Perhaps inevitably, the issue of cyber security came up during the opening keynotes of PTC 2017, although it came up in a surprising context: namely connecting the unconnected.
Malcolm Johnson, deputy director of the ITU, was being interviewed onstage about the role of ICT companies in meeting the organization’s Sustainable Development Goals. As the conversation shifted to the unconnected and the importance of getting them connected, Johnson was asked about the issue of cyber security, particularly in light of the recent row between the US and Russia over alleged hacking of the presidential election.
Johnson – who says he gets asked this a lot nowadays – wouldn’t get drawn into that specific issue, but did say that cyber security is a major issue in terms of connecting the unconnected, because quite often the problem isn’t getting people connected so much as getting them to use the connection once they have access to it.
“If you want everyone to get online, they’re not going to get online if they don’t feel secure and they don’t trust the technology they’re using,” he said. “This is a particular issue.”
Johnson said that while we live in turbulent times at the moment, cyber security has been an issue for the ITU since at least 2005, when the World Summit on the Information Society (WSIS) recognized it as an issue and gave the ITU the lead responsibility to ensure that there is trust and security in utilizing ICT.
To that end, the ITU has been looking at cyber security from both a policy and technology point of view, but Johnson emphasized that collaboration was crucial in developing cyber security policy on an international level.
“There are many organizations across the world that are working on cyber security, and the important thing is that we need to collaborate and cooperate with various organizations that are all trying to address this issue,” he said, noting that the ITU has established a partnership with 15 other organizations across the public and private sectors to develop a model that countries can adopt for their national cyber security strategies, as well as providing information on how to establish computer incident response teams, and creating policies to protect children online.
Which makes sense in theory. In practice, however …
Johnson is correct to point out that trust is crucial to connecting the unconnected, and cyber security problems could undermine that trust, although I suspect that won’t be a an insurmountable for all of the unconnected. Many may be blissfully unaware of the risks, and would probably be happy to sign on if you give them an affordable handset and data plan, and a Free Basics service (or equivalent).
But it will be an issue for many others who have seen the headlines about, say, IoT devices with bad security, or government officials insisting on back doors for devices and apps, or governments enacting laws that enable them to spy on users and jail people for posting the Wrong Kind Of Content.
While it’s great that government ministries are getting involved in the collaboration process described above, Johnson also mentioned that when the ITU has cyber security discussions with government ministers, it’s not just the comms ministers that turn up, but also ministers for foreign affairs and defense. Understandable as that is, it’s not an encouraging sign.
The point is that cyber security is not just an issue of great encryption and best practices – it’s vastly more complicated and highly politicized. Cyber security is already an arms race between good guys and bad guys, with motivations for attacks ranging from political ideologies and theft to public shaming and teenage kicks in general. Meanwhile, cyber space has already become the new espionage playground for government agencies, whether they’re spying on rival countries or their own people.
And as the current US-Russia row illustrates, state-sponsored hacking can also be used as a tool of sociopolitical influence in rival countries, either to alter the outcome of an election or to undermine public trust in the election process and the acceptance of results that enable a peaceful transition of power.
In that kind of environment – to say nothing of the inherent privacy issues of big data collection – it’s hard to imagine that cross-organizational collaboration on standards and suggested policy templates is going to be enough to convince the unconnected that the internet is a trustworthy place.