In a far-off time and space, very few people, well apart from those who wanted to be seen as dangerously left wing, liberal, and politically correct, that’s right Guardian readers had heard of WikiLeaks, or indeed Julian Assange. Well just in case you missed it, Julian is the main spokesperson and editor-in-chief for WikiLeaks. While WikiLeaks as you all know, publish anonymous submissions from private, secret and classified sources: a ‘digital whistleblower’! Well, the boy has certainly done good!
In 2010, JA was the new techno urban warrior, a ‘wunderkind’; voted by TIME readers as their choice for TIME’s Person of the Year. In that very same year US Secretary of State, Hillary Clinton speaking on Internet Freedom, at the The Newseum, Washington, DC, outlined her vision in which digital whistleblowers, such as JA, and their,
“information networks would form a new nervous system for our planet; a type of ‘digital transparency’, helping people discover the truth; making governments more accountable.”
However, less than 12 months later, Clinton now speaking at a hastily convened State Department press conference, condemned those same digital whistleblowers;
“digital transparency was an attack on the international community.”
While, at the same time Sarah Palin, called for Assange to be hunted down by American special forces and assassinated;
“he should be pursued with the same urgency we pursue al-Qaeda and Taliban leaders.”
However, moving on from the fate that awaits Ecuador’s newest resident at their London embassy, do we need some type of digital transparency for business information security issues?
Now, I’m not suggesting some form of digital whistleblower that champions the transparency of digital and software vulnerabilities, although that could be one option. But I am suggesting some form of,
‘collective intelligence: a shared intelligence that emerges from a collective and transparent collaboration of individuals dealing with similar problems.’
Some of you no doubt are questioning the rational: why? There are plenty of organizations that a business could turn to, from CERTs (Computer Emergency Response Teams) to local law enforcement – yes there is loads and loads of security data washing around in the digital sea, but charities can soon drown, and large organizations only stay afloat by using dedicated IT service departments to pump out the water. Because charities are overwhelmed by digital security information, they tend to ignore it, and hence they are now the target of choice for cybercriminals.Let us consider this option first; the use of collective intelligence directed at security breaches. I would argue, that an effective means of transparently sharing details without fear of recrimination and embarrassment would greatly reduce the impact of such breaches. Fine idea, but the key words here are, ‘recrimination’ and ‘embarrassment’ – how can this be achieved?
In addition, IMHO charities are reluctant to share information; ‘will this sharing be reciprocated’; ‘will it open me up for further attacks, more expense, loss of reputation’; ‘what will my customers/clients think?’ But given privacy and anonymity safeguards, charities might just be persuaded to share information with a ‘trusted’ independent security ‘broker’; able to exchange security information from many similar sources. Ok trusted broker step forward!
Digital Transparency, Collective Intelligence & Charities
The UK government has an information security initiative!
Seriously, the government’s Warning, Advice & Reporting Points are part of the Centre for the Protection of National Infrastructure initiative on helping organizations, secure their information, and their information infrastructure. Warning, Advice & Reporting Points, otherwise known as WARPs (don’t let the name put you off), are independent not-for-profit entities that offer –
Filtered Warnings: The delivery of warnings to its members, who can then maintain their system security. The warnings are filtered so that members will only receive warnings relevant to their own systems: a Linux-only user will not receive warnings about Microsoft vulnerabilities. The purpose is to ensure that members receive pertinent information in a timely and relevant manner without needing to go looking for the information, nor being inundated with irrelevant information.
Advice Brokering: A mechanism by which members may seek and/or give advice to their colleagues. It is, in effect, a closed, secure and anonymous meeting place; a forum where Members can discuss problems, and the operators, knowing their members’ needs and knowledge/skills, can provide an information brokering service.
Trusted Sharing: A mechanism for sharing security incidents and other sensitive information without fear that the information will be used against them. Pooling and sharing this information with other members of the WARP, and possibly other WARPs as well, will lead to more robust and secure systems.
Registered WARPs are grouped by sector, e.g., local education, local health, local government.
Do we need one for charities?
Yes I think we do, and to help Signacure and AtlasCloud in collaboration with Skills Bridge have organized a free seminar that will consider the impact of information security challenges facing charities – more details can be found on our events page.