Nations can no longer afford to go it alone on cyber-security

Cyber-crime knows know borders, so nor should our defences.

Senior representatives from more than 90 governments met in Seoul recently to discuss cyber-space, including cyber-security and cyber-crime. It was the third in a series of international conferences that has followed a push from the UK government to bring a more international perspective to discussions about how to keep cyber-space open while addressing threats.

Cyber-crime does not operate in a world confined by national borders so an international response is our only option. We need to cooperate to protect devices and information infrastructures from malicious entities seeking to steal secrets, deny access to critical services and exploit our identities to commit crimes.

Vulnerable businesses
There is much work to be done. Weaknesses in infrastructures, policy and operations leave us vulnerable and threats to businesses and individuals are frequent and damaging. For example, a sophisticated malicious software recently infected a PC at a small British bakery, then managed to bypass all of the business’s online banking security software and steal £20,000. There is no end to the news of malware, viruses and spam that affect online accounts and home computers.

Recent research indicates that four in five of the UK’s largest quoted companies are unprepared for cyber attacks. The widely reported threats to systems within finance and banking are an uneasy reminder of our vulnerability – and a key priority of the Bank of England and other financial regulators. Even those companies that you might expect to see outsmarting cyber-criminals are not immune. Just a few weeks ago software company Adobe admitted that its system had been hacked and that data from nearly 3 million customers had been stolen. Now there are reports of ransomware attacks across companies in East London’s hi-tech cluster of businesses.

Currently, too many decisions relating to cyber-security rely on inadequate evidence, inconsistent data, deficient reporting and varying rules across networks and systems. This inconsistency on data is apparent in UK government. Two years ago the UK Cabinet Office published a study by Detica, which estimated that cyber-crime costs the UK economy £27bn per year. It gave a breakdown by business sector and type of crime. This type of data is critical for governments, businesses and technology companies to plan appropriate security responses. However, a 2012 study undertaken by Professor Ross Anderson and colleagues for the Ministry of Defence calculated that a more realistic estimate would be closer to £12bn, distributed in significantly different ways to the Detica claims. This would suggest a different pattern of appropriate responses.

Defence beyond borders
A report to which I contributed, Now for the Long Term calls for the creation of an information exchange - CyberEx - to start tackling these issues. It could be funded by governments and businesses with an interest in collecting and analysing data on cyber-attacks to inform their own decisions about cyber-security. Each could share their own information and coordinate with others on responses to international threats. CyberEx could identify weaknesses in the global system, flag up suspicious Internet traffic and malicious software and help countries and businesses develop technical standards for their cyber-security efforts.

It could seek to minimise common vulnerabilities that enable the theft of sensitive information and the distribution of spam through systems, and work closely with international and domestic agencies to prevent common system attacks. The platform could also provide a useful mechanism for stakeholders to work together on responses to collective concerns, such as privacy protection. By providing an accessible, open platform for information exchange, CyberEx could help governments, businesses and individuals to better understand common threat patterns, identify preventative measures and minimise future attacks.

But you are only as strong as your weakest link, so CyberEx would also need to help developing countries improve their cyber infrastructure. For example, Professor Anderson’s MoD study concluded that significant numbers of “stranded traveller” scams and Advance Fee Frauds originate in West Africa, particularly Nigeria.

We are at the start of conversations with interested parties on the potential for CyberEx, so the details of how and where the exchange would be hosted are still to be worked out. The report’s recommendation is a starting point but it is an important one. It could move us closer to using an exchange platform to counter common but high-risk cyber threats. It is a conversation that must continue if we are to meet the challenges posed by increased societal dependence on information infrastructures.

Ian Brown receives funding from the UK Research Councils (currently EPSRC), the European Commission, and BT. He is on the advisory councils of the Open Rights Group, Privacy International and the Foundation for Information Policy Research.

This article was originally published at The Conversation. Read the original article.

The Conversation

We can't fight cyber-crime by ourselves. (Photo: Getty)
Getty
Show Hide image

From Darwin to Damore - the ancient art of using "science" to mask prejudice

Charles Darwin, working at a time when women had little legal rights, declared “woman is a kind of adult child”.

“In addition to the Left’s affinity for those it sees as weak, humans are generally biased towards protecting females,” wrote James Damore, in his now infamous anti-diversity Google memo. “As mentioned before, this likely evolved because males are biologically disposable and because women are generally more co-operative and agreeable than men.” Since the memo was published, hordes of women have come forward to say that views like these – where individuals justify bias on the basis of science – are not uncommon in their traditionally male-dominated fields. Damore’s controversial screed set off discussions about the age old debate: do biological differences justify discrimination?  

Modern science developed in a society which assumed that man was superior over women. Charles Darwin, the father of modern evolutionary biology, who died before women got the right to vote, argued that young children of both genders resembled adult women more than they did adult men; as a result, “woman is a kind of adult child”.

Racial inequality wasn’t immune from this kind of theorising either. As fields such as psychology and genetics developed a greater understanding about the fundamental building blocks of humanity, many prominent researchers such as Francis Galton, Darwin’s cousin, argued that there were biological differences between races which explained the ability of the European race to prosper and gather wealth, while other races fell far behind. The same kind of reasoning fuelled the Nazi eugenics and continues to fuel the alt-right in their many guises today.

Once scorned as blasphemy, today "science" is approached by many non-practitioners with a cult-like reverence. Attributing the differences between races and gender to scientific research carries the allure of empiricism. Opponents of "diversity" would have you believe that scientific research validates racism and sexism, even though one's bleeding heart might wish otherwise. 

The problem is that current scientific research just doesn’t agree. Some branches of science, such as physics, are concerned with irrefutable laws of nature. But the reality, as evidenced by the growing convergence of social sciences like sociology, and life sciences, such as biology, is that science as a whole will, and should change. The research coming out of fields like genetics and psychology paint an increasingly complex picture of humanity. Saying (and proving) that gravity exists isn't factually equivalent to saying, and trying to prove, that women are somehow less capable at their jobs because of presumed inherent traits like submissiveness. 

When it comes to matters of race, the argument against racial realism, as it’s often referred to, is unequivocal. A study in 2002, authored by Neil Risch and others, built on the work of the Human Genome Project to examine the long standing and popular myth of seven distinct races. Researchers found that  “62 per cent of Ethiopians belong to the same cluster as Norwegians, together with 21 per cent of the Afro-Caribbeans, and the ethnic label ‘Asian’ inaccurately describes Chinese and Papuans who were placed almost entirely in separate clusters.” All that means is that white supremacists are wrong, and always have been.

Even the researcher Damore cites in his memo, Bradley Schmitt of Bradley University in Illinois, doesn’t agree with Damore’s conclusions.  Schmitt pointed out, in correspondence with Wired, that biological difference only accounts for about 10 per cent of the variance between men and women in what Damore characterises as female traits, such as neuroticism. In addition, nebulous traits such as being “people-oriented” are difficult to define and have led to wildly contradictory research from people who are experts in the fields. Suggesting that women are bad engineers because they’re neurotic is not only mildly ridiculous, but even unsubstantiated by Damore’s own research.  As many have done before him, Damore couched his own worldview - and what he was trying to convince others of - in the language of rationalism, but ultimately didn't pay attention to the facts.

And, even if you did buy into Damore's memo, a true scientist would retort - so what? It's a fallacy to argue that just because a certain state of affairs prevails, that that is the way that it ought to be. If that was the case, why does humanity march on in the direction of technological and industrial progress?

Humans weren’t meant to travel large distances, or we would possess the ability to do so intrinsically. Boats, cars, airplanes, trains, according to the Damore mindset, would be a perversion of nature. As a species, we consider overcoming biology to be a sign of success. 

Of course, the damage done by these kinds of views is not only that they’re hard to counteract, but that they have real consequences. Throughout history, appeals to the supposed rationalism of scientific research have justified moral atrocities such as ethnic sterilisation, apartheid, the creation of the slave trade, and state-sanctioned genocide.

If those in positions of power genuinely think that black and Hispanic communities are genetically predisposed to crime and murder, they’re very unlikely to invest in education, housing and community centres for those groups. Cycles of poverty then continue, and the myth, dressed up in pseudo-science, is entrenched. 

Damore and those like him will certainly maintain that the evidence for gender differences are on their side. Since he was fired from Google, Damore has become somewhat of an icon to some parts of society, giving interviews to right-wing Youtubers and posing in a dubious shirt parodying the Google logo (it now says Goolag). Never mind that Damore’s beloved science has already proved them wrong.