Nations can no longer afford to go it alone on cyber-security

Cyber-crime knows know borders, so nor should our defences.

Senior representatives from more than 90 governments met in Seoul recently to discuss cyber-space, including cyber-security and cyber-crime. It was the third in a series of international conferences that has followed a push from the UK government to bring a more international perspective to discussions about how to keep cyber-space open while addressing threats.

Cyber-crime does not operate in a world confined by national borders so an international response is our only option. We need to cooperate to protect devices and information infrastructures from malicious entities seeking to steal secrets, deny access to critical services and exploit our identities to commit crimes.

Vulnerable businesses
There is much work to be done. Weaknesses in infrastructures, policy and operations leave us vulnerable and threats to businesses and individuals are frequent and damaging. For example, a sophisticated malicious software recently infected a PC at a small British bakery, then managed to bypass all of the business’s online banking security software and steal £20,000. There is no end to the news of malware, viruses and spam that affect online accounts and home computers.

Recent research indicates that four in five of the UK’s largest quoted companies are unprepared for cyber attacks. The widely reported threats to systems within finance and banking are an uneasy reminder of our vulnerability – and a key priority of the Bank of England and other financial regulators. Even those companies that you might expect to see outsmarting cyber-criminals are not immune. Just a few weeks ago software company Adobe admitted that its system had been hacked and that data from nearly 3 million customers had been stolen. Now there are reports of ransomware attacks across companies in East London’s hi-tech cluster of businesses.

Currently, too many decisions relating to cyber-security rely on inadequate evidence, inconsistent data, deficient reporting and varying rules across networks and systems. This inconsistency on data is apparent in UK government. Two years ago the UK Cabinet Office published a study by Detica, which estimated that cyber-crime costs the UK economy £27bn per year. It gave a breakdown by business sector and type of crime. This type of data is critical for governments, businesses and technology companies to plan appropriate security responses. However, a 2012 study undertaken by Professor Ross Anderson and colleagues for the Ministry of Defence calculated that a more realistic estimate would be closer to £12bn, distributed in significantly different ways to the Detica claims. This would suggest a different pattern of appropriate responses.

Defence beyond borders
A report to which I contributed, Now for the Long Term calls for the creation of an information exchange - CyberEx - to start tackling these issues. It could be funded by governments and businesses with an interest in collecting and analysing data on cyber-attacks to inform their own decisions about cyber-security. Each could share their own information and coordinate with others on responses to international threats. CyberEx could identify weaknesses in the global system, flag up suspicious Internet traffic and malicious software and help countries and businesses develop technical standards for their cyber-security efforts.

It could seek to minimise common vulnerabilities that enable the theft of sensitive information and the distribution of spam through systems, and work closely with international and domestic agencies to prevent common system attacks. The platform could also provide a useful mechanism for stakeholders to work together on responses to collective concerns, such as privacy protection. By providing an accessible, open platform for information exchange, CyberEx could help governments, businesses and individuals to better understand common threat patterns, identify preventative measures and minimise future attacks.

But you are only as strong as your weakest link, so CyberEx would also need to help developing countries improve their cyber infrastructure. For example, Professor Anderson’s MoD study concluded that significant numbers of “stranded traveller” scams and Advance Fee Frauds originate in West Africa, particularly Nigeria.

We are at the start of conversations with interested parties on the potential for CyberEx, so the details of how and where the exchange would be hosted are still to be worked out. The report’s recommendation is a starting point but it is an important one. It could move us closer to using an exchange platform to counter common but high-risk cyber threats. It is a conversation that must continue if we are to meet the challenges posed by increased societal dependence on information infrastructures.

Ian Brown receives funding from the UK Research Councils (currently EPSRC), the European Commission, and BT. He is on the advisory councils of the Open Rights Group, Privacy International and the Foundation for Information Policy Research.

This article was originally published at The Conversation. Read the original article.

The Conversation

We can't fight cyber-crime by ourselves. (Photo: Getty)
Photo: Getty
Show Hide image

The science and technology committee debacle shows how we're failing women in tech

It would be funny if it wasn’t so depressing.

Five days after Theresa May announced, in her first Prime Minister’s Questions after the summer recess, that she was "particularly keen to address the stereotype about women in engineering", an all-male parliamentary science and technology committee was announced. You would laugh if it wasn’t all so depressing.

It was only later, after a fierce backlash against the selection, that Conservative MP Vicky Ford was also appointed to the committee. I don’t need to say that having only one female voice represents more than an oversight: it’s simply unacceptable. And as if to rub salt into the wound, at the time of writing, Ford has still not been added to the committee list on parliament's website.

To the credit of Norman Lamb, the Liberal Democrat MP who was elected chair of the committee in July, he said that he didn't "see how we can proceed without women". "It sends out a dreadful message at a time when we need to convince far more girls to pursue Stem [Science, Technology, Engineering and Mathematics] subjects," he added. But as many people have pointed out already, it’s the parties who nominate members, and that’s partly why this scenario is worrying. The nominations are a representation of those who represent us.

Government policy has so far completely failed to tap into the huge pool of talented women we have in this country – and there are still not enough women in parliament overall.

Women cannot be considered an afterthought, and in the case of the science and technology committee they have quite clearly been treated as such. While Ford will be a loud and clear voice on the committee, one person alone can’t address the major failings of government policy in improving conditions for women in science and technology.

Study after study has shown why it is essential for the UK economy that women participate in the labour force. And in Stem, where there is undeniably a strong anti-female bias and yet a high demand for people with specialist skills, it is even more pressing.

According to data from the Women’s Engineering Society, 16 per cent of UK Stem undergraduates are female. That statistic illustrates two things. First, that there is clearly a huge problem that begins early in the lives of British women, and that this leads to woefully low female representation on Stem university courses. Secondly, unless our society dramatically changes the way it thinks about women and Stem, and thereby encourages girls to pursue these subjects and careers, we have no hope of addressing the massive shortage in graduates with technical skills.

It’s quite ironic that the Commons science and technology committee recently published a report stating that the digital skills gap was costing the UK economy £63bn a year in lost GDP.

Read more: Why does the science and technology committee have no women – and a climate sceptic?

Female representation in Stem industries wasn’t addressed at all in the government’s Brexit position paper on science, nor was it dealt with in any real depth in the digital strategy paper released in April. In fact, in the 16-page Brexit position paper, the words "women", "female" and "diversity" did not appear once. And now, with the appointment of the nearly all-male committee, it isn't hard to see why.

Many social issues still affect women, not only in Stem industries but in the workplace more broadly. From the difficulties facing mothers returning to work after having children, to the systemic pay inequality that women face across most sectors, it is clear that there is still a vast amount of work to be done by this government.

The committee does not represent the scientific community in the UK, and is fundamentally lacking in the diversity of thought and experience necessary to effectively scrutinise government policy. It leads you to wonder which century we’re living in. Quite simply, this represents a total failure of democracy.

Pip Wilson is a tech entrepreneur, angel investor and CEO of amicable