As the digitalization of society and economy is progressing, global cybersecurity efforts are increasing accordingly. Cybersecurity plays a dual role as it aims protecting humans from cyber threats but at the same time introduces new issues for sustainable human development. Some of the key challenges relate to hacking for undermining democratic societies and value conflicts between cybersecurity and protecting privacy. The “Lectures for Future” series addressing the most pressing societal and ecological challenges, a lecture series with guest lecturers from multiple universities and research institutions, has taken up some of the sustainability challenges with cybersecurity in a lecture held by Dr. Alexander Novotny of the Sustainable Computing Lab.
Here is a short summary of the lecture:
Its worthwhile to have a closer look on how cybersecurity can contribute to human development sustainably. The United Nations have issued sustainable development goals that provide a framework for defining in which dimensions the global society needs to develop sustainably, including “good-health and well-being”, “quality education” for everyone, prospering “industry, innovation and infrastructure” as well as assured “peace, justice and strong institutions”. Which impact do recent developments in the cybersecurity landscape have on these dimensions? Can they foster sustainable human development, or do they impose new threats?
In the 2016 and the current U.S. presidential elections fake news, disinformation in the social media and cyber hacking efforts have been playing an increasingly crucial role to turn the tipping point of public opinion. Disinformation is information that is factually false or intended to be highly misleading and of which the originator believes it to be false or misleading but states the information as if it were true. Disinformation has the intention to manipulate the opinion of recipients. For spreading disinformation, Botnets, troll factories, fake online groups, fake emails, the evasion and poisoning of artificial intelligence engines with fake input data such as used in search engines have been proved to be handy strategies for hackers. In the social media, platform operators try to identify disinformation by moderating content following internal content policies with mixed success. But internal policies defined by private companies are withdrawn from public and judicial review and supervision. This lack of transparency over content moderation practices in the social media form part of the problem of dealing with disinformation. The impact of disinformation in the social media may be even worse in developing countries, where the education and media competence of users tends to be lower than in developed countries.
Against these cyber threats, nation states and large institutions increasingly employ advanced cybersecurity protection systems, that intelligently correlate user activity with multiple sources of information to timely detect threats. Intelligent systems for security incident and event management (SIEM), cloud security access brokers (CSAB), intelligent traffic-inspecting next-generation firewalls and identity and access management (IAM) systems fall into this category. Advanced cybersecurity protection systems may be sustainably practical to reduce cybercrime and protect control systems steering the critical infrastructure such as these providing us with clean drinking water, uninterrupted supply of electricity and functioning medical equipment in hospitals. But the analysis of user behavior and the inspection of online traffic by automated systems also comes with the risk of increased surveillance and a reduced level of privacy.
Key to protecting the privacy of users in advanced cybersecurity protection systems is a technology that is called tokenization, basically exchanging the true identity of a user for a random token number and securely keeping the mapping of the token to the user at a so-called trusted party thereby providing pseudonymity. As such, only the trusted record-keeper is able to re-identify a user and his or her behavior. But whom can we trust to keep that records? State actors or private companies, who both have a strong interest in applying intelligent cybersecurity protection systems? With these technologies in place, Internet users may have a constant feeling of being surveilled, remarkably similar to Jeremy Bentham’s panopticon, thus threating their well-being in the long run. Only guaranteeing true anonymity instead of reversible pseudonymity could be a more sustainable way of dealing with this type of protection.
Cybersecurity can be a powerful enabler of digitalization and support sustainable human development. If we miss out on considering and reconciling cybersecurity with human values such as well-being, truth and privacy, we run the risk of undermining sustainable development goals including strong democratic institutions”, quality education for everyone and a prospering, innovative industry.
The full lecture can be watched here: