By Mandeep Bhandal, on 20 August 2013
ISRS Intern Programme: Resilience Themes of Importance
The Institute for Security and Resilience Studies (ISRS) has developed a two week intensive junior intern programme, to enable interns to gain knowledge and experience in the field of security and resilience. During the two week programme, our two interns, Imani McKoy and Iona Palmer-Baunack have been introduced to the concept of resilience and its associated themes. They have undertaken research tasks, delivered presentations, received lectures and attended visits relating to the ISRS Research and Innovation Challenges. The diverse programme has been designed so as to enrich the intern experience by exposing the interns to pertinent issues of huge importance in our networked world today – including energy security, financial stability, cyber security and geopolitics & statecraft.
Imani and Iona have provided a brief assessment on a resilience theme of their choosing:
Imani McKoy – Cyber Security & Resilience
Where does it go? What happens to it? Who else can see it?
Despite the numerous firewalls and other security measures put in place to protect our most covert information, it is still possible for it to fall into the wrong hands. With the ever growing industry that each generation is becoming increasingly susceptible to, we never truly take the time to consider the possibility of our secret Snapchat’s, private messages on the likes of Twitter and Facebook or undisclosed bank details reaching unknown and undesirable third parties. There are four aspects to consider when covering cyber security: cyber risks, cyber-attacks, attack vectors and a solution.
The first of three to consider would be Cyber Crime, both that which could occur at the hands of one individual or an operational group. Those involved would use whatever means possible to disrupt the general running of a system; typically for the general purpose of obtaining an unsuspecting persons credit card data. Another cyber risk to consider is the possibility of Cyber War which can occur between members of one nation state to another. The perpetrators are usually what is referred to as APT’s (Advanced Persistent Threats); a term used to refer to a group (e.g. a government) with the capability and the intent to persistently target a specific entity. An APT may operate to gain access to sensitive information or even to pose even greater threats such as espionage. The third risk (not to say that it’s the last) that will be covered is Cyber Terror. As illustrated, any possible cyber risk has one basic objective – intrusion. The risk of cyber terror is one that details the actions of independent organisation of nation states that conduct terrorist activities via the internet. This would usually involve major disruption of computer networks, using a type of attack widely known as a virus.
There are various types of cyber-attacks that can occur – each being a product of an underlying aim. Trojans are used as an entry point on a computer where information can then be accessed, stolen and damaged on a system; they do so in the form of seemingly harmless programmes but are actually functioned to do things very different from what they appear to do. Viruses are developed to gain access to steal, modify or corrupt information stored on a specified system; viruses achieve their aims by the insertion of a small piece of self-replicating software that attaches itself to files – essentially spreading from one drive to another. Another attack mechanism used is Worms, which exploit the weaknesses of a system; again similar to viruses, are self-replicating software. Spyware is forever attempting to take control of computer systems, with the intent to collect personal information; once control is secured, the saboteur may download infected software. These are only some of many ways in which attacks occur via cyberspace due to the constant innovation of cybercrime – constant innovation being essential to successful resilience.
There are numerous ways for attackers to achieve their almost common goals. A common example would be social engineering which exploits the weaknesses of individuals – examples of this type of vector include phishing and pharming. Typical types of phishing/pharming include the use of spoof emails and fake websites, which demand the personal information of unsuspecting individuals, eventually compromising their information once obtained. Another vector used by some includes something called MITM where what is referred to as a middleman may impersonate an endpoint, enabling them to manipulate not one but two individuals; similar to the typical exploitation of weaknesses within a system.
The fact that these very issues exist does not mean that our information is not relatively safe; it just means that we have to take extra care of how we distribute our information. There are many reforms set in place to ensure that information remains safeguarded from official legislations such as the Telecommunications Regulations Act of 1998 and typical firewall systems; all aiming to provide cover against both deliberate and opportunistic attacks. However, cyberspace is a highly unregulated medium, leaving cyber criminals with many entry points and one way to ensure that the effectiveness of these is greatly reduced is to carry out a risk assessment. This assessment should consider people, processes and technology. The competency of resources, professional skills and qualifications of staff and availability of staff training should come into focus – along with management systems and governance framework. As previously mentioned, cybercrime is constantly innovating but by ensuring that the correctly qualified people are in charge of security protocols and are prepared to respond and recover from either a potential threat or an act of cybercrime, the safety of our information is firmly in place – for now.
Iona Palmer-Baunack: Cypriot Economic crisis: Quick Turn Around
In 2013 the Cypriot economy faced a major crisis following the exposure of Cypriot banks to overleveraged local property companies, the inability to refund its state expenses from the international markets and the government’s reluctance to restructure the troubled Cypriot financial sectors which led to a 10 billion euro bailout from the EU.
This economic crisis in Cyprus has had many effects on the state of Cyprus; being someone who visits the country every year I myself have seen the effects that the crisis has had on Cyprus. In previous years one would see a booming tourism industry, low tax rates on various products such as alcohol and cigarettes, and a thriving property industry. However, having visited the country this year one can see the damage that this crisis has had on the country – seeing barely any tourists in the high season, increased tax rates, expensive food and resources and half-finished buildings.
It can be argued that due to a lack of resilience Cyprus has fallen into this state, for example it did not see the risk nor was it prepared for the risk when buying into bonds in Greece. However, I believe that Cyprus is in fact a truly resilient country.
Firstly, the country of Cyprus has reinvented it’s economy on various occasions: after gaining its independence from Great Britain in 1960, a coup by the Greek junta and a military invasion by Turkey in 1974, the Lebanese civil war in the 80s and the Gulf war in 1991 and it still each time continues to develop its economy and reinvent itself.
Secondly, Internationally in the business world Cyprus has reinvented itself since the financial crisis due to the fact that it has close to 50 double tax treaties, a fully EU-harmonised tax and legal framework and one of the lowest and most competitive corporate tax rates in Europe – it therefore provides an attractive base for international businesses. This will ultimately begin to boost the economy to a stronger position than it held before.
Furthermore, since the bailout the government has increased its work in innovation in order to make sure a crisis like the one experienced earlier this year does not come about again. The Cypriot government has been fully focused on implementing strict austerity measures to restructure the economy and has announced new incentives to attract more investment.
Finally, what has been a great prospect for Cyprus has been the discovery of hydrocarbon reserves in its exclusive economic zone – leading to an interest from other countries.
So my argument is that although Cyprus faced a crisis and did not prevent it from happening through various measures it took and mistakes it made, it is actually using the way ISRS define resilience in order to “bounce forward” as it is renewing and recovering its economy through a flow of events that has happened such as the discovery of hydrocarbons. And as well as bouncing forward and reinventing itself as a country it is also trying to implement measures so that a crisis like the one experienced in 2013 will not come about again. Therefore in my opinion the Cypriot Economic Crisis was actually for the better as the country seems to be coming out of it into a better position than it was before.