Threat models can make ICT4D more secure and safe to use. In computer science, “threat modeling” is the approach of playing through attacks and hacks ahead of time. Being alert to digital risks can help prevent data breaches and devastating damage – also in the aid sector.
Digital Risks Are Real
Data horror stories are all over the news today: companies lose staff and client data, banks lose money, governments expose civilians, security firms are compromised and hackers, too, get hacked.
Such “cyber threats” are just as real and risky in aid and ICT4D. What is costly or inconvenient for businesses, however, could lead to lethal consequences in conflict and disaster settings.
Perks and Perils
ICT4D is, without doubt, transformative. Smartphones, software and computing power connect the previously unconnected, speed up surveying and help save data from its death on printed PDFs in dusty drawers.
But in the wrong hands, maps with the exact location of vulnerable people, routes of aid trucks and records of a person’s health levels provide playbooks for harm. Imagine the damage an armed organization could do knowing exactly when and where a hungry person receives food. In digital form, this type of information is susceptible to interception, often without being noticed.
If we don’t become more careful, the data that helps us plan and monitor our work might help others implement attacks that are entirely at odds with our intentions.
Data Risks in Aid
Warnings for ICT4D data damage abound – we just have to start looking: Online maps put people into hospitals. Online platforms expose defenseless people. The improving aid information landscape also “aids” surveillance.
ICT devices themselves can create problems. Local authorities can become suspicious, sometimes banning phones and Internet and consequently access to aid workers who use those tools. Our research found incidents of people being targeted and killed when seen with smartphones.
In another scenario, if a woman reports physical abuse with a mobile phone her husband uses, too, more bad than good could happen. Similarly, data leaks revealing sensitive aid details to local communities can create stigma and harm or ostracize groups and individuals.
Meanwhile, aid data security often is abhorrent. We use easy-to-crack passwords for multiple accounts or keep them on sticky notes next to our computers. We send sensitive documents through the web like open postcards, i.e. unencrypted. We even circumvent the digital restrictions our IT teams put in place if they are inconvenient.
In stark contrast, our adversaries grow increasingly cyber-savvy: governments worldwide bring their malware usage to perfection and organized armed groups, e.g., ISIS, cyber-arm themselves.
No Cyber Strategy in the Aid Sector
The ICT4D community is quick to recognize privacy concerns, but we drop them all too frequently; other priorities, deemed more urgent, push digital security aside. It does not help that solutions seem to be hidden behind complicated code and cryptic binary. Digital security is difficult for everyone. But even if technology-related threats can be hard to understand, we cannot afford to overlook them.
It is contradictory that human rights, development and humanitarian action lack standards and risk awareness when it comes to working with technologies. The aid sector is well-equipped with norms and guidelines as well as aid staff who are well-attuned to ethics.
These principles and values need to be translated into our use of ICT. The sector that is working hard to “do no harm” should go the extra mile to “do no digital harm” either. Our first step should be threat modeling.
Copying Computer Scientists: Threat Models
When software designers review the tools they build, threat models help them to ask the hard questions. What assets, i.e., sensitive information, does my technology handle? Who might want to attack it? What gaps or loopholes could attackers use?
Putting these risk factors together, they are able to evaluate the likelihood of different threats and how they can respond to them:
- Accept the risk;
- Mitigate it technically, or transfer it; or
- Avoid it by scrapping the software project altogether.
In other words, threat models make computer security more proactive and resilient. They increase awareness and preparedness, which – as aid workers know all too well – improves decision-making if and when worst-case scenarios occur.
Your Own ICT4D Threat Modeling Exercise
The next time you plan or discuss an ICT4D project, play through the worst possible scenario and decide ahead of time how to react. Ask yourself these questions:
- Assets: Where do you store sensitive and valuable information?
- Adversaries: Who might want to access and abuse this data?
- Attacks: How could these adversaries get, steal or compromise the data?
Your reaction and response will depend on your project and context. Sometimes, you might find that you can manage problems if they happen. In other instances, it might be wise not to use technology at all.
A winning strategy is to practice extra care when deciding which data to digitize and make susceptible to interception. In fact, most measures to mitigate technology-related threats are not technical at all. Here are three suggestions:
- Decide carefully which data to digitize.
- Organize a detailed data security briefing with your IT staff or provider.
- Use existing resources, e.g., the responsible data forum, security in a box the digital first aid kit and Oxfam’s Responsible Program Data Policy.
You can find more details on these tricks in other texts – for example, here, here and here.
For now, dare to be alert! Make it a routine to recognize how the technologies you use could be attacked and lead to data harm. Detecting threats remains the best way to prevent them.
Rahel Dette researches the benefits and risks that ICTs bring to the aid sector. At the Berlin-based Global Public Policy Institute (GPPi), she is currently working on Afghanistan, Somalia, South Sudan and Syria, where technologies can be the only way to obtain information from places that are otherwise inaccessible. Many thanks to Deea Ariana for her contributions to this post.
Great article – this is a common pain point for me, with both an ICT4D and an information security background. It’s timely too – another resource to look at is SAFETAG (https://safetag.org/), which is a security auditing framework we’ve developed at Internews to meet NGOs where they are – I just posted a Medium article walking through it here: https://medium.com/local-voices-global-change/meet-safetag-helping-non-profits-focus-on-digital-security-6dec65b75d8a#.on9i8kc3a