Connect with us

Science & Technology

Business in Need of Cyber Rules

Anastasia Tolstukhina

Published

on

For more than 20 years, countries have been struggling to introduce a set of rules of conduct and liability requirements for digital space users. Progress in designing a code of cyber conduct is all the more relevant since digitalization is sweeping the planet at breakneck speed, creating new risks along with new opportunities. Businesses that are confronted with new challenges and threats in the digital space are putting forward their own initiatives, thereby pressing governments to speed up the process of adopting an international cyber code.

Why is the business community interested in setting rules in the cyber environment? There are many reasons for this.

Firstly, the quantity and quality of hacker attacks on the private sector increase every year. Hackers target any enterprises — whether they are small enterprises or technological giants. Attacked by the NotPetya virus, the world largest container carrier Maersk sustained $300 million damage and had to shell out nearly $1 billion for restoration. In total, according to Sberbank’s estimates, the damage to the global economy from hacker attacks in 2019 can reach about $2.5 trillion, and by 2022 — as much as $8–10 trillion.

Secondly, many technology-oriented companies, facing a lack of trust on the part of government agencies, experience severe difficulties in promoting their business projects abroad. At present, the UK, Norway, Poland, and other countries are involved in a debate about whether Huawei should be allowed to build fifth-generation mobile communication networks (5G). Huawei is suspected of stealing intellectual property and espionage. The US, Australia, New Zealand have introduced a ban on the use of 5G equipment from Huawei.

Not only Chinese companies face distrust. Google, Apple, Microsoft, Kaspersky Lab, and many others are often accused of illegally spying on people.

Thirdly, IT companies are forced to pay huge sums to protect their customers against hacker attacks and guarantee information security. Microsoft allocates more than $1 billion for this purpose yearly.

In the absence of a political solution to ensure international information security, private companies, which are keen to safeguard themselves and their customers, have chosen to conduct negotiations with each other on information security cooperation and are launching their own initiatives. Thus, coming into existence is a business information security track running parallel to the government.

In February 2017, Microsoft’s President Brad Smith launched the Digital Geneva Convention initiative. The Convention is expected to oblige governments not to take cyber attacks on private sector companies or the critical infrastructure of other states, and not to use hacker attacks to steal intellectual property.

Overall, the document formulates six basic principles of international cybersecurity:

  1. No targeting of tech companies, private sector, or critical infrastructure.
  2. Assist private sector efforts to detect, contain, respond to, and recover from events.
  3. Report vulnerabilities to vendors rather than to stockpile, sell, or exploit them.
  4. Exercise restraint in developing cyber weapons and ensure that any developed are limited, precise, and not reusable.
  5. Commit to non-proliferation activities to cyber weapons.
  6. Limit offensive operation to avoid a mass event.

However, while the Digital Geneva Convention is still on paper, 34 technology companies, including Microsoft, without waiting for decisions at the government level, signed the Cybersecurity Tech Accord in April 2018. Thus, the largest ever group of companies have become committed to protecting customers around the world from cybercriminals.

Cybersecurity Tech Accord members have called for a ban on any agreements on non-disclosure of vulnerabilities between governments and contractors, brokers, or cybersecurity experts; they also call for more funding for vulnerability detection and research.

Besides, signatories of the agreement have come up with a series of recommendations to strengthen confidence-building measures, which are based on the proposals of the UN and OSCE.

Such measures include:

-Develop shared positions and interpretations of key cybersecurity issues and concepts, which will facilitate productive dialogue and enhance mutual understanding of cyberspace and its characteristics.

-Encourage governments to develop and engage in dialogue around cyber warfare doctrines.

-Develop a list of facilities that are off-limits for cyber-attacks, such as nuclear power plants, air traffic control systems, banking sectors, and so forth.

-Establish mechanisms and channels of communication to respond to requests for assistance by another state whose critical infrastructure is subject to malicious ICT acts (organizing, i.e. tabletop exercises).

By now, Cybersecurity Tech Accord has been signed by 90 companies, including Microsoft, Facebook, Cisco, Panasonic, Dell, Hitachi, and others.

Another initiative was presented in 2018 by Siemens, which came up with the Charter of Trust. The Charter, which was signed by 16 companies, including IBM, AIRBUS, NXP, and Total, urges companies to set up strict rules and standards to foster trust in ICT and contribute to further development of digitalization.

Facebook has become part of the process too. In late March 2019, Mark Zuckerberg — the founder and CEO of Facebook — urged governments to become more actively involved in regulating the Internet. In particular, Zuckerberg spoke in favor of introducing new standards related to the Internet and social networks. These standards would come useful to guarantee the protection of personal data, prevent attempts to influence elections or disseminate unwanted information, and would assist in providing a solution to the problem of data portability.

Another initiative worth mentioning is the creation in 2014 of the Industrial Internet Consortium TM, IIC, which was founded on the initiative of AT & T, Cisco, GE, IBM, and Intel. This is a non-profit open-membership group that seeks to remove barriers between different technologies in order to maximize access to big data and promote the integration of physical and digital environment.

Some initiatives are coming from the Russian private sector. In particular, since 2017, Norilsk Nickel has been active on the international scene promoting the Information Security Charter of critical industrial facilities. The Charter’s main provisions include condemnation of the use of ICT for criminal, terrorist, military purposes; supporting efforts to create warning and detection systems, and assist in the aftermath of network attacks; and sharing best practices in information security.

In turn, Sberbank has launched an initiative to hold the world’s largest International Cybersecurity Congress. Last year, such a congress took place with the participation of 681 companies from 51 countries. The second such Congress is scheduled for this June. The Forum serves as an inter-sectoral platform that promotes global dialogue on the most pressing issues of ensuring information security in the context of globalization and digitalization.

Most business initiatives hinge on the fact that they all call for developing confidence-building measures and rules of conduct in the digital space. Besides, the business community welcomes the need to adjust international law to the new realities of the digital economy.

Private sector initiatives can perfectly be streamlined with initiatives put forward by countries within the framework of the UN. After all, by and large, governments pursue the same goals as business in this area. The use of ICT for peaceful purposes, confidence-building measures, the supply of information about vulnerabilities — all this is significant both for business and for most states.

Fortunately, the global discussion under the aegis of the UN on issues related to International Information Security is getting back on track after a pause of about one year. From now on, it will be attended by representatives of the private sector. According to the resolution (A/RES/73/27), the mandate of the future Open-Ended Working Group (OEWG) allows for the possibility of holding inter-session consultative meetings with representatives of businesses, non-governmental organizations and the scientific community to exchange opinions on issues within the group’s mandate. The first inter-sessional meeting with representatives of global business is scheduled for November 2019.

In conclusion, we would like to remark that the issue of information security is dynamic and for this reason, it can be adequately addressed only with the close cooperation of governments and technology companies, since it is the latter that keep pace with the development of technologies and are the drivers of the digital economy. Governments should keep a close eye on the initiatives of non-state actors and put the most useful proposals on the agenda of discussions at international forums. Moreover, once adopted and approved at the government level, these standards and regulations should have a legal force, rather than be recommendatory — this is the only way to guarantee the order in the cyber environment.

First published in our partner RIAC

Continue Reading
Comments

Science & Technology

Five New Technologies that Can Prevent Everything from Fraud to Future Financial Shocks

MD Staff

Published

on

A new white paper, The Next Generation of Data Sharing in Financial Services, from the World Economic Forum has identified new technologies that banks and other financial institutions can implement for privacy-protected data-sharing between institutions. This data-sharing will enable broad analysis, which can be used to identify industry-wide risks and could even prevent future financial shocks.

Beyond system-wide benefits, these newly identified technologies, coined “privacy-enhancing techniques” can also use improved data-sharing to prevent fraud, offer financial advice, and much more. Privacy-enhancing techniques lessen the tensions underlying data-sharing. Instead of threatening customer privacy, this new wave of technology not only protects it but also enhances industry collaboration.

These five technologies include:

While new and novel for use in financial services, these technologies have existed within laboratories for years and are now ready for use in the real world of banking and other financial services. If harnessed, these tools could usher in a new, more collaborative, era of the sector on matters related to risk and product development.

“With advancing privacy-enhancing technologies, financial services have the ability to work more closely together on a range of important challenges and opportunities, from combating illicit financial transactions to identifying material risk exposures across institutions, to developing more personalized financial advice and products,” says Matthew Blake, Head of Financial and Monetary System Initiatives, World Economic Forum. “Privacy-enhancing techniques open a range of possibilities for enhanced risk management and financial innovation with benefits for customers, regulators and financial institutions alike.”

These technologies, used separately or in conjunction, greatly reduce the risks associated with data sharing and have the potential to fundamentally redefine the dynamics of data sharing in financial services. Opportunities from these technologies include the ability to:

· Better detect and prevent fraudulent activity: Federated analysis could be used to create shared fraud detection and prevention models across institutions without sharing the personally sensitive information about specific customers

· Identify system-wide risks and prevent financial crises: Secure multi-party computation could be used to conduct aggregate analysis on financial institutions’ risk exposures without breaching their institutional competitive secrets, allowing for an advance warning on systemic risks and exposures such as those that led to the 2008 financial crisis

· Enable new forms of personalized digital advice: Leveraging differential privacy in the analysis of transactions across an institution’s customer base could enable sophisticated and specific “people like you” recommendations without exposing individual customers’ spending habits

· And more, as explored in The Next Generation of Data Sharing in Financial Services

One of the key learnings from the financial crisis was that system-wide risk exposures were not properly quantified and understood by enterprises as well as financial supervisors. This was partly due to inadequate management information systems that did a poor job of aggregating risk exposures across institutions as well as too narrow a focus by supervisors on the risk of individual financial firms rather than the interconnections between institutions and the broader system.

Competitive dynamics also played a part; it is perilous for a financial institution to make explicit its risk exposures because other actors may take advantage and profit from that level of transparency. Enter privacy-enhancing techniques, which make sharing granular information across institutions possible – allowing for transparency without unveiling too much, presenting new possibilities for collaboration between institutions, supervisors and customers.

“It is important to note that these technologies are not a magic wand. Using them requires financial institutions to address surrounding issues such as poor data quality, legal uncertainties and siloed data infrastructures,” says Bob Contri, Principal, Deloitte United States; Global Financial Services Industry Leader. “However, addressing these roadblocks and using privacy-enhancing techniques can propel the financial services industry into a new era of collaboration and value delivery.”

According to the World Economic Forum, financial services executives should take a concerted look at these new techniques and where they might best be deployed. Bringing these technologies into practice will require a degree of experimentation and technological expertise. Nonetheless, the benefits of widescale adoption are clear and speak to greater alignment and action among key stakeholders on issues of systemic importance.

Continue Reading

Science & Technology

‘Digital divide’ will worsen inequalities, without better global cooperation

MD Staff

Published

on

Inequality will worsen unless the so-called “digital divide” – the gap between under-connected and highly digitalized countries – is not addressed, warns a new report released on Wednesday by the UN trade body, UNCTAD.

The first-ever Digital Economy Report outlines enormous potential gains from the increasingly inter-connected global economy, but calls for “concerted global efforts to spread the wealth potential to the many people who currently reap little benefit from it.

US and China pull ahead, Africa and Latin America trail behind

The United States and China create the vast majority of wealth in the digital economy, the study reveals, and the two countries account for 75% of all patents related to blockchain technologies, 50% of global spending on the “Internet of Things” (IoT), more than 75% of the cloud computing market, and as much as 90% per cent of the market capitalization value of the world’s 70 largest digital platform companies.

The rest of the world, particularly countries in Africa and Latin America, are trailing considerably behind, and this trajectory is likely to continue, further contributing to rising inequality, said UN Secretary-General António Guterres, in a foreword to the report.

“We must work to close the digital divide” he writes, “where more than half the world has limited, or no access to the Internet. Inclusivity is essential to building a digital economy that delivers for all”.

Massive increase in data on the horizon

Despite the impact that digital data has already had, the world is still in the early days of the data-driven economy, according to the study, which forecasts a dramatic surge in data traffic in the next few years.

This reflects the growth in the number of people using the Internet, and the uptake of frontier technologies such as blockchain, data analytics, artificial intelligence, 3D printing, IoT, automation, robotics and cloud computing.

Platforms to rule the world

Wealth and power in the digital sphere are increasingly being held by a small number of so-called “super platforms”, comprising the seven global brands Microsoft, Apple, Amazon, Google, Facebook, Tencent and Alibaba.

Between them, these companies account for two-thirds of the total market value of the top 70 platforms: in China, WeChat, owned by Tencent, and AliPay, an Alibaba company, have captured virtually the entire Chinese mobile payment market between them. Google accounts for some 90 per cent of the global Internet search market, and Facebook is the top social media platform in more than 90 per cent of countries.

The reports shows that these companies are competing aggressively to stay on top, acquiring competitors, expanding into new services, lobbying policy-makers, and establishing strategic partnerships with leading multinationals in traditional sectors.

UNCTAD warns that the dominance of these platforms is leading to a concentration and consolidation of digital value, rather than reducing inequalities between and within countries, with developing countries at the bottom of the pile. The report calls for a rethink, that will bring about a fairer distribution of the gains from the digital economy.

The role of government in levelling the playing field

Governments can play a critical role in defining the rules of the game, explains Mukhisa Kituyi, Secretary-General of UNCTAD , by adapting existing laws, and passing new ones in many areas:

“A smart embrace of new technologies, enhanced partnerships and greater intellectual leadership are needed to redefine digital development strategies and the future contours of globalization”, he wrote.  

The report calls for greater international collaboration on issues associated with the digital economy, with the full involvement of developing countries, on issues such as competition, taxation, cross-border data flows, intellectual property, trade and employment policies.

Continue Reading

Science & Technology

Air pollution in a tweet: Communicating complex science

MD Staff

Published

on

Pant is passionate about communicating science better, combining data and meaningful narratives. Photo by Pallavi Pant

Air pollution is a complex issue that is difficult to communicate to most people. What causes air pollution? How does it affect our children’s cognitive development? What does air pollution have to do with rising temperatures?

Pallavi Pant is an air quality scientist who received her PhD in urban air quality in 2014. Today, she is a staff scientist at the Health Effects Institute in Boston. She is also Social Media Editor with the Journal of Exposure Science and Environmental Epidemiology, where she aims to communicate the journal’s work to a broader audience.

“But when it comes to communicating science, it’s vital to get the facts right. Young people like Pallavi—experts in their field with a passion to drive forward clear messages about air pollution, health and climate—are commendable in their ability to communicate the problems and how we can be part of the solution.”

This International Youth Day, themed “transforming education,” we asked Pant why, as a scientist, she feels compelled to tweet. How does she educate and bring complex messages to a non-scientific audience?

What influenced your decision to be a scientist, and is being a woman in this field a challenge?

I grew up in a household where curiosity was encouraged. I remember designing scientific experiments to test hypotheses as a kid with my friends. Throughout high school and college, I took steps towards a career in environmental science. In the early days, I wasn’t sure what aspect I would focus on; air pollution piqued my interest and I spent more time understanding it better. My personal experience living in Delhi—seeing the quality of air change over time—was another key contributing factor. Being a woman in science is fun and exciting, but also poses challenges. Occasionally, it has been difficult to deal with stereotypes that influence people’s interactions. In some instances, it is also about being safe—in the field working alone for example. But overall, I’ve had a good experience, and my mentors have been supportive.

Why do you feel it’s important to communicate science to a general audience?

Huge portions of important scientific research are still behind paywalls, and people are often unable to find accurate, reliable information, especially on digital media. Combined with the need for ‘bite-sized’ information, it is critical that scientists find ways to engage with the public, to dispel myths where they exist, and share useful information. After all, the goal for science is to help move towards a better future, isn’t it? During my PhD program, I started a knowledge platform—Air Quality in India—to publicize and communicate the latest science and policy developments on air pollution. I co-founded a similar effort for South Asia—Air South Asia. It is important that accurate, scientifically valid information is brought to the public. I also give public seminars on the topic of air pollution, and I answer queries from concerned individuals about sources of air pollution and possible impacts on human health. I engage with organizations that work directly with communities and point them towards trusted sources of information. On social media, I post curated content on air pollution.

The Journal of Exposure Science and Environmental Epidemiology is one of the first environmental journals to create its own social media platforms. What influenced this decision?  

When I spoke with the journal editors, it was clear that they were trying to expand the reach and make the information accessible to a broad audience. I had some experience doing that, and this seemed to be an excellent opportunity to expand my skills too! We hope to disseminate new findings from research published in the journal on social media, and get others interested in the field of environmental health.

What is the biggest challenge you face in communicating air pollution science?

When we train as scientists, we are encouraged to speak in scientific terms. The first issue I encountered was to learn to take a minute and think about my choice of words, and how they would be interpreted by a particular audience. Air pollution science is often complex, and it is a hard task to explain the nuance of the science while making it engaging and interesting. For example, air pollutants can be primary [directly emitted] and secondary [formed in atmosphere from other pollutants], and control strategies are very different for both types of pollutants. Communicating this effectively can be challenging. Sometimes, it is only a matter of directing people to the right information. In other cases, some thinking is required. In all cases, the bottom line for me is to make the information relatable for the particular audience.

How do you hope to take your storytelling to a level where it can reach more people?

I am still learning ways to communicate science better, and weave data and stories together to generate meaningful narratives for people. This year, I am hoping to expand a large, open-source database on air pollution in India, set up a mentoring network for women in air quality in the South and continue working to expand the reach of the Journal of Exposure Science and Environmental Epidemiology.   

Can you summarize the main threats of air pollution in 140 characters?

Air pollution impacts our health, environment & economy; we need to act both at personal & societal levels to improve the quality of air.  

UN Environment

Continue Reading

Latest

Trending

Copyright © 2019 Modern Diplomacy