Nations can no longer afford to go it alone on cyber-security

Cyber-crime knows know borders, so nor should our defences.

Senior representatives from more than 90 governments met in Seoul recently to discuss cyber-space, including cyber-security and cyber-crime. It was the third in a series of international conferences that has followed a push from the UK government to bring a more international perspective to discussions about how to keep cyber-space open while addressing threats.

Cyber-crime does not operate in a world confined by national borders so an international response is our only option. We need to cooperate to protect devices and information infrastructures from malicious entities seeking to steal secrets, deny access to critical services and exploit our identities to commit crimes.

Vulnerable businesses
There is much work to be done. Weaknesses in infrastructures, policy and operations leave us vulnerable and threats to businesses and individuals are frequent and damaging. For example, a sophisticated malicious software recently infected a PC at a small British bakery, then managed to bypass all of the business’s online banking security software and steal £20,000. There is no end to the news of malware, viruses and spam that affect online accounts and home computers.

Recent research indicates that four in five of the UK’s largest quoted companies are unprepared for cyber attacks. The widely reported threats to systems within finance and banking are an uneasy reminder of our vulnerability – and a key priority of the Bank of England and other financial regulators. Even those companies that you might expect to see outsmarting cyber-criminals are not immune. Just a few weeks ago software company Adobe admitted that its system had been hacked and that data from nearly 3 million customers had been stolen. Now there are reports of ransomware attacks across companies in East London’s hi-tech cluster of businesses.

Currently, too many decisions relating to cyber-security rely on inadequate evidence, inconsistent data, deficient reporting and varying rules across networks and systems. This inconsistency on data is apparent in UK government. Two years ago the UK Cabinet Office published a study by Detica, which estimated that cyber-crime costs the UK economy £27bn per year. It gave a breakdown by business sector and type of crime. This type of data is critical for governments, businesses and technology companies to plan appropriate security responses. However, a 2012 study undertaken by Professor Ross Anderson and colleagues for the Ministry of Defence calculated that a more realistic estimate would be closer to £12bn, distributed in significantly different ways to the Detica claims. This would suggest a different pattern of appropriate responses.

Defence beyond borders
A report to which I contributed, Now for the Long Term calls for the creation of an information exchange - CyberEx - to start tackling these issues. It could be funded by governments and businesses with an interest in collecting and analysing data on cyber-attacks to inform their own decisions about cyber-security. Each could share their own information and coordinate with others on responses to international threats. CyberEx could identify weaknesses in the global system, flag up suspicious Internet traffic and malicious software and help countries and businesses develop technical standards for their cyber-security efforts.

It could seek to minimise common vulnerabilities that enable the theft of sensitive information and the distribution of spam through systems, and work closely with international and domestic agencies to prevent common system attacks. The platform could also provide a useful mechanism for stakeholders to work together on responses to collective concerns, such as privacy protection. By providing an accessible, open platform for information exchange, CyberEx could help governments, businesses and individuals to better understand common threat patterns, identify preventative measures and minimise future attacks.

But you are only as strong as your weakest link, so CyberEx would also need to help developing countries improve their cyber infrastructure. For example, Professor Anderson’s MoD study concluded that significant numbers of “stranded traveller” scams and Advance Fee Frauds originate in West Africa, particularly Nigeria.

We are at the start of conversations with interested parties on the potential for CyberEx, so the details of how and where the exchange would be hosted are still to be worked out. The report’s recommendation is a starting point but it is an important one. It could move us closer to using an exchange platform to counter common but high-risk cyber threats. It is a conversation that must continue if we are to meet the challenges posed by increased societal dependence on information infrastructures.

Ian Brown receives funding from the UK Research Councils (currently EPSRC), the European Commission, and BT. He is on the advisory councils of the Open Rights Group, Privacy International and the Foundation for Information Policy Research.

This article was originally published at The Conversation. Read the original article.

The Conversation

We can't fight cyber-crime by ourselves. (Photo: Getty)
Getty.
Show Hide image

Forget fake news on Facebook – the real filter bubble is you

If people want to receive all their news from a single feed that reinforces their beliefs, there is little that can be done.

It’s Google that vaunts the absurdly optimistic motto “Don’t be evil”, but there are others of Silicon Valley’s techno-nabobs who have equally high-flown moral agendas. Step forward, Mark Zuckerberg of Facebook, who responded this week to the brouhaha surrounding his social media platform’s influence on the US presidential election thus: “We are all blessed to have the ability to make the world better, and we have the responsibility to do it. Let’s go work even harder.”

To which the only possible response – if you’re me – is: “No we aren’t, no we don’t, and I’m going back to my flowery bed to cultivate my garden of inanition.” I mean, where does this guy get off? It’s estimated that a single message from Facebook caused about 340,000 extra voters to pitch up at the polls for the 2010 US congressional elections – while the tech giant actually performed an “experiment”: showing either positive or negative news stories to hundreds of thousands of their members, and so rendering them happier or sadder.

In the past, Facebook employees curating the site’s “trending news” section were apparently told to squash stories that right-wingers might “like”, but in the run-up to the US election the brakes came off and all sorts of fraudulent clickbait was fed to the denizens of the virtual underworld, much – but not all of it – generated by spurious alt-right “news sites”.

Why? Because Facebook doesn’t view itself as a conventional news provider and has no rubric for fact-checking its news content: it can take up to 13 hours for stories about Hillary Clinton eating babies barbecued for her by Barack Obama to be taken down – and in that time Christ knows how many people will have not only given them credence, but also liked or shared them, so passing on the contagion. The result has been something digital analysts describe as a “filter bubble”, a sort of virtual helmet that drops down over your head and ensures that you receive only the sort of news you’re already fit to be imprinted with. Back in the days when everyone read the print edition of the New York Times this sort of manipulation was, it is argued, quite impossible; after all, the US media historically made a fetish of fact-checking, an editorial process that is pretty much unknown in our own press. Why, I’ve published short stories in American magazines and newspapers and had fact-checkers call me up to confirm the veracity of my flights of fancy. No, really.

In psychology, the process by which any given individual colludes in the creation of a personalised “filter bubble” is known as confirmation bias: we’re more inclined to believe the sort of things that validate what we want to believe – and by extension, surely, these are likely to be the sorts of beliefs we want to share with others. It seems to me that the big social media sites, while perhaps blowing up more and bigger filter bubbles, can scarcely be blamed for the confirmation bias. Nor – as yet – have they wreaked the sort of destruction on the world that has burst from the filter bubble known as “Western civilisation” – one that was blown into being by the New York Times, the BBC and all sorts of highly respected media outlets over many decades.

Societies that are both dominant and in the ascendant always imagine their belief systems and the values they enshrine are the best ones. You have only to switch on the radio and hear our politicians blithering on about how they’re going to get both bloodthirsty sides in the Syrian Civil War to behave like pacifist vegetarians in order to see the confirmation bias hard at work.

The Western belief – which has its roots in imperialism, but has bodied forth in the form of liberal humanism – that all is for the best in the world best described by the New York Times’s fact-checkers, is also a sort of filter bubble, haloing almost all of us in its shiny and translucent truth.

Religion? Obviously a good-news feed that many billions of the credulous rely on entirely. Science? Possibly the biggest filter bubble there is in the universe, and one that – if you believe Stephen Hawking – has been inflating since shortly before the Big Bang. After all, any scientific theory is just that: a series of observable (and potentially repeatable) regularities, a bubble of consistency we wander around in, perfectly at ease despite its obvious vulnerability to those little pricks, the unforeseen and the contingent. Let’s face it, what lies behind most people’s beliefs is not facts, but prejudices, and all this carping about algorithms is really the howling of a liberal elite whose own filter bubble has indeed been popped.

A television producer I know once joked that she was considering pitching a reality show to the networks to be called Daily Mail Hate Island. The conceit was that a group of ordinary Britons would be marooned on a desert island where the only news they’d have of the outside world would come in the form of the Daily Mail; viewers would find themselves riveted by watching these benighted folk descend into the barbarism of bigotry as they absorbed ever more factitious twaddle. But as I pointed out to this media innovator, we’re already marooned on Daily Mail Hate Island: it’s called Britain.

If people want to receive all their news from a single feed that constantly and consistently reinforces their beliefs, what are you going to do about it? The current argument is that Facebook’s algorithms reinforce political polarisation, but does anyone really believe better editing on the site will return our troubled present to some prelap­sarian past, let alone carry us forward into a brave new factual future? No, we’re all condemned to collude in the inflation of our own filter bubbles unless we actively seek to challenge every piece of received information, theory, or opinion. And what an exhausting business that would be . . . without the internet.

Will Self is an author and journalist. His books include Umbrella, Shark, The Book of Dave and The Butt. He writes the Madness of Crowds and Real Meals columns for the New Statesman.

This article first appeared in the 24 November 2016 issue of the New Statesman, Blair: out of exile