Check out the podcast on our YouTube channel here
April in the UK was spent entirely in lockdown. As a result, this is the second vlog we’ve had to record over Skype – COVID-19 once again dominated proceedings. The effects of the pandemic on the global level have become clearer in the last month. The economic hit will be massive: the Bank of England has forecast a 25% contraction of the UK economy in this quarter. Socially we are in for the long haul with social distancing expected to be maintained for some time despite the lifting of lockdown restrictions in many countries. And psychologically we are yet to see how this devastating pandemic plays out.
In this month’s vlog, we look at many issues directly related to COVID-19 as well as those that are simply being affected by it. We begin with an exploration of the threats to national critical infrastructure at this time, informed by the deep dive report we released recently (available to download here). This is followed by a look at the problems of misinformation, alternative facts, and the ways in which citizens can protect themselves: is this really their responsibility or does this fall under the purview of governments and the media? And talking of governments, how far are we willing to let them go in their oversight of us? Are we giving them too much leeway or is this a Luddite response to a natural solution to the problem of pandemic protection? Finally, we explore the way in which the reporting of certain things can have significant effects on the way they are perceived by the public. We specifically look at Zoom and many outlet’s assertions that the numerous bugs found in the conferencing platform make it unfit for purpose – which another of our recent pieces roundly disputes.
National critical infrastructure – what were the issues
We began with a look at the cyber threats to national critical infrastructure – water, power, transport, etc. – through the lens of our in-depth report on this issue. Crucially, what comes to light, is the fact that this is not just a nation-state problem, with governments being targeted by state-level threat actors. In fact, what we have seen during the COVID-19 pandemic, is a focussing of the cybercriminal mind, across the board, towards these main sectors of the economy. Everything from governments and large organisations, to smaller businesses and relatively unimportant administrative sites have been subject to malicious targeting, with minor groups and less-skilled threat actors also getting in on the act.
Risks outlined in our report encompass the full gamut of threats from APT incursions into sensitive systems to fraud and phishing scams. As noted by Ian in the vlog, financial fraud scams have now been elevated to a point of high severity given the major financial aid programmes being undertaken in the UK, US, and elsewhere. As has been noted elsewhere, however, there has not been an increase overall in malicious activity. In fact, cybercriminals have simply geared all their energies towards coronavirus-related attacks.
One of these forms of attack is, of course, the dissemination of misinformation. This takes many forms and, usually, does not have a significant impact in the ‘real world’. But recent attacks on 5G masts have illustrated that fringe theories and crackpot ideas can take hold when they become normalised. The claim that 5G causes health problems has been around for years, but the spread of COVID-19 across the world gave it new focus – and impetus. Fringe ideas resulting in property damage and arson is a serious issue. But misinformation campaigns about how coronavirus spreads, the likelihood of catching it, and the effectiveness of certain forms of medication, are potentially life-threatening.
As we have seen in the US, people are more than willing to go against the government’s advice if they believe they have been put in an uncomfortable position against their will. Couple this with hundreds of coronavirus conspiracy articles online and a dangerous and toxic public realm is likely to result. Following on from this, the reaction from administrations in the US and elsewhere has been to double down on their messaging and become increasingly unwilling to engage with legitimate criticism of lockdowns and their responses to COVID-19. Sadly, as noted by Tristan in the vlog, this “deep dark well of nonsense” is more likely to be latched onto by people who are already under severe strain as a result of lockdown, than a discussion about the relative issues with the scientific data or governments’ policy failures over the last four months.
Evidently governments have a duty of care to their citizens to inform them as best they can and efficiently police the spread of damaging misinformation. But is it also incumbent upon the individual to educate themselves? The answer we decisively came to in the vlog is, ‘sort of’. People browsing the internet should by now, be aware that fraudsters are out to get their data and malicious actors are looking to influence them. But well-orchestrated, designed, and disseminated campaigns make it more likely than ever that recipients will open an email attachment or click a phishing link. So then the levers of the state, alongside traditional and social media outlets, may have to step in to either tackle the threat at source or publish information about it so as to help people protect themselves. Once truth becomes debatable, however, and ‘alternative facts’ are introduced, even this does not guarantee the security of the individual online.
Tracking the population
One way to potentially protect citizens offline, however, is with testing, tracking, and tracing. The use of apps to monitor sick peoples’ whereabouts and the publishing of alerts to others who may have been in contact with them has worked effectively in South Korea. Now, the UK government has introduced an NHS app to help with tracing those people who may be harbouring coronavirus and infecting others. Currently, it has been rolled out on the Isle of Wight, but it is scheduled to be released country-wide in the near future.
In a pre-pandemic time, the government suggesting that UK citizens download an app that would give the administration visibility on there whereabouts would have been unimaginable. In May 2020, however, it is perfectly feasible. This does not mean that everyone is happy about it. Many are keen to resist what they see as anti-democratic, governmental overreach. Big government and strong action are clearly necessary to fight this pandemic, but has enough thought been put into what happens to these invasive powers after (if) we have beaten COVID-19? Ian suggests the presence of ethicists on legislative bodies could help in this regard.
Media coverage so far- responsible or reprehensible?
Finally, we turned to the need for responsible coverage, not just of stories specifically pertaining to COVID-19, but also of the products being used at this time and the dangers that may be present in them. Zoom is the perfect test case for this because it remains one of the most popular apps of the pandemic period and has seen such monumental growth in the first four months of 2020. As a result of the exponential rise in its popularity, the app came under serious scrutiny from the media and cybersecurity professionals, alike. This threw up many bugs that were jumped on by journalists keen to cover something that wasn’t coronavirus.
Under normal circumstances, there is a responsible disclosure process for vulnerabilities in products. This timeline can be as long as 90 days. Zoom, however, was thrown to the court of public opinion and denounced by governments, for issues that, in many cases, were not as serious as they were made out to be. It is understandable that journalists wanted another story, but cybersecurity professionals could have been better at not throwing Zoom under the bus.