Proposal - Five concerns and five solutions for cybersecurity

Internet security doesn’t just touch on government, big business and law enforcers. It is an increasingly important concern for the average personal technology user, many of whom have little understanding of the issues and even less knowledge of the technical solutions. They just want to know that if they follow a few simple ground rules, they will be safe.

I would highlight five particular areas of concern that require appropriate solutions:

Data protection and privacy

On the web, personal information can be as valuable a currency as cash. Citizen’s attitudes towards the privacy of their personal information are evolving and as a result unwittingly making the challenge greater. Increasingly, the definition of privacy is changing. Where once privacy meant not revealing information unless to a trusted third party, in the social media world information is willingly shared, but privacy concerns relate to how that information is used once shared. Sites like Facebook and Google have fallen foul of users who resent their data being used in ways they did not anticipate or agree to – but who don’t mind the fact that those sites know the information itself.

What is the solution?

Without greater openness and collaboration between major online providers, privacy regulation is likely to follow. At the very least, repositories of personal information need to be proactively open about their policies and show greater respect to their users through clear signposting and feedback.

Better software

Much cybercrime relies on the fact software is bug-ridden or contains flaws in its design. An entire sector of the IT industry has been created off the back of security holes in Microsoft products, for example. There is a clear need and opportunity for greater industry co-operation, standardisation and testing of software products to reduce the opportunity for hackers. Too much consumer software is already being produced without consideration for security – the emergence of early viruses based around iPhone apps is a perfect example of this.

What is the solution?

Greater industry co-operation is essential. Various groups already exist, and some suppliers are teaming up to collaborate on software security, but it remains a patchwork of possible solutions. While nobody needs greater layers of bureaucracy, standards bodies should take a greater co-ordinating role to ensure a common approach across the IT industry.

Cyber peace

There is no Geneva Convention for the internet. We have already seen examples of alleged international cyber attacks, such as that on Estonia, and UK security services warning businesses of rampant cyber espionage originating in the Far East. We all know that, at some level, everybody is prying and spying on everybody else’s cyber presence. Many experts see a future cyber war to be inevitable – so why don’t we try to prevent it before it happens?

What is the solution?

International Telecommunications Union secretary general Hamadoun Toure recently proposed the agreement of an international cyber peace treaty whereby signatories would agree that their infrastructure would not be used, or allow it to be used, for cyber attacks. This proposal requires discussion at the highest forums.

Rogue states

On the internet, a rogue state is not defined by its weapons or politics but by its laws and regulations. Without a common base level of data protection and computer misuse legislation, there will always be territories that provide a safe haven for cyber criminals and hackers.

What is the solution?

Rogue states must be identified, targeted politically and persuaded to sign up to international norms on cyber crime. Involvement in key global trade bodies should be dependent on an acceptance of such regulation.

Protecting the little guy

Organised cyber criminals have realised that it is easier to steal $1 from a million people, than to steal $1m from one person. But in many cases, the response from law enforcement does not reflect the problem. One person complaining to the police about losing $100 through cyber crime, or the theft of personal identity information, is rarely sufficient to elicit a response. In the UK, for example, police have delegated responsibility for small-scale cyber crime reporting to the banks. How well are co-ordinated attacks spotted? Are trends and patterns sufficiently analysed? If one person loses $1m, the police response would be broad and well co-ordinated. If a cyber crook made a million from a million individuals, would they ever be caught?

What is the solution?

Banks and law enforcers need to co-ordinate better, and reporting of crimes by individuals affected needs to be simpler and better policed. Too many individuals don’t bother because they don’t believe they will be helped. Perhaps social media techniques could be used to “crowdsource” reports of theft or fraud? But in general, there needs to be a better relationship between individual and law enforcement to ensure adequate protection and detection of organised, widespread but individually low-level cyber crime.