Cybersecurity experts at the World Economic Forum Annual Meeting have called for a “coalition of the willing” to embrace the Paris Call of 12 November 2018 for Trust and Security in Cyberspace (the Paris Call), a multistakeholder declaration that favours the development of common principles for securing cyberspace. The Paris Call, which has been signed by 64 states, more than 300 private-sector companies and over 150 NGOs and other civil society organizations, offers a framework for multilateral action on addressing the critical issue of cybersecurity in a time of increasingly prolific and sophisticated attacks by criminal organizations as well as nation states.
“It’s really about keeping the world safe,” said Bradford L. Smith, President and Chief Legal Officer of Microsoft. “The world depends on digital infrastructure, it depends on our devices, and they’re under attack every single day,” he said.
While noting that the Paris Call has been signed by all 28 members of the European Union and by all but one member of NATO, as well as other democratic states, including Australia, Japan, New Zealand, Singapore and South Korea, Smith singled out two holdouts: India and the United States. “The world’s biggest democracy needs to stand with the world’s other great democratic nations,” he said. “The world needs India.”
Smith attributed US reluctance to sign to the current American administration’s aversion to multilateralism, but warned, “Some of the most serious attacks are those against democracy itself. The most significant threat is to voting systems.”
Although he acknowledged the difficulty of assessing the actual impact of interference operations on the outcome of the 2016 US election, Smith said, “Let’s focus on what we do know. We do know that 30 million Americans have read intentional disinformation by governments, and they shared it, they liked it, and they believed it. It was done with the goal of disrupting democracy. It was not limited to the United States alone … Every single candidate running for the French presidency was attacked in some way. It is a problem, a threat to democracy, and needs to be addressed.”
Smith and other cybersecurity experts emphasized the importance of attribution but said that attribution itself is not enough. “I don’t think one can expect governments to change what they’re doing if there aren’t consequences,” he said.
Smith said that the responsibility for security begins with the tech companies themselves. “People can’t trust tech unless they have confidence in the companies that create the technology,” he said, noting that the Cambridge Analytica incident, in which Facebook user data was acquired illicitly by a now-defunct political data analytics company, was a turning point in public distrust of tech companies. “Tech companies and the sector as a whole need to address this, and they must start with acknowledging the scepticism,” he said. Action needs to be taken, he said. “The public has developed a keen ability to differentiate between words and deeds.”
He added, however, that “we shouldn’t look to the private sector alone to respond to what are essentially military grade cyberattacks. The private sector has not saved the nation from military attacks before.”
Business in Need of Cyber Rules
For more than 20 years, countries have been struggling to introduce a set of rules of conduct and liability requirements for digital space users. Progress in designing a code of cyber conduct is all the more relevant since digitalization is sweeping the planet at breakneck speed, creating new risks along with new opportunities. Businesses that are confronted with new challenges and threats in the digital space are putting forward their own initiatives, thereby pressing governments to speed up the process of adopting an international cyber code.
Why is the business community interested in setting rules in the cyber environment? There are many reasons for this.
Firstly, the quantity and quality of hacker attacks on the private sector increase every year. Hackers target any enterprises — whether they are small enterprises or technological giants. Attacked by the NotPetya virus, the world largest container carrier Maersk sustained $300 million damage and had to shell out nearly $1 billion for restoration. In total, according to Sberbank’s estimates, the damage to the global economy from hacker attacks in 2019 can reach about $2.5 trillion, and by 2022 — as much as $8–10 trillion.
Secondly, many technology-oriented companies, facing a lack of trust on the part of government agencies, experience severe difficulties in promoting their business projects abroad. At present, the UK, Norway, Poland, and other countries are involved in a debate about whether Huawei should be allowed to build fifth-generation mobile communication networks (5G). Huawei is suspected of stealing intellectual property and espionage. The US, Australia, New Zealand have introduced a ban on the use of 5G equipment from Huawei.
Not only Chinese companies face distrust. Google, Apple, Microsoft, Kaspersky Lab, and many others are often accused of illegally spying on people.
Thirdly, IT companies are forced to pay huge sums to protect their customers against hacker attacks and guarantee information security. Microsoft allocates more than $1 billion for this purpose yearly.
In the absence of a political solution to ensure international information security, private companies, which are keen to safeguard themselves and their customers, have chosen to conduct negotiations with each other on information security cooperation and are launching their own initiatives. Thus, coming into existence is a business information security track running parallel to the government.
In February 2017, Microsoft’s President Brad Smith launched the Digital Geneva Convention initiative. The Convention is expected to oblige governments not to take cyber attacks on private sector companies or the critical infrastructure of other states, and not to use hacker attacks to steal intellectual property.
Overall, the document formulates six basic principles of international cybersecurity:
- No targeting of tech companies, private sector, or critical infrastructure.
- Assist private sector efforts to detect, contain, respond to, and recover from events.
- Report vulnerabilities to vendors rather than to stockpile, sell, or exploit them.
- Exercise restraint in developing cyber weapons and ensure that any developed are limited, precise, and not reusable.
- Commit to non-proliferation activities to cyber weapons.
- Limit offensive operation to avoid a mass event.
However, while the Digital Geneva Convention is still on paper, 34 technology companies, including Microsoft, without waiting for decisions at the government level, signed the Cybersecurity Tech Accord in April 2018. Thus, the largest ever group of companies have become committed to protecting customers around the world from cybercriminals.
Cybersecurity Tech Accord members have called for a ban on any agreements on non-disclosure of vulnerabilities between governments and contractors, brokers, or cybersecurity experts; they also call for more funding for vulnerability detection and research.
Besides, signatories of the agreement have come up with a series of recommendations to strengthen confidence-building measures, which are based on the proposals of the UN and OSCE.
Such measures include:
-Develop shared positions and interpretations of key cybersecurity issues and concepts, which will facilitate productive dialogue and enhance mutual understanding of cyberspace and its characteristics.
-Encourage governments to develop and engage in dialogue around cyber warfare doctrines.
-Develop a list of facilities that are off-limits for cyber-attacks, such as nuclear power plants, air traffic control systems, banking sectors, and so forth.
-Establish mechanisms and channels of communication to respond to requests for assistance by another state whose critical infrastructure is subject to malicious ICT acts (organizing, i.e. tabletop exercises).
By now, Cybersecurity Tech Accord has been signed by 90 companies, including Microsoft, Facebook, Cisco, Panasonic, Dell, Hitachi, and others.
Another initiative was presented in 2018 by Siemens, which came up with the Charter of Trust. The Charter, which was signed by 16 companies, including IBM, AIRBUS, NXP, and Total, urges companies to set up strict rules and standards to foster trust in ICT and contribute to further development of digitalization.
Facebook has become part of the process too. In late March 2019, Mark Zuckerberg — the founder and CEO of Facebook — urged governments to become more actively involved in regulating the Internet. In particular, Zuckerberg spoke in favor of introducing new standards related to the Internet and social networks. These standards would come useful to guarantee the protection of personal data, prevent attempts to influence elections or disseminate unwanted information, and would assist in providing a solution to the problem of data portability.
Another initiative worth mentioning is the creation in 2014 of the Industrial Internet Consortium TM, IIC, which was founded on the initiative of AT & T, Cisco, GE, IBM, and Intel. This is a non-profit open-membership group that seeks to remove barriers between different technologies in order to maximize access to big data and promote the integration of physical and digital environment.
Some initiatives are coming from the Russian private sector. In particular, since 2017, Norilsk Nickel has been active on the international scene promoting the Information Security Charter of critical industrial facilities. The Charter’s main provisions include condemnation of the use of ICT for criminal, terrorist, military purposes; supporting efforts to create warning and detection systems, and assist in the aftermath of network attacks; and sharing best practices in information security.
In turn, Sberbank has launched an initiative to hold the world’s largest International Cybersecurity Congress. Last year, such a congress took place with the participation of 681 companies from 51 countries. The second such Congress is scheduled for this June. The Forum serves as an inter-sectoral platform that promotes global dialogue on the most pressing issues of ensuring information security in the context of globalization and digitalization.
Most business initiatives hinge on the fact that they all call for developing confidence-building measures and rules of conduct in the digital space. Besides, the business community welcomes the need to adjust international law to the new realities of the digital economy.
Private sector initiatives can perfectly be streamlined with initiatives put forward by countries within the framework of the UN. After all, by and large, governments pursue the same goals as business in this area. The use of ICT for peaceful purposes, confidence-building measures, the supply of information about vulnerabilities — all this is significant both for business and for most states.
Fortunately, the global discussion under the aegis of the UN on issues related to International Information Security is getting back on track after a pause of about one year. From now on, it will be attended by representatives of the private sector. According to the resolution (A/RES/73/27), the mandate of the future Open-Ended Working Group (OEWG) allows for the possibility of holding inter-session consultative meetings with representatives of businesses, non-governmental organizations and the scientific community to exchange opinions on issues within the group’s mandate. The first inter-sessional meeting with representatives of global business is scheduled for November 2019.
In conclusion, we would like to remark that the issue of information security is dynamic and for this reason, it can be adequately addressed only with the close cooperation of governments and technology companies, since it is the latter that keep pace with the development of technologies and are the drivers of the digital economy. Governments should keep a close eye on the initiatives of non-state actors and put the most useful proposals on the agenda of discussions at international forums. Moreover, once adopted and approved at the government level, these standards and regulations should have a legal force, rather than be recommendatory — this is the only way to guarantee the order in the cyber environment.
First published in our partner RIAC
Technology for Social Good in India
From using drones to plan water supply schemes in hard-to-reach locations, to deploying satellite imagery for enhancing land usage, or using mobile phones to track children’s health, technology is changing the way we live. The World Bank is supporting several interventions where new-age technology is being used for social good, giving a new tool to policymakers to improve governance and the quality of our lives
Making farmers resilient
Digital applications are helping farmers in Bihar and Madhya Pradesh make faster and better decisions on crop planning based on weather conditions, soil and other indicators
This $12.67-million Sustainable Livelihoods and Adaptation to Climate Change project that started in 2015 has so far empowered more than 8,000 farmers to adopt climate resilient practices.
Satellite images taken from a height of 900 km in Karnataka capture crucial data like land use as well as land cover, groundwater prospects, and soil characteristics. When this data is fused with rainfall patterns and literacy rates, it helps experts and communities to prioritize action plans such as those for soil and water conservation
Geographic information system (GIS) technology can also map nutrient deficiencies in the soil, which helps with crop planning.
The Karnataka Watershed Development Project, known locally as Sujala, covered over half a million hectares of land in seven predominantly rain-fed districts in Karnataka between 2001 and 2009 and was the first to deploy the use of satellite remote sensing and GIS mapping effectively over a large area.
Supplying Water in Challenging Terrain
Shimla city in Himachal Pradesh gets water once every two days for a few hours, while bulk water is pumped over 1,400 meters, creating a high cost of service
To tackle this, drones have been used to click high resolution images in high altitudes and challenging topography in World Bank’s Shimla Water Supply and Sewerage Service Delivery Reform Project. This, along with GIS technologies, has helped the state government prepare a 24×7 water supply model for the city that addresses issues such as pressure management, transmission and distribution networks, and identifying illegal connections.
All across India approximately 150,000 Anganwadi workers are using smartphones to track growth and nutrition in children. Photos of the hot lunch served to the children at health and nutrition centers, for example, can now easily be shared with block, district and state-level officials.
“It’s easier to work with mobiles than registers,” confessed an Anganwadi worker in Madhya Pradesh.
The World Bank has so far invested about $306 million in nutrition through the ICDS Systems Strengthening and Nutrition Improvement Project.
In Chhattisgarh, a mobile based application called Nutri-Click provides real time, need-based, one-on-one counseling on appropriate nutrition and care practices to pregnant women and caregivers and mothers of young children and their family members.
The program has so far helped over 4000 pregnant and lactating women
Digitizing Medical Records
Doctors in 36 public hospitals in Tamil Nadu can now access, collect and analyze critical health data for quick and timely interventions with the click of a button. The system also helps with retrieval of manual records as well as maintenance and management of medical equipment, making the entire process transparent and convenient.
The $110.3 million Tamil Nadu Health Systems Project was active in five Tamil Nadu districts. A second phase will now aim to cover another 222 hospitals across the remaining 25 state districts.
In 164 municipalities in Karnataka, property owners are now able to calculate their property taxes online; 10 million birth and death records are now online and searchable; and over 390,000 citizen complaints were lodged over 10 months—98 percent of which were redressed.
Through the Karnataka Municipal Reforms Project, municipal revenues have increased while interface between citizens and local administrations has vastly improved.
World Bank’s Vocational Training Improvement Project has helped digitize activities such as admissions, examination management, and certifications in Industrial Training Institutes (ITI) under the National Council of Vocational Training.
The portal provides detailed records from more than 13,000 public and private ITIs across the country, including data related to courses offered, admissions, examinations, placements, etc.
So far more than 150,000 e-certificates to past trainees have been issued, and over 2 million certified trainees have received online certificates, saving time and effort.
Innovative smartphone app to improve rainwater harvesting in Africa
It is now possible to calculate the amount of rainwater that can be harvested from the roof of houses thanks to a new smart phone app developed by UN Environment and the United Nations Educational, Scientific and Cultural Organization.
The app, a first of its kind, is based on actual meteorological data collected from weather stations across Africa. The data is specific to locations closest to the weather stations, which the app presents as the nearest city.
Promoting rainwater harvesting is becoming increasingly important to ensure greater water security. It offers an adaptation strategy to climate change, providing an opportunity to store rainwater under increasing conditions of high rainfall variability.
Rainwater harvesting can also improve livelihoods of women and children by reducing time spent on fetching water: women still spend 16 million hours a day collecting water in 25 sub-Saharan countries.
It can improve household sanitation and health with an improved drinking water source. Rainwater harvesting also contributes to food security, providing water during dry seasons for small-scale agriculture. Although not every single drop of rain can and should be harvested, rainwater is still an underutilized water source in Africa.
The lack of water is a real challenge across Africa. On average, a person needs eight glasses of water (2 liters) per day. According to the Vital Water Graphics report by UN Environment and GRID Arendal, “more than 2.8 billion people in 48 countries will face water stress or water scarcity conditions by 2025. An area is experiencing water stress when annual water supplies drop below 1700 m3 per person”.
In many such countries, rainwater can be harnessed easily for domestic and agricultural use. Harvested rainwater can also benefit the environment and ecosystem when used to enhance groundwater recharge and restore vegetative cover. The low cost of rainwater harvesting technologies can be a more attractive investment option in rural areas compared to investing in a main water supply system.
The new app demonstrates opportunities for rainwater harvesting. For example, a person in Turkana county in Kenya can enter her location (Kenya, Lodwar), the length and width of the roof of the house (in metres), the number of family members, and the quantity of water used per day. The app returns the estimated amount of rainwater that can be harvested, and the quantity of water for a family. It also proposes the size of the rainwater harvesting system as well as its estimated cost. Simple sketches showing rainwater systems and how to recharge groundwater are also included in the app. Rainwater harvesting systems can be easily constructed using appropriate technology and locally available materials.
Rainwater can be collected in relatively simple ways. Rainwater that falls in ditches, on rooftops or on other surface areas is collected in storage facilities, such as water tanks or ponds. This water is stored and used for domestic and agricultural purposes. There are also other ways of rainwater harvesting, such as storing it in the ground where it can be used as groundwater for human consumption or for nature.
Ann Kiria, chair of a young women’s group in Kajiado in Kenya said, “water harvesting has benefited our community where women have played a key role in constructing water tanks. With the knowledge we have acquired, building a water tank to harvest rainwater is no more out of reach”.
Currently the smart phone application is available for Android (Play Store) system for free. You can download it by searching for RWH Africa Interactive Tool.
A web version is also available at http://www.rainwaterharvesting.africa. An IOS (App Store) version will follow soon.
Business in Need of Cyber Rules
For more than 20 years, countries have been struggling to introduce a set of rules of conduct and liability requirements...
Suppressed OPCW Finding: War-Crime Likely Perpetrated by U.S. Against Syria on 14 April 2018
On May 13th, Tim Hayward of the Working Group on Syria made public on his website an utterly damning document...
World Bank Group Releases Little Data Book on Gender
The World Bank Group today released the Little Data Book on Gender 2019 to provide an easily accessible entry point...
Chinese purchases of Iranian oil raise tantalizing questions
A fully loaded Chinese oil tanker ploughing its way eastwards from two Iranian oil terminals raises questions of how far...
Governance reform could see African economies benefit to tune of £23bn
The latest edition of PwC’s bimonthly Global Economy Watch has found that African economies could receive a windfall of £23bn...
Marriott International Debuts JW Marriott Hotel in Qufu, Birthplace of Confucius
JW Marriott announced the opening of the new JW Marriott Hotel Qufu in Shandong province, China. Owned by Shandong Luneng,...
The Iran Question
Will there be war with Iran? Will there not be war with Iran? The questions are being asked repeatedly in...
East Asia2 days ago
US-China Global Rivalry and BRI
Tech News2 days ago
We need to lead technology, not let technology lead us
Americas2 days ago
America’s Deep-seated and Almost Universal Bigotry
Europe2 days ago
Any signs of a chill between France and Germany?
South Asia3 days ago
RSS: Grim Reality under the Secular Veil of India
Eastern Europe3 days ago
Quality of Life in Latvia is not a priority
Russia2 days ago
It Is Crucial to Watch Changes among the Russian Elites
EU Politics2 days ago
EU and Tunisia work to strengthen their Privileged Partnership