March 23, 2008

No Bullets Involved Part 2

I promise that this is going to be my last post in what has turned into “Digital Security Week” here at humanitarian.info. A lot of my thoughts on this have been brewing since the the cyber-assault on Estonia last year, which at least had the positive effect of bringing the issue to a much wider audience than ever before.

This is the flip-side of e-governance - increased government reliance on the internet creates more opportunities for abuse. However Estonia has learnt from its experiences, with the result that it’s now a far more difficult target for cyber-attacks, as well as successfully prosecuting at least one of the perpetrators.

Although the attack has not been tied to any specific institutions, suspicions that the Russian government may have been involved have persisted, which raises a critical question, posed at its simplest by a BBC report on digital Estonia:

As a member of NATO, a military attack on Estonia would be treated as an attack on all NATO states. So, how about a cyber-attack that cripples its information infra-structure for weeks?

If the Kosovo war were to happen today, I have no doubt that NATO and the UN would be subject to similar attacks, whether organised by another government or not. I wrote yesterday about the experience of the Save Darfur campaign, and with the recent unrest in Tibet, a number of Tibetan NGOs are reporting malicious emails with attachments that target client side vulnerabilities.

At the moment, most of our organisations are not vulnerable in the same way that Estonia was - I doubt most people working in the field would even notice if their organisation’s website went down. (Advocacy organisations who rely on the web for their organisational presence are far more exposed.) However our servers can still be overwhelmed, leading to the failure of key finance, admin, communication and logistics functions; and we grow more dependent on the internet for these functions every day.

The best time to address these issues is now - before they become problems. The humanitarian community needs to make sure that digital security receives the same attention as physical security, addressing skill gaps in our staffing at headquarters and the field, and making sure that our technology adoption prioritises security as a critical factor.

We haven’t even begun to discuss more basic aspects of digital security, such as encrypted communications or secure storage. Maybe Digital Security Week should turn into Digital Security Month…

Hat tip on the Tibet story: NGO Security.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Filed under Emergency Telecommunications, Security, Web by Paul Currion

Permalink Print Comment

Comments on No Bullets Involved Part 2 »

March 24, 2008

Janet O'Callaghan @ 2:54 am

Interesting series of blogs. I am currently working on data preparedness and the thought was to use wikis and geo-network to make the information as open as legally possible so that those who need the information can have easy access.
But you make a good point for making secure backups, on the low tech side dvds backups stored in a firesafe box would work.

I still think that using the currently available tech tools is an excellent way to give those involved in emergency response access to critical information.

However, those of us in emergency IM need to remember that just a few years ago a wall map and index cards were relatively effective and to not become overly reliant on technology. We need to keep reminding ourselves that technology, although very cool, is just a tool and a potentially vulnerable tool at that.

Reply
March 25, 2008

Paul Currion @ 9:06 pm

Janet - there’s an interesting tension between using an open approach to data management and ensuring data security. I envisage our shapefiles magically changing boundaries overnight… but I think that access and version control are compatible with an open approach. The real question in that context is cost, maybe - the need to have somebody actively monitoring and managing the resources.

And based on the fun we had in Bangladesh, a wall map is still very effective…

Reply
(Pingback)

humanitarian.info » Pass the security cube (a.k.a. No bullets Involved Part 3) @ 10:58 pm

[…] 25, 2008Pass the security cube (a.k.a. No bullets Involved Part 3) Earlier this week, Paul noted that computer network attacks could have an impact on future relief efforts. In the early days of […]

Reply

Leave a Comment

Made with WordPress and the Semiologic theme and CMS • Boxed skin by Denis de Bernardy