«This project forces us to think transnationally»
The cyber security specialists Myriam Dunn Cavelty and Matteo E. Bonfanti participate in a European project with 18 partners. Precisely the many partners are very important for their research.
Are we to expect an increase in cyber terrorism in the future?
Myriam Dunn Cavelty: Cyber crime is a real danger and most people are aware of it due to various incidents. However, cyber terrorism is pure fiction.
Is there hardly any cyber terrorism?
Dunn Cavelty: It was once assumed that terrorists would use the virtual network as a cheap means to apply violent pressure. However, fact is that terrorists achieve greater effects and obtain more attention by using bombs and other acts of violence than by attempting cyber attacks. However, there is an increase in connecting organised crime and terrorism: Terrorists use cyber resources for recruiting, for propaganda and their funding by means of fraud, money laundering, blackmailing or the dark net trade.
How imminent is this danger?
Dunn Cavelty: Assessing this danger is rather difficult due to a lack of data information. Nevertheless, a number of incidents have demonstrated that information security is being neglected at many institutions. Last May, the malicious software programme «WannaCry» encrypted data on over 230,000 computers in roughly 150 countries. Many hospitals were attacked as well and subsequently forced to pay a great amount of money to the perpetrators for the encrypted patient data. Technically, this attack was simple. Many companies and institutions are now aware that they could be attacked; yet, they still invest too little in precautionary measures. Attacks on financial institutions or credit card fraud are unpleasant indeed; however, attacks on so-called critical institutions that would damage our basis of life would be much more serious. This is what people dread most.
Which type of data is interesting for hackers in Switzerland?
Dunn Cavelty: Popular targets are research and development data. Political information are interesting as well: On location of diplomatic talks in Geneva, for example, spy software was found. Banks are also popular targets; however, they are usually relatively well protected as they invest greatly in cyber security.
What are the effects that cyber crime might have on citizens?
Dunn Cavelty: For instance, it is annoying to have your digital identity stolen, as there are several possibilities how this can be misused online. Credit card fraud is common, yet the money stolen is usually compensated. Attacks leading to the fact that we could no longer perform digital transactions over a longer period would be strongly disabling as well. It would become very difficult or even dangerous if a cyber attack were to cause a longer electricity cut.
In order to develop strategies against cyber attacks, your initial approach within the EU project «TAKEDOWN» is to achieve a deeper understanding of cyber crime and cyber terrorism.
Matteo Bonfanti: Indeed. The motivations for cyber attacks are very diverse and depend on the objectives of the corresponding individuals or groups. These objectives may be of financial or propagandistic nature, some perpetrators merely wish to scare people or interrupt their communal life. We collect data on cyber crime and cyber terrorism in order to understand the various phenomena as much as possible. We also analyse the means used in case of attacks, so that institutions can protect themselves better in the future. The basis of prevention is to understand the causes, structures and dynamics of these groups.
You launched the project with a large survey. What were the questions?
Bonfanti: We conducted a Europe-wide survey addressing policy-makers, law enforcement officials, and other first-line practitioners to understand their needs and challenges in fighting and preventing cyber crime and cyber terrorism. For example, we investigated the existing policies and approaches and how they can be improved. As strong transnational cooperation is needed for the fight against cyber attacks, we also asked about how this cooperation can be enhanced. We also inquired on the desired tools and technologies to be employed for countering cyber threats. One of the objectives of this project is to identify the right technologies or other tools to institutions or companies to increase their data security.
How can you support potentially affected parties?
Bonfanti: Our aim is to develop two platforms: TAKEDOWN offers a public platform for the wide European civil society with tools that inform them in detail about cyber crime, terrorism and radicalisation, of how they can identify them and protect themselves against them. This ranges from security guidelines for the everyday user, via guidance for teachers suspecting that a student could become radicalised, up to tips concerning the data protection of companies. This platform also provides access to experts on the subjects for all people interested. What is more, we collect data on cases with which the public or companies were confronted.
What about the second platform?
Bonfanti: This second platform is password-protected and only accessible to national institutions and law enforcement agencies across Europe. They receive information about mature or emerging technological security solutions (or services) that protect against cyber crime and cyber terrorism. We would like to offer a list of technologies and a list of technology providers. We do not develop the digital solutions ourselves, but we provide an overview of the solutions available and best suited for the parties affected.
18 international partners participate in this project. What makes it special for you?
Dunn Cavelty: Many of the project partners have been working in the areas of terrorism and cyber crime for many years. This profound knowledge has captured our interest. It is also important that the project involves many different countries. Cyber crime and cyber terrorism do not stop at the national borders.
What do you expect from this cooperation in terms of your research?
Dunn Cavelty: We hope for rewarding contacts, a strong network. As the project extends from Bulgaria to Romania to Israel, we will learn about what other countries worry about and what they do about it. Knowing of other perspectives enriches our own research.
Can you give us an example of other perspectives on the phenomenon?
Bonfanti: For instance, our partner in the UK is most worried about cyber crime. The project participants from Romania and Bulgaria are mainly interested in the detection and prevention of corruption; others intend to focus above all on corporate crime.
Dunn Cavelty: What we need are transnational solutions. This is why it is important to conduct collective research on how these groups think, work and how they come into being in the first place.
Bonfanti: This project forces us to think transnationally.
Dunn Cavelty: The perspective of the EU is key for us also in that they are way ahead in terms of the balancing act between cyber security on the one hand and the protection of privacy and individual liberties on the other hand. The EU harmonises laws and introduces an obligation to register for those who have been attacked. It is unpleasant for companies when they have to admit that somebody viewed their data or even stole them. Therefore, the hope is for the companies to increase their security level instead. Switzerland currently discusses a similar obligation to register.
Which EU Member States are most aware of these issues?
Dunn Cavelty: Germany is very active and deals carefully with privacy matters. The UK is also quite ahead of other countries and the Netherlands is one of the best. However, Switzerland is not doing that bad either.
What are the biggest challenges with so many project partners?
Bonfanti: Coordination is difficult with 18 partners from 13 states, with diverse institutions, stakeholders, different cultures, perspectives, interests and languages. I have learned that it is best if you pro-actively approach the partners, set deadlines and remind each other of arrangements. This triggers a domino effect and gradually everyone acts in concert. Such large entities are challenging, that is true, but behind every partner is a human being with a personality, an agenda and personal interests. Throughout this project, I have acquired many management skills that will be very helpful for future projects. In addition, the potential with this many European partners is significant.
Dunn Cavelty: In principle, it is important for Swiss institutions to participate in European projects. We are in the middle of Europe and should therefore cultivate this collaboration and take care of it.
Will our data ever truly be safe?
Dunn Cavelty: Indeed, we will never see absolute data security; it is an illusion. We have to change our way of thinking: We should not ask how we can achieve absolute security, but instead focus on the consequences of cyber attacks and what to do when they happen. We should deal more with coping strategies.
Yet, ever since the terrorist attacks of 9/11, security is at the top of every political agenda.
Dunn Cavelty: Yes, the attacks have demonstrated how vulnerable our societies are. Now we think that if we focus on security, we will be safe. Some countries have introduced extreme laws at the expense of freedom and privacy to maintain this feeling of security, yet the success thereof is debatable. What we need is a broader debate on what security stands for today in the first place, as well as profound public information about the risks, protections and prevention.
You are dealing with worst-case scenarios on a daily basis, some warn against cyber war. What are the biggest threats at the moment?
Dunn Cavelty: I am more worried about politicians threatening the world with a fusion bomb than about the myth of cyber war. Cyber tools cannot achieve an even remotely physical destruction; therefore, they are secondary.
What is currently the most effective protection against cyber crime and cyber terrorism for institutions and companies?
Bonfanti: It is vital that they invest in the right technical security solutions, hire specialists and regularly instruct their employees regarding data security.
And how can private computer users prevent attacks?
Dunn Cavelty: By consistently updating their computer, by changing passwords, by controlling credit card statements, by not opening everything received via e-mail and by assessing where they post and with whom they communicate online. At home, you would never let everybody inside, just because they knocked at your door. The same precaution should prevail when using the Internet.
Bonfanti: One repeatedly forgets: Once something is on the Internet, you cannot remove it. Nobody knows exactly what the social media companies are storing and for how long. Security starts with the computer users themselves.
Interview with Myriam Dunn Cavelty & Matteo Bonfanti
Myriam Dunn Cavelty
Myriam Dunn Cavelty is a Senior Scientist and Deputy for Research and Teaching at the Center for Security Studies (CSS) of ETH Zurich. She studied International Relations, History and International Law at the University of Zurich. She was a visiting fellow at the Watson Institute for International Studies (Brown University, USA) in 2007 and a fellow at the Stiftung Neue Verantwortung in Berlin, Germany, from 2010 to 2011. Her research focuses on the politics of risk and uncertainty in security politics and changing conceptions of (inter)national security due to cyber issues (cyber security, cyber war, critical infrastructure protection) in specific. She also advises governments, international institutions and companies in the areas of cyber security, cyber warfare, critical infrastructure protection, risk analysis and strategic foresight.
Matteo E. Bonfanti
Matteo E. Bonfanti is a Senior Researcher at the Center for Security Studies (CSS) of ETH Zurich. He holds a PhD from the Scuola Superiore Sant’Anna di Pisa, Italy. Before joining the CSS, he was a researcher at the Institute of Law, Politics and Sustainability of the Scuola Superiore Sant’Anna, the Centre for Science, Society and Citizenship in Rome and the Central European University in Budapest, Hungary. In 2008, he served as research assistant at the office of the European Data Protection Supervisor (EDPS) in Brussels. Since 2010, Matteo E. Bonfanti has been involved as a researcher in several projects in the field of counter-terrorism, crime prevention, crisis management and cyber security. He also acts as a privacy and personal data protection advisor for private entities.
Project funded by Horizon 2020
«TAKEDOWN – Understanding the Dimensions of Organised Crime and Terrorist Networks for Developing Effective and Efficient Security Solutions for First-line-practitioners and Professionals», European collaborative Research and Innovation Action.
Coordinator: Synyo, GmbH Austria
Partners: 18 institutions from 13 different European Countries
Financial contribution from H2020: 3,421,062 € (274,687 € for ETH Zurich)