I recently had the pleasure of attending the ITU’s Telecom World 2011 event, where the great and the good from governments and the industry met to discuss issues such as providing affordable broadband to the unconnected, and how information and communication technology can be used to create “smart cities” which will improve the quality of life of those living in urban areas.
But one of the most critical topics discussed at the event was how the increased reach and power of communications technologies makes it vitally important to address the issue of “cyber security.” Speaking exclusively to Mobile Business Briefing, Hamadoun Toure, secretary general of the ITU, warned that “when we talk about the right to communicate, that is the right to communicate securely.”
This will be especially important as mobile increasingly becomes a primary tool in connecting more and more users to the internet. As Toure said: “we are really proud that today the world has over 5.6 billion users of mobile communications, and we hope that those mobile devices will become broadband devices.”
A recent report from Georgia Tech Information Security Center highlighted a number of issues with mobile devices in its Emerging Cyber Threats Report 2012, warning that: “mobile applications are increasingly reliant on the browser. As a result, we expect more web-based attacks against mobile devices to be launched in the coming year.”
The report notes a number of unique challenges presented by the mobile device, such as the small screen size and the fact that many browsers hide the URL of the site visited after a short time, which make it difficult to detect fraudulent websites. In addition, unlike desktop computers, mobile devices often do not receive security updates. And the increasingly computer-like capabilities of smartphones also make them a more appealing target to miscreants.
But Toure also highlighted the complexity of tackling the cyber security problem. “When we talk about cyber security, we need to make sure that all stakeholders are involved, because everyone has something to do down the road. We believe that governments have a role to play, the private sector – operators and manufacturers of equipment, software makers – they all have a role. And not to forget the most important part, which is the users. They have a role to play in this, so they need to be consulted.”
In addition to which, the fact that cyber threats are not confined by the borders of a country means that governments, regulators, and other ecosystem participants need to work together to deliver an internationally harmonised roadmap to deal with the issue – which is easier said than done. “We believe that there are ways and means to approach this, but unfortunately there are major differences in terms of ethical approaches to this, which makes it difficult to come to a global agreement,” Toure said.
With such a complex landscape in play, it is perhaps not immediately obvious how the operator fits in. But as connectivity provider between diverse handsets and the wild, unpoliced world of the internet, the operator can actually play a central role, building on their position as trusted connectivity partner.
Most significantly, the operator has a detailed view of the traffic passing through their network, putting them in an ideal position to detect and prevent potential attacks. This approach also means that customers will be safeguarded regardless of whether their device – be it a handset, tablet or computer – is up-to-date in terms of security patches.
But there is a balance in the way in which traffic can be monitored: as the BT/Phorm scandal in the UK demonstrated, should customers or regulators feel a line has been crossed and privacy conventions breached, the response is likely to be vocal to say the least. And as RIM’s protracted discussion with many governments have shown, sometimes different stakeholders have very different views of the security landscape.
While Toure was clear in his discussion of the issues with creating an international framework to address cyber security, his assessment of what may be at stake was equally unequivocal. “The next world war will take place in cyberspace, if not, it will start there. You can define the level of tension between two countries by looking at the level of cyber threats between them. And the best way to win a war is to avoid it in the first place.”
The editorial views expressed in this article are solely those of the author(s) and will not necessarily reflect the views of the GSMA, its Members or Associate Members