Nations can no longer afford to go it alone on cyber-security

Cyber-crime knows know borders, so nor should our defences.

Senior representatives from more than 90 governments met in Seoul recently to discuss cyber-space, including cyber-security and cyber-crime. It was the third in a series of international conferences that has followed a push from the UK government to bring a more international perspective to discussions about how to keep cyber-space open while addressing threats.

Cyber-crime does not operate in a world confined by national borders so an international response is our only option. We need to cooperate to protect devices and information infrastructures from malicious entities seeking to steal secrets, deny access to critical services and exploit our identities to commit crimes.

Vulnerable businesses
There is much work to be done. Weaknesses in infrastructures, policy and operations leave us vulnerable and threats to businesses and individuals are frequent and damaging. For example, a sophisticated malicious software recently infected a PC at a small British bakery, then managed to bypass all of the business’s online banking security software and steal £20,000. There is no end to the news of malware, viruses and spam that affect online accounts and home computers.

Recent research indicates that four in five of the UK’s largest quoted companies are unprepared for cyber attacks. The widely reported threats to systems within finance and banking are an uneasy reminder of our vulnerability – and a key priority of the Bank of England and other financial regulators. Even those companies that you might expect to see outsmarting cyber-criminals are not immune. Just a few weeks ago software company Adobe admitted that its system had been hacked and that data from nearly 3 million customers had been stolen. Now there are reports of ransomware attacks across companies in East London’s hi-tech cluster of businesses.

Currently, too many decisions relating to cyber-security rely on inadequate evidence, inconsistent data, deficient reporting and varying rules across networks and systems. This inconsistency on data is apparent in UK government. Two years ago the UK Cabinet Office published a study by Detica, which estimated that cyber-crime costs the UK economy £27bn per year. It gave a breakdown by business sector and type of crime. This type of data is critical for governments, businesses and technology companies to plan appropriate security responses. However, a 2012 study undertaken by Professor Ross Anderson and colleagues for the Ministry of Defence calculated that a more realistic estimate would be closer to £12bn, distributed in significantly different ways to the Detica claims. This would suggest a different pattern of appropriate responses.

Defence beyond borders
A report to which I contributed, Now for the Long Term calls for the creation of an information exchange - CyberEx - to start tackling these issues. It could be funded by governments and businesses with an interest in collecting and analysing data on cyber-attacks to inform their own decisions about cyber-security. Each could share their own information and coordinate with others on responses to international threats. CyberEx could identify weaknesses in the global system, flag up suspicious Internet traffic and malicious software and help countries and businesses develop technical standards for their cyber-security efforts.

It could seek to minimise common vulnerabilities that enable the theft of sensitive information and the distribution of spam through systems, and work closely with international and domestic agencies to prevent common system attacks. The platform could also provide a useful mechanism for stakeholders to work together on responses to collective concerns, such as privacy protection. By providing an accessible, open platform for information exchange, CyberEx could help governments, businesses and individuals to better understand common threat patterns, identify preventative measures and minimise future attacks.

But you are only as strong as your weakest link, so CyberEx would also need to help developing countries improve their cyber infrastructure. For example, Professor Anderson’s MoD study concluded that significant numbers of “stranded traveller” scams and Advance Fee Frauds originate in West Africa, particularly Nigeria.

We are at the start of conversations with interested parties on the potential for CyberEx, so the details of how and where the exchange would be hosted are still to be worked out. The report’s recommendation is a starting point but it is an important one. It could move us closer to using an exchange platform to counter common but high-risk cyber threats. It is a conversation that must continue if we are to meet the challenges posed by increased societal dependence on information infrastructures.

Ian Brown receives funding from the UK Research Councils (currently EPSRC), the European Commission, and BT. He is on the advisory councils of the Open Rights Group, Privacy International and the Foundation for Information Policy Research.

This article was originally published at The Conversation. Read the original article.

The Conversation

We can't fight cyber-crime by ourselves. (Photo: Getty)
Collage by New Statesman
Show Hide image

Clickbaiting terror: what it’s like to write viral news after a tragedy

Does the viral news cycle callously capitalise on terrorism, or is it allowing a different audience to access important news and facts?

On a normal day, Alex* will write anywhere between five to ten articles. As a content creator for a large viral news site, they [Alex is speaking under the condition of strict anonymity, meaning their gender will remain unidentified] will churn out multiple 500-word stories on adorable animals, optical illusions, and sex. “People always want to read about sexuality, numbers of sexual partners, porn habits and orgasms,” says Alex. “What is important is making the content easily-digestible and engaging.”

Alex is so proficient at knowing which articles will perform well that they frequently “seek stories that fit a certain template”. Though the word “clickbait” conjures up images of cute cat capers, Alex says political stories that “pander to prejudices” generate a large number of page views for the site. Many viral writers know how to tap into such stories so their takes are shared widely – which explains the remarkably similar headlines atop many internet articles. “This will restore your faith in humanity,” could be one; “This one weird trick will change your life…” another. The most cliché example of this is now so widely mocked that it has fallen out of favour:

You’ll never believe what happened next.

When the world stops because of a tragedy, viral newsrooms don’t. After a terrorist attack such as this week’s Manchester Arena bombing, internet media sites do away with their usual stories. One day, their homepages will be filled with traditional clickbait (“Mum Sickened After Discovery Inside Her Daughter’s Easter Egg”, “This Man’s Blackhead Removal Technique Is A Complete And Utter Gamechanger”) and the next, their clickbait has taken a remarkably more tragic tone (“New Footage Shows Moment Explosion Took Place Inside Manchester Arena”, “Nicki Minaj, Rihanna, Bruno Mars and More React to the Manchester Bombing”).

“When a terrorist event occurs, there’s an initial vacuum for viral news,” explains Alex. Instead of getting reporters on the scene or ringing press officers like a traditional newsroom, Alex says viral news is “conversation-driven” – meaning much of it regurgitates what is said on social media. This can lead to false stories spreading. On Tuesday, multiple viral outlets reported – based on Facebook posts and tweets – that over 50 accompanied children had been led to a nearby Holiday Inn. When BuzzFeed attempted to verify this, a spokesperson for the hotel chain denied the claim.

Yet BuzzFeed is the perfect proof that viral news and serious news can coexist under the same roof. Originally famed for its clickable content, the website is now home to a serious and prominent team of investigative journalists. Yet the site has different journalists on different beats, so that someone writes about politics and someone else about lifestyle or food.

Other organisations have a different approach. Sam* works at another large viral site (not Buzzfeed) where they are responsible for writing across topics; they explains how this works:  

“One minute you're doing something about a tweet a footballer did, the next it's the trailer for a new movie, and then bam, there's a general election being called and you have to jump on it,” they say.

Yet Sam is confident that they cover tragedy correctly. Though they feel viral news previously used to disingenuously “profiteer” off terrorism with loosely related image posts, they say their current outlet works hard to cover tragic news. “It’s not a race to generate traffic,” they say, “We won't post content that we think would generate traffic while people are grieving and in a state of shock, and we're not going to clickbait the headlines to try and manipulate it into that for obvious reasons.”

Sam goes as far as to say that their viral site in fact has higher editorial standards than “some of the big papers”. Those who might find themselves disturbed to see today’s explosions alongside yesterday’s cats will do well to remember that “traditional” journalists do not always have a great reputation for covering tragedy.

At 12pm on Tuesday, Daniel Hett tweeted that over 50 journalists had contacted him since he had posted on the site that his brother, Martyn, was missing after the Manchester attack. Hett claimed two journalists had found his personal mobile phone number, and he uploaded an image of a note a Telegraph reporter had posted through his letterbox. “This cunt found my house. I still don't know if my brother is alive,” read the accompanying caption. Tragically it turned out that Martyn was among the bomber's victims.

Long-established newspapers and magazines can clearly behave just as poorly as any newly formed media company. But although they might not always follow the rules, traditional newspapers do have them. Many writers for viral news sites have no formal ethical or journalistic training, with little guidance provided by their companies, which can cause problems when tragic news breaks.

It remains to be seen whether self-policing will be enough. Though false news has been spread, many of this week’s terror-focused viral news stories do shed light on missing people or raise awareness of how people can donate blood. Many viral news sites also have gigantic Facebook followings that far outstrip those of daily newspapers – meaning they can reach more people. In this way, Sam feels their work is important. Alex, however, is less optimistic.

“My personal view is that viral news does very little to inform people at times like this and that trending reporters probably end up feeling very small about their jobs,” says Alex. “You feel limited by the scope of your flippant style and by what the public is interested in.

“You can end up feeding the most divisive impulses of an angry public if you aren’t careful about what conversations you’re prompting. People switch onto the news around events like this and traffic rises, but ironically it’s probably when trending reporters go most into their shells and into well-worn story formats. It’s not really our time or place, and to try and make it so feels childish.”

Amelia Tait is a technology and digital culture writer at the New Statesman.

0800 7318496