Future Thinking: Niel Harper on Cyber Threats
In 2017, the Internet Society unveiled the 2017 Global Internet Report: Paths to Our Digital Future. The interactive report identifies the drivers affecting tomorrow’s Internet and their impact on Media & Society, Digital Divides, and Personal Rights & Freedoms. In February 2018, we interviewed two stakeholders – Cyrating, a cybersecurity ratings agency, and Niel Harper, Senior Manager, Next Generation Leaders at the Internet Society – to hear their different perspectives on the forces shaping the Internet.
Niel Harper is a Young Global Leader at the World Economic Forum. He has more than 20 years of experience in the areas of telecoms management, cybersecurity, IT governance and strategy, ICT policy research and advisory services, and program management. (You can read Cyrating’s interview here).
The Internet Society: Experts predict an increase of frequency and impact of cyberattacks. What form are they likely to take in the future?
Niel Harper: In the foreseeable future, attackers are likely to fall under three categories: organized criminals seeking to profit from malicious online activities, online protesters (also known as hacktivists), and governments who target their own citizens or target other governments, whether for cyberespionage or cyberwarfare.
Criminals will continue to become more organized, selling different types of malware and attack techniques to the highest bidder. Attacks against IoT devices and platforms will become more prevalent given the significant rush to market by manufacturers, who tend to ignore ‘security by design’ requirements to exploit market segments with potentially high revenue.
Hacktivists, in turn, will remain extremely active as they seek to push their social and political agendas. Their attacks of choice will be phishing, website defacement, and social media account hijacking.
Last but perhaps most significantly, state-sponsored threat actors will become more and more active. We will see increasing attacks against critical infrastructure and supply chains. For example, cyberwar actors will seek to attack targets that result in maximum disruption, economic upheaval, and even public safety issues (e.g. airports, public transit, power grids, nuclear facilities, smart cities, etc.). There will be continued attacks targeting democratic processes such as electronic voting machines, online voter registration, party or politician websites, and other such platforms. Sadly, enterprises will get caught up in state-led or state-sponsored attacks, and with far-reaching economic impacts.
What needs to be done to address cyber threats, put users in control of their data and increase accountability for data handlers?
One of the most important countermeasures against cyber threats is greater awareness. More governments need to engage various national stakeholder groups in developing awareness programs. Such programs should incorporate information on common attack techniques/vectors, recommendations on how to put better protection measures in place (including data protection), and best practices for improved online hygiene.
Countries furthermore need to develop and implement national cyber security strategies (NCSS) which take a holistic and collaborative approaches towards combating cyber threats. NCSS should include key areas like incident response, critical infrastructure (CI) protection, legal and regulatory frameworks, education and workforce development, and enhanced security operations. It is of utmost importance that the development and execution of the NCSS include participation from key stakeholder groups such as the technical community, private sector, academia, and civil society.
With regards to improving users’ control of their data and increasing accountability for data handlers, it is likely that legislation will be needed because corporations have not yet proven to be good data stewards. Hence, legislative instruments like the EU’s General Data Protection Regulations (GDPR) are likely to be replicated across national jurisdictions. More specifically, the roles and responsibilities of those handling data should be clarified, penalties for misuse and abuse should be outlined, and mechanisms should be put in place to reward adequate data protection and implementation of security best practices.
How do we address the cybersecurity divide between developed and developing countries?
My work in the Caribbean have led me to the conclusion that a country’s level of connectivity, and extent of digital divide, translates into the maturity of that country’s cybersecurity capabilities. This, in turn, is indicative of the country’s strategic political and economic standing among other states. As such, some of the key ways of addressing this divide is through capacity building and technical assistance. Organizations like the Internet Society have a large role to play when it comes to developing and training individuals in emerging economies to more effectively respond to cyber threats. This can be done through its established offerings of
online training and/or face-to-face workshops. Additionally, organizations such as the ITU-IMPACT, OAS, European Union and others must continue their efforts in providing training and technical assistance across key cybersecurity domains in developing regions.
What are your fears for the future of the Internet?
My greatest fear is that the Internet becomes a mass surveillance apparatus for governments, with routine and wanton human rights abuses and violations. Another fear is that the monopolistic power of the ‘Big 4’ – Amazon, Apple, Facebook, and Google – stifle innovation and reduce the overall social and economic benefits of the Internet. Yet another fear is that cybersecurity attacks become so frequent, disruptive and overwhelming as to severely erode the trust model that underpins the global Internet economy.
What are your hopes for the future of the Internet?
My hopes are that the future Internet is built on five key pillars: Security & Privacy, Openness, Decentralization, Digital Inclusion, and Web Literacy. In a nutshell, the Internet must be a human rights-respecting platform, Internet development must be human-centric, the control paradigm in the data ecosystem must shift to users/data owners, we must close the digital divide and allow everyone to participate in the Internet economy, and security must become a shared responsibility across all stakeholder groups.
What do you think the future of the Internet looks like? Explore the 2017 Global Internet Report: Paths to Our Digital Future to see how the Internet might transform cybersecurity across the globe, then choose a path to help shape tomorrow.