Proactive trusted transparency

Trust is not necessarily synonymous with cyber security, and this has been reiterated through the plethora of cyber breaches and data leakages that have been publicised in recent years. The lack of trust as it relates to allegations that organisations have wantonly sold, misappropriated or misdirected customers’ data without their knowledge or consent only exacerbates an already chronic issue.

In much the same way that realisation of the awesome and horrifying power of nuclear weapons preceded the establishment and ratification of the Non-Proliferation Treaty in the late 60s, so too must the dire consequences of a lacklustre and piecemeal approach to cyber security prompt an international move towards universal and heightened cyber security transparency

Recent news that Kaspersky Lab is opening a Transparency Centre in Madrid, which will serve as a trusted facility for the company’s partners and government stakeholders to check source code of the company’s products, is a commendable development. It offers third-parties an additional sense of security having been able to vet equipment before it is rolled out into their networks.

However, let us not forget that Kaspersky has been on a damage limitation drive for a couple of years now off the back of concerns raised by US federal authorities in 2017 that the company may have possible links to Russian security services.  Compounding the allegations were fears whether Kaspersky software, including its well-regarded antivirus programmes, contained back doors that could allow Russian intelligence access into computers on which it is running.

Kaspersky has vehemently denied all allegations that it has ever intentionally installed any vulnerabilities in its products and services for use by state agents, and at the time responded to the controversy by opening its first Transparency Centre in 2018 in Zurich.

In addition to being a code review facility, Kaspersky’s latest centre in Madrid will function as a briefing node where guests will be able to learn more about the company’s engineering and data processing practices.  The facility forms part of the Kaspersky’s Global Transparency Initiative – a set of measures being brought to life to fulfil growing demand from partners and government stakeholders for more information on how its products and technologies work.

In the time since the Kaspersky allegations were made, other major digital technology companies have similarly had their commitment to cyber security transparency questioned, and it is apparent that leaving self-assessment and redress of such issues to individual companies is a model that is not having the desired effect, at least not quickly enough.  

What is required is enforceable international oversight that is non-aligned, lobby-free and with private and public sector participation to proactively raise the level of transparency in the digital arena. Undoubtedly, there would be significant challenges in having digital technology power brokers such as the US, Russia, China and Europe sign up to an independent body charged with policing and enforcing acceptable standards of cyber security transparency in their respective geographies, though a way needs to be found to overcome this obstacle.

In much the same way that realisation of the awesome and horrifying power of nuclear weapons preceded the establishment and ratification of the Non-Proliferation Treaty in the late 60s, so too must the dire consequences of a lacklustre and piecemeal approach to cyber security prompt an international move towards universal and heightened cyber security transparency. For example, the UN’s Global Cyber Security Index, which was first published in 2015, is a step in the right direction, though a body empowered with the teeth to impose tough sanctions on nations’ and organisations’ non-compliance to defined cyber security transparency standards is necessary.

0 comments ↓

There are no comments yet...Kick things off by filling out the form below.

Leave a Comment