G20 Magazine, September 2013

The International Cyber Security Protection Alliance (ICSPA) – a global, business-led, not- for-profit alliance – is calling on governments interested in providing a safer and more secure cyber future for their citizens and business communities to fund programmes, projects and activities that will seek to ensure that their internet users are ‘cyberfit’, and able to meet the constantly evolving challenges brought about by the inexorable growth in online criminality.

Business led the way by establishing ICSPA in July 2011. As its chief executive, I would like to make the case in this article for international financial support from governments in order to accelerate the execution of its mission – to reduce the harm from cyber criminality globally by working with governments, law enforcement agencies and businesses to provide sustainable solutions in the fight against cybercrime.

Fighting cybercrime together

Thirty-nine countries from the EU and elsewhere have either ratified or acceded to the Budapest Convention on Cybercrime. Many more governments around the world understand the significant economic and social benefits that the internet delivers to their citizens and businesses. Equally, these same governments recognise the absolute priority they must give to fighting cybercrime and to developing strong cyber defences.

My assertion is that acting collaboratively to fund programmes of work to deliver benefits back to citizens, and help small and medium-sized business communities better defend themselves against cyber threats, will provide the boost that economies desperately need to break out of this decade of austerity.

The return on investment to governments that decide to resource these programmes of work would be measurable and sustainable. Citizens would benefit directly and small businesses, the bedrock of many national economies, would be better able to protect their intellectual property and promote the creation of new business opportunities and jobs.

Imagine what we could achieve together, if 39 countries each donated one million euros per annum for the next five years to a collaborative fight against cybercrime. By directing funding that would be used to carry out programmes of activities designed specifically to deliver benefits to citizens and small businesses, savings would be generated far in excess of these amounts by reducing the opportunity for cyber criminality.

If countries really care about making a step-change in the ability of internet users to become more safe and secure online, they should act now and support this initiative. It is an initiative that will help citizens understand what they need to do in order to become more secure, while learning to accept some personal responsibility for securing their home networks and devices. These programmes of work are not just about raising awareness, although education and training are vitally important to all. The projects will be extensive in their scope and reach, but all designed with one purpose: to reduce the harm from cybercrime to the most vulnerable citizens and business communities.

Getting CyberFit for 2020

Getting CyberFit for 2020 – an initiative of ICSPA – is an international imperative that governments can no longer ignore.

By collaborating and sharing information, knowledge and good practices, donor governments, law enforcement agencies, businesses and academia can work

together within an expanded ICSPA community to ensure that public funds will be put to agreed projects that will deliver tangible results right back to those countries that have supported the programme.

Examples of cyberfit projects that could be deployed nationally across many countries in many languages, which have passed
the ICSPA concept stage and are ready for development, are as follows:
• Cyber-awareness apps for adults and cybergames for children and young people. The cyber apps are designed to alert users to new threats and scams and to help them clean up their devices. The games for children will be in a range of formats that are designed to be fun and engaging, while teaching our most vulnerable citizens how they can stay safe online.

By the time they progress through these games and start to use the adult apps, they will be ‘cyberfit’ for adulthood.

• CyberBridge – a collaborative business case between the ICSPA and the City of London Police in England, which is designed to clean up the estimated 5.5 million infected IP addresses in the UK that are mostly in the hands of domestic broadband users. These mainly Trojan-infected devices are causing significant financial losses to online retailers and banks.

• CyberFit for Business – a series of awareness, educational and training packages designed for small and medium- sized business communities to ensure that they are optimising their cyber defences. Assistance programmes include online training modules, cyber-assistance call centres, and visits by properly qualified and certified internet security specialists to provide direct support if required.

• CyberFit for Citizens – awareness, education and training programmes coupled with marketing and communications activities, designed to help citizens understand online threats and scams and give them the training and tools to ensure that they are able to help themselves become safer and more secure online. The thrust of these programmes would be to ensure that citizens understand the great value the internet delivers, while helping them accept that they must take some personal responsibility for being ‘good cyber citizens’;

• GetSafeOnline – an existing educational resource for citizens in the UK, with similar websites and resources in other countries, that could be harmonised and adapted to suit local languages and cultures throughout supporting countries.

• Project Aurora – designed to provide consultancy to countries that require a cyber health check and audit of their existing programmes and infrastructures. It is designed to result in a fully costed project plan and business case that would provide governments with a road map to a more cyber-resilient future.

• Cybercrime impact studies – conducted already in Canada and designed to provide governments with an independent assessment of the scope and nature of cybercrime targeted against its business communities. The results are used to help policymakers in government and to support law enforcement and business communities decide where best to channel hard-earned resources.

• Establishing ICSPA business hubs internationally – designed to create public- and private-sector engagement
for local and national projects to fight cybercrime. Each donating country would be provided with an ICSPA presence to coordinate the programmes and projects that were being undertaken and to liaise with stakeholders to ensure the successful execution of national programmes of work.

Clearly, there will be other projects that will come to fruition, but focus is imperative and the harnessing of global expertise to provide best-of-breed solutions that work is where all energies should be deployed.

Getting CyberFit for 2020 is an independent ICSPA initiative aimed at delivering value to citizens and business communities. It is void of politics and inspired by the recognition over many years that together we must implement cyber programmes that will help citizens to become more productive online and when using their mobile devices, while ensuring that they remain safe and secure when doing so.  No one government can take the lead on this. Leadership is essential, but countries that need help do not want it thrust upon them by a country that may think it has the answers.

Everyone knows that all need to work collaboratively to fight this global phenomenon – world leaders know that, business leaders do it every day and citizens simply marvel at the speed at which they can be compromised online while carrying out the most fundamental tasks.

Working collaboratively

Some countries report falling crime figures, yet everyone knows that the criminals haven’t packed up and gone home. The truth is that very well-organised criminal groups are now concentrating and directing
their exploits and activities at a much wider audience – reaching millions of citizens online at the touch of a keyboard. They are making millions of dollars every week without much prospect of getting caught, and when they do, they spend very little time behind bars. But let us be honest – there will never be enough law enforcement officers in the world to investigate and bring to justice all online criminals. All citizens need to recognise this fact and governments need to be truthful about it.

The final argument in favour of establishing this government-funded work is that there exists a more sinister outcome to the continued growth in cyber criminality. While citizens are generally reimbursed for their losses by online retailers and banks that want to avoid negative publicity, the funds and proceeds of crime amassed by criminal groups are reinvested by them to create real, physical harm in all societies. Online proceeds may be used to fund people trafficking, gun crime, illegal drug smuggling and paedophilia. The proceeds may also fund terrorist planning and operations.

The need to become more diligent

So long as citizens fail to recognise the link between their (temporary) financial loss and harmful criminal activity downstream, they will continue not to care about their personal cyber hygiene. Because it is not hurting them personally, they will continue to ignore messages that implore them to be more diligent about their online safety and security.

Communications programmes that are designed to bring about the needed changes in the attitude and behaviour of citizens will require the very best creative talents that exist in order to make the impact that we all need and desire. Harmonising these programmes across a number of countries, reaching out to all cultures and faiths, and recognising the powerful effect that well- known brands have on people and their children is just the sort of thinking that
it is necessary to harness and encourage if we are to succeed in the objective of becoming CyberFit for 2020.

G20 Magazine, September 2013