From The Ashes' will premiere on National Geograhpic in the United Kingdom at 9pm on Tuesday, June 27th.

India Bourke is an environment writer and editorial assistant at the New Statesman.

0800 7318496