The technology behind cybersecurity


You can’t talk about cybersecurity without talking about technology and when engaging with policymakers it’s helpful for human rights defenders to understand the basic concepts of this domain but from a technical perspective water security actually mean popular conceptions of cybersecurity often focus on securing information and it underlying infrastructure information is the lifeblood of cyberspace from personal data to high-level state communication it flows through networks in huge quantities and is stored on devices and data centers it is subject to voluntary standards but without a central authority and in a rapidly changing environment these can be subject to change in cyberspace information is digital and intangible but it relies on an infrastructure which is physical from cables to servers routers to satellite connections data and metadata in cyberspace can be vulnerable at different points and be undermined in different ways it can be copied modified or made inaccessible or its origin could be faked a violation of authenticity violations of confidentiality integrity availability and authenticity can have different culprits it might be criminal activity a deliberate shutdown by government or even an accident these violations can undermine security in cyberspace but they also impact a range of human rights including privacy freedom of expression and freedom of information.

The border gateway protocol or BGP illustrates this well this refers to the set of rules which enables communications between large networks despite its central role in the functioning of the Internet it remains vulnerable to misuse or attack for example in 2008 Pakistan’s government ordered a local internet service provider to block YouTube in the country its attempts to do so resulted in a global outage of the video sharing website for two hours the ISP did this by exploiting a weakness in the border gateway protocol so that all traffic trying to get to YouTube went to the ISP instead as a result YouTube became unavailable vulnerabilities in the BGP routes can also be manipulated to intercept Internet traffic man-in-the-middle attacks work by redirecting large quantities of traffic to an unauthorized router if the data is unencrypted those controlling the Rueter can then monitor or tamper with it before sending it on its way without the owner of the data knowing anything has happened.

This undermines the principles of integrity and confidentiality but just as you can undermine these principles you can also preserve and strengthen them at the internet Engineering Task Force measures are under discussion to address weaknesses in BGP if finalized they could help make sure data goes to and originates in the right places and identify whether data is traveling on the right routes this makes it less likely that traffic will be inadvertently intercepted or blocked and will help make sure confidentiality integrity and availability and the human rights which depend on them are respected on a technical level security can also be built into products and services by design Apple and whatsapp’s adoption of default end-to-end encryption is a good example other tools include SSL TLS encryption of emails and certificate pinning in browsers the stakes couldn’t be higher today the internet isn’t just a communications network it’s a network for industrial control systems health care and in some countries even voting as our alliance on networked systems and technology increases the risks associated with insecure networks also increase the Internet of Things is about to usher in a whole new universe of connected objects this will pose huge challenges for both security and human rights.

A big part of the solution is technical as we’ve seen but it’s not the whole picture let’s look again at the incident in Pakistan after a few hours YouTube was restored at the global level by a technical fix but in Pakistan itself the censorship order didn’t go away and YouTube remain blocked there until the offending content was removed this shows that technical solutions are not enough security in cyberspace will only be possible with a holistic approach which means robust technical measures and standards bolstered by rights respecting policies and laws responsible business practices and education

As found on Youtube

Privacy Preference Center