Nations can no longer afford to go it alone on cyber-security

Cyber-crime knows know borders, so nor should our defences.

Senior representatives from more than 90 governments met in Seoul recently to discuss cyber-space, including cyber-security and cyber-crime. It was the third in a series of international conferences that has followed a push from the UK government to bring a more international perspective to discussions about how to keep cyber-space open while addressing threats.

Cyber-crime does not operate in a world confined by national borders so an international response is our only option. We need to cooperate to protect devices and information infrastructures from malicious entities seeking to steal secrets, deny access to critical services and exploit our identities to commit crimes.

Vulnerable businesses
There is much work to be done. Weaknesses in infrastructures, policy and operations leave us vulnerable and threats to businesses and individuals are frequent and damaging. For example, a sophisticated malicious software recently infected a PC at a small British bakery, then managed to bypass all of the business’s online banking security software and steal £20,000. There is no end to the news of malware, viruses and spam that affect online accounts and home computers.

Recent research indicates that four in five of the UK’s largest quoted companies are unprepared for cyber attacks. The widely reported threats to systems within finance and banking are an uneasy reminder of our vulnerability – and a key priority of the Bank of England and other financial regulators. Even those companies that you might expect to see outsmarting cyber-criminals are not immune. Just a few weeks ago software company Adobe admitted that its system had been hacked and that data from nearly 3 million customers had been stolen. Now there are reports of ransomware attacks across companies in East London’s hi-tech cluster of businesses.

Currently, too many decisions relating to cyber-security rely on inadequate evidence, inconsistent data, deficient reporting and varying rules across networks and systems. This inconsistency on data is apparent in UK government. Two years ago the UK Cabinet Office published a study by Detica, which estimated that cyber-crime costs the UK economy £27bn per year. It gave a breakdown by business sector and type of crime. This type of data is critical for governments, businesses and technology companies to plan appropriate security responses. However, a 2012 study undertaken by Professor Ross Anderson and colleagues for the Ministry of Defence calculated that a more realistic estimate would be closer to £12bn, distributed in significantly different ways to the Detica claims. This would suggest a different pattern of appropriate responses.

Defence beyond borders
A report to which I contributed, Now for the Long Term calls for the creation of an information exchange - CyberEx - to start tackling these issues. It could be funded by governments and businesses with an interest in collecting and analysing data on cyber-attacks to inform their own decisions about cyber-security. Each could share their own information and coordinate with others on responses to international threats. CyberEx could identify weaknesses in the global system, flag up suspicious Internet traffic and malicious software and help countries and businesses develop technical standards for their cyber-security efforts.

It could seek to minimise common vulnerabilities that enable the theft of sensitive information and the distribution of spam through systems, and work closely with international and domestic agencies to prevent common system attacks. The platform could also provide a useful mechanism for stakeholders to work together on responses to collective concerns, such as privacy protection. By providing an accessible, open platform for information exchange, CyberEx could help governments, businesses and individuals to better understand common threat patterns, identify preventative measures and minimise future attacks.

But you are only as strong as your weakest link, so CyberEx would also need to help developing countries improve their cyber infrastructure. For example, Professor Anderson’s MoD study concluded that significant numbers of “stranded traveller” scams and Advance Fee Frauds originate in West Africa, particularly Nigeria.

We are at the start of conversations with interested parties on the potential for CyberEx, so the details of how and where the exchange would be hosted are still to be worked out. The report’s recommendation is a starting point but it is an important one. It could move us closer to using an exchange platform to counter common but high-risk cyber threats. It is a conversation that must continue if we are to meet the challenges posed by increased societal dependence on information infrastructures.

Ian Brown receives funding from the UK Research Councils (currently EPSRC), the European Commission, and BT. He is on the advisory councils of the Open Rights Group, Privacy International and the Foundation for Information Policy Research.

This article was originally published at The Conversation. Read the original article.

The Conversation

We can't fight cyber-crime by ourselves. (Photo: Getty)
Getty
Show Hide image

Did your personality determine whether you voted for Brexit? Research suggests so

The Online Privacy Foundation found Leave voters were significantly more likely to be authoritarian and conscientious. 

"Before referendum day, I said the winners would be those who told the most convincing lies," Paul Flynn, a Labour MP, wrote in these pages. "Leave did." The idea that those who voted for Brexit were somehow manipulated is widely accepted by the Remain camp. The Leave campaign, so the argument goes, played on voters' fears and exploited their low numeracy. And new research from the Online Privacy Foundation suggests this argument may, in part at least, be right. 

Over the last 18 months the organisation have researched differences in personality traits, levels of authoritarianism, numeracy, thinking styles and cognitive biases between EU referendum voters. The organisation conducted a series of studies, capturing over 11,000 responses to self-report psychology questionnaires and controlled experiments, with the final results scheduled to be presented at the International Conference on Political Psychology in Copenhagen in October 2017.

The researchers questioned voters using the "Five Factor Model" which consists of five broad personality traits - Openness, Conscientiousness, Extraversion, Agreeableness and Neuroticism. They also considered the disposition of authoritarianism (it is not considered a personality trait). Authoritarians have a more black and white view of the world around them, are more concerned with the upkeep of established societal traditions and have a tendency to be less accepting of outsiders. 

So what did they uncover? Participants expressing an intent to vote to leave the EU reported significantly higher levels of authoritarianism and conscientiousness, and lower levels of openness and neuroticism than voters expressing an intent to vote to remain. (Conscientiousness is associated with dependability, dutifulness, focus and adherence to societal norms in contrast to disorganisation, carelessness and impulsivity.)

Immigration in particular seems to have affected voting. While authoritarians were much more likely to vote Leave to begin with, those who were less authoritarian became increasingly likely to vote Leave if they expressed high levels of concern over immigration. These findings chime with research by the Professors Marc Hetherington and Elizabeth Suhay, which found that Americans became susceptible to "authoritarian thinking" when they perceived a grave threat to their safety. 

Then there's what you might call the £350m question - did Leave voters know what they were voting for? When the Online Privacy Foundation researchers compared Leave voters with Remain voters, they displayed significantly lower levels of numeracy, reasoning and appeared more impulsive. In all three areas, older voters performed significantly worse than young voters intending to vote the same way.

Even when voters were able to interpret statistics, their ability to do so could be overcome by partisanship. In one striking study, when voters were asked to interpret statistics about whether a skin cream increases or decreases a rash, they were able to interpret them correctly roughly 57 per cent of the time. But when voters were asked to interpret the same set of statistics, but told they were about whether immigration increases or decreases crime, something disturbing happened. 

If the statistics didn't support a voter's view, their ability to correctly interpret the numbers dropped, in some cases, by almost a half. 

Before Remoaners start to crow, this study is not an affirmation that "I'm smart, you're dumb". Further research could be done, for example, on the role of age and education (young graduates were far more likely to vote Remain). But in the meantime, there is a question that needs to be answered - are political campaigners deliberately exploiting these personality traits? 

Chris Sumner, from the Online Privacy Foundation, warns that in the era of Big Data, clues about our personalities are collected online: "In the era of Big Data, these clues are aggregated, transformed and sold by a burgeoning industry."

Indeed, Cambridge Analytica, a data company associated with the political right in the UK and US, states on its website that it can "more effectively engage and persuade voters using specially tailored language and visual ad combinations crafted with insights gleaned from behavioral understandings of your electorate". It will do so through a "blend of big data analytics and behavioural psychology". 

"Given the differences observed between Leave and Remain voters, and irrespective of which campaign, it is reasonable to hypothesize that industrial-scale psychographic profiling would have been a highly effective strategy," Sumner says. By identifying voters with different personalities and attitudes, such campaigns could target "the most persuadable voters with messages most likely to influence their vote". Indeed, in research yet to be published, the Online Privacy Foundation targeted groups with differing attitudes to civil liberties based on psychographic indicators associated with authoritarianism. The findings, says Sumner, illustrate "the ease with which individuals' inherent differences could be exploited". 

Julia Rampen is the digital news editor of the New Statesman (previously editor of The Staggers, The New Statesman's online rolling politics blog). She has also been deputy editor at Mirror Money Online and has worked as a financial journalist for several trade magazines. 

0800 7318496