• What we do
  • The People
  • About Us
  • Why Innovation Africa
  • Contact Us
Innovation AfricaCreating the Future Today
  • Feature Articles
  • Innovation
  • Agriculture
  • ICT
  • Technology
  • Entrepreneurship
  • Health
  • Store
  • Contact Us
Menu
  • Feature Articles
  • Innovation
  • Agriculture
  • ICT
  • Technology
  • Entrepreneurship
  • Health
  • Store
  • Contact Us
  • What’s Your ICT4D Cyber Threat Model?

    November 23, 2015 Editor 0

    MERLTech_ThreatModel_Illustration

    Threat models can make ICT4D more secure and safe to use. In computer science, “threat modeling” is the approach of playing through attacks and hacks ahead of time. Being alert to digital risks can help prevent data breaches and devastating damage – also in the aid sector.

    Digital Risks Are Real

    Data horror stories are all over the news today: companies lose staff and client data, banks lose money, governments expose civilians, security firms are compromised and hackers, too, get hacked.

    Such “cyber threats” are just as real and risky in aid and ICT4D. What is costly or inconvenient for businesses, however, could lead to lethal consequences in conflict and disaster settings.

    Perks and Perils

    ICT4D is, without doubt, transformative. Smartphones, software and computing power connect the previously unconnected, speed up surveying and help save data from its death on printed PDFs in dusty drawers.

    But in the wrong hands, maps with the exact location of vulnerable people, routes of aid trucks and records of a person’s health levels provide playbooks for harm. Imagine the damage an armed organization could do knowing exactly when and where a hungry person receives food. In digital form, this type of information is susceptible to interception, often without being noticed.

    If we don’t become more careful, the data that helps us plan and monitor our work might help others implement attacks that are entirely at odds with our intentions.

    Data Risks in Aid

    MERLTech_ThreatModel_DataRisks

    Warnings for ICT4D data damage abound – we just have to start looking: Online maps put people into hospitals. Online platforms expose defenseless people. The improving aid information landscape also “aids” surveillance.

    ICT devices themselves can create problems. Local authorities can become suspicious, sometimes banning phones and Internet and consequently access to aid workers who use those tools. Our research found incidents of people being targeted and killed when seen with smartphones.

    In another scenario, if a woman reports physical abuse with a mobile phone her husband uses, too, more bad than good could happen. Similarly, data leaks revealing sensitive aid details to local communities can create stigma and harm or ostracize groups and individuals.

    Meanwhile, aid data security often is abhorrent. We use easy-to-crack passwords for multiple accounts or keep them on sticky notes next to our computers. We send sensitive documents through the web like open postcards, i.e. unencrypted. We even circumvent the digital restrictions our IT teams put in place if they are inconvenient.

    In stark contrast, our adversaries grow increasingly cyber-savvy: governments worldwide bring their malware usage to perfection and organized armed groups, e.g., ISIS, cyber-arm themselves.

    No Cyber Strategy in the Aid Sector

    The ICT4D community is quick to recognize privacy concerns, but we drop them all too frequently; other priorities, deemed more urgent, push digital security aside. It does not help that solutions seem to be hidden behind complicated code and cryptic binary. Digital security is difficult for everyone. But even if technology-related threats can be hard to understand, we cannot afford to overlook them.

    It is contradictory that human rights, development and humanitarian action lack standards and risk awareness when it comes to working with technologies. The aid sector is well-equipped with norms and guidelines as well as aid staff who are well-attuned to ethics.

    These principles and values need to be translated into our use of ICT. The sector that is working hard to “do no harm” should go the extra mile to “do no digital harm” either. Our first step should be threat modeling.

    Copying Computer Scientists: Threat Models

    When software designers review the tools they build, threat models help them to ask the hard questions. What assets, i.e., sensitive information, does my technology handle? Who might want to attack it? What gaps or loopholes could attackers use?

    Putting these risk factors together, they are able to evaluate the likelihood of different threats and how they can respond to them:

    • Accept the risk;
    • Mitigate it technically, or transfer it; or
    • Avoid it by scrapping the software project altogether.

    In other words, threat models make computer security more proactive and resilient. They increase awareness and preparedness, which – as aid workers know all too well – improves decision-making if and when worst-case scenarios occur.

    Your Own ICT4D Threat Modeling Exercise

    The next time you plan or discuss an ICT4D project, play through the worst possible scenario and decide ahead of time how to react. Ask yourself these questions:

    1. Assets: Where do you store sensitive and valuable information?
    2. Adversaries: Who might want to access and abuse this data?
    3. Attacks: How could these adversaries get, steal or compromise the data?

    Your reaction and response will depend on your project and context. Sometimes, you might find that you can manage problems if they happen. In other instances, it might be wise not to use technology at all.

    A winning strategy is to practice extra care when deciding which data to digitize and make susceptible to interception. In fact, most measures to mitigate technology-related threats are not technical at all. Here are three suggestions:

    1. Decide carefully which data to digitize.
    2. Organize a detailed data security briefing with your IT staff or provider.
    3. Use existing resources, e.g., the responsible data forum, security in a box the digital first aid kit and Oxfam’s Responsible Program Data Policy.

    You can find more details on these tricks in other texts – for example, here, here and here.

    For now, dare to be alert! Make it a routine to recognize how the technologies you use could be attacked and lead to data harm. Detecting threats remains the best way to prevent them.

    Rahel Dette researches the benefits and risks that ICTs bring to the aid sector. At the Berlin-based Global Public Policy Institute (GPPi), she is currently working on Afghanistan, Somalia, South Sudan and Syria, where technologies can be the only way to obtain information from places that are otherwise inaccessible. Many thanks to Deea Ariana for her contributions to this post.

    Go to SourceReprinted from ICTWorks

    Related Posts

    • RISING voices: Haroon Sseguya, technology scaling specialist at the International Institute of Tropical Agriculture (IITA)RISING voices: Haroon Sseguya, technology scaling specialist at the International Institute of Tropical Agriculture (IITA)
    • Overrating the Value of InnovationOverrating the Value of Innovation
    • Is charity: water the Expedia of philanthropy?Is charity: water the Expedia of philanthropy?
    • Building applications in AzureBuilding applications in Azure
    • The Future of AngularJSThe Future of AngularJS
    • Introducing Internet-Based Services in the Mountain Areas of Nepal: An Asset Pentagon Perspective
    Sovrn
    Share

    Categories: ICT

    Tags: Cyber Threat Model

    Innovation Fueled by Experimentation Innovation’s New World Order

    Leave a Reply Cancel reply

    You must be logged in to post a comment.

Subscribe to our stories


 

Recent Posts

  • Entrepreneurial Alertness, Innovation Modes, And Business Models in Small- And Medium-Sized Enterprises December 30, 2021
  • The Strategic Role of Design in Driving Digital Innovation June 10, 2021
  • Correction to: Hybrid mosquitoes? Evidence from rural Tanzania on how local communities conceptualize and respond to modified mosquitoes as a tool for malaria control June 10, 2021
  • BRIEF FOCUS: Optimal spacing for groundnuts in smallholder farming systems June 9, 2021
  • COVID-19 pandemic: impacts on the achievements of Sustainable Development Goals in Africa June 9, 2021

Categories

Archives

Popular Post-All time

  • A review on biomass-based... 1k views
  • Can blockchain disrupt ge... 764 views
  • Apply Now: $500,000 for Y... 760 views
  • Prize-winning projects pr... 717 views
  • Test Your Value Propositi... 707 views

Recent Posts

  • Entrepreneurial Alertness, Innovation Modes, And Business Models in Small- And Medium-Sized Enterprises
  • The Strategic Role of Design in Driving Digital Innovation
  • Correction to: Hybrid mosquitoes? Evidence from rural Tanzania on how local communities conceptualize and respond to modified mosquitoes as a tool for malaria control
  • BRIEF FOCUS: Optimal spacing for groundnuts in smallholder farming systems
  • COVID-19 pandemic: impacts on the achievements of Sustainable Development Goals in Africa
  • Explicit knowledge networks and their relationship with productivity in SMEs
  • Intellectual property issues in artificial intelligence: specific reference to the service sector
  • Africa RISING publishes a livestock feed and forage production manual for Ethiopia
  • Transforming crop residues into a precious feed resource for small ruminants in northern Ghana
  • Photo report: West Africa project partners cap off 2020 with farmers field day events in Northern Ghana and Southern Mali

Tag Cloud

    africa African Agriculture Business Business model Business_Finance Company Crowdsourcing data Development East Africa economics Education Entrepreneur entrepreneurs Entrepreneurship ethiopia ghana Health_Medical_Pharma ict Information technology Innovation kenya knowledge Knowledge Management Leadership marketing mobile Mobile phone nigeria Open innovation Organization Research rwanda science Science and technology studies social enterprise social entrepreneurship south africa Strategic management strategy tanzania Technology Technology_Internet uganda

Categories

Archives

  • A review on biomass-based hydrogen production for renewable energy supply 1k views
  • Can blockchain disrupt gender inequality? 764 views
  • Apply Now: $500,000 for Your Big Data Innovations in Agriculture 760 views
  • Prize-winning projects promote healthier eating, smarter crop investments 717 views
  • Test Your Value Proposition: Supercharge Lean Startup and CustDev Principles 707 views

Copyright © 2005-2020 Innovation Africa Theme created by PWT. Powered by WordPress.org