Internet giants decide US government has nothing to offer security talks

A coalition of internet giants have decided to have a meeting to discuss cybersecurity and misinformation during November’s US mid-term elections, but the government didn’t make the invite list.

It isn’t often the worlds tech giants all get along, but this seems to be an area which they can all agree on. Something needs to be done to remove a repeat of the controversy which has constantly stalked Donald Trump’s Presidential win, and it isn’t even worth bothering listening to the opinions of the government.

According to Buzzfeed, Nathaniel Gleicher, Facebook’s Head of Cybersecurity Policy, called the meeting, inviting twelve other organizations but the government was not on the list. The snub seems to follow a similar meeting in May, where each of the invitees left feeling somewhat disappointed with the government contribution. We can only imagine Department of Homeland Security Under Secretary Chris Krebs and Mike Burham from the FBI’s Foreign Influence Task Force simply sat in the corner, one holding a map and the other pointing to Russia shouting ‘we found it, we found it, look, they don’t even do water sports properly’.

“As I’ve mentioned to several of you over the last few weeks, we have been looking to schedule a follow-on discussion to our industry conversation about information operations, election protection, and the work we are all doing to tackle these challenges,” Gleicher wrote in an email.

The meeting will take place in three stages featuring the likes of Google, Twitter, Snap and Microsoft. Firstly, each company will discuss the efforts they have been making to prevent abuse of the platform. Second will be an open discussion on new ideas. And finally, the thirteen organizations will discuss whether the meeting should become a regular occurrence.

While interference from foreign actors has proved to be a stick to poke the internet giants in the US, criticism of the platforms and a lack of action in tackling misinformation has been a global phenomenon. European nations have been trying to hold the internet players accountable for hate speech and fake news for years, but Trump’s Presidential win is perhaps the most notable impact misinformation has had on the global stage.

With the mid-term elections a perfect opportunity for nefarious characters to cause chaos the internet players will have to demonstrate they can protect their platforms from abuse. Should abuse be present again, not only would this be a victory for the dark web and the bottom dwellers of digital society, but it will also give losing politicians an opportunity to shift the blame for not winning. While this meeting is an example of industry collaboration, each has been launching their own initiatives to tackle the threat.

Facebook most recently revealed it scored users from one to ten on the likelihood they would abuse the content flagging system, and has been systematically taking down suspect accounts. Twitter has algorithms in place to detect potential dodgy accounts and limits the dissemination of posts. Microsoft recently bought several web domains registered by Russian military intelligence for phishing operations, then shut them down. Google has also been hoovering up content and fake accounts on its YouTube platform.

Whether the internet giants can actually do anything to prevent abuse of platforms and the spread of misinformation remains to be seen. That said, keeping the bundling, boresome bureaucrats out of the meeting is surely a sensible idea. Aside from the fact most government workers are as useful as a bicycle pump in a washing machine, Trump-infused politically-motivated individuals are some of the most notable sources of fake news in the first place.

Cybersecurity for the Fourth Industrial Revolution

Telecoms.com periodically invites third parties to share their views on the industry’s most pressing issues. In this piece Cormac Whelan, CEO UK & Ireland, Nokia Networks looks at how the cybersecurity landscape is evolving.

The Fourth Industrial Revolution, the increasing connectivity of our lives and businesses, is driving business transformation and improving the lives of employees and customers globally. But there’s a darker side to this increased mobility and interconnectedness in the form of security risks that grow exponentially as more data and business operations move to the cloud. Quicker, smarter cloud apps that power business growth are also driving a quickly evolving threat landscape, with at least 360,000 new malicious files detected every day in 2017 (an increase of 11.5 per cent from 2016).

The UK Government’s Cyber Security Breaches Survey 2017 found that almost seven in 10 large businesses identified a breach or attack last year. What’s more, businesses holding electronic data about their customers were far more likely to be compromised than those that didn’t. In tandem, governments, utilities and public services are also at greater risk than ever. An attack resulting in loss of connectivity or equipment damage can leave an entire city without electricity.

The recent WannaCry ransomware attack affected some 400,000 computers in over 150 countries and resulted in major outages in key services such as healthcare, transport and banking. As more and more data gets stored on mobile devices, the risk of attacks increases.

With every business, financial institution, telecoms provider, energy company and government at risk, the only effective response is a defence strategy to protect assets. Operators need to think not only about how criminals can gain access to their networks, but also what they do when they are inside. Temporary loss of files, compromised software or systems, permanent loss or change of files or personal data, lost access to third party systems, money assets or intellectual property stolen – all are possible in any number of combinations.

Identifying risk

Think of this like a large building with black and white windows. In order to repair the building, you need to find the black windows – analyse the problems to find where threats and viruses can come in. The broken window then needs to be fixed; a new window or a new frame (implementing the right solution and software). To add to the complexity, the windows are constantly changing, so continuous monitoring is needed to keep up. Only through these four elements – the right assessment, the right solution, the right software, and the right monitoring, can the building be secured.

Of course, this was much easier when data was operators’ own and applications were hosted internally. Companies had their own servers and could install a firewall. Now, to defend assets operators need qualified security professionals, a good understanding of vulnerability of important domains and a continuous up to date management. Even with talented staff in place, the threat landscape changed, with new viruses, new systems and new types of software and approaches needed.

New vulnerability through the Internet of Things

Cybercrime is moving from computers to mobiles and the Internet of Things. Mobile network infection has gone up by 63% and 50%of those attacks are very serious, with ransomware spreading easily into networks. All new devices that connect into an operator’s network are new vulnerability points and this pool is growing daily as the IoT booms. In the near future, every area of our life will be connected by a sim card and the vulnerability this brings along with the potential for device loss or theft is huge.

Alongside the business impact of network attacks (such as lack of network, impacting critical operations), there’s the very real risk of private data loss. Not only can enterprise problems cause consumer problems through lack of access or loss of service, but companies are responsible for keeping the customers, and their data, safe. Regulations, particularly in the EU, mean that if a virus at the network level allows a hacker to steal 9 million credit card details, the company responsible for the data loss will be held to account.

Preparing for the Fourth Industrial Revolution

Now is the time for companies to start thinking about the vulnerabilities the Fourth Industrial Revolution and ever-expanding Internet of Things will expose. Keeping operations and customers safe needs to be firmly front of mind, both in terms of companies’ own networks and applications, but also in terms of where a network interacts with others.

It’s a complex puzzle and it can be difficult to know where to start, but only by undertaking a thorough assessment and benchmarking against industry averages can an operator create an improvement plan and take steps toward becoming ready for potential security risk. With a plan in place, it is possible to identify the right solution, implement the right software and have a deeper understanding of the monitoring required to keep the business safe. Keeping data safe will be an essential part of realising the benefits and potential of the Fourth Industrial Revolution.

 

Cormac WhelanCormac is currently the CEO for the UK & Ireland at Nokia, having taken up this role in January 2016. In this role he leads all operations for the UK & Ireland markets including sales, business management, delivery and operations. As a senior executive over more than two decades in a number of global blue-chip organisations, Cormac has extensive experience is sales, marketing and business development. In addition he has proven expertise in strategic planning and driving transformation and change management in large scale businesses.