Security risk management for humanitarian operations and open-source social media platforms

In recent years, most humanitarian organisations have established a strong online presence, using social media platforms for information sharing, awareness-raising, and civil mobilisation. Until recently, however, the use of e-tools for programming purposes has been of a fairly ad hoc, reactive nature. There are growing concerns in the humanitarian sector about the security procedures, or lack thereof, accompanying the use of communications technology and open source platforms for aid delivery.

Notable advances in this field include the use of crowdsourcing tools to coordinate local and international humanitarian responses. This was seen in the Philippines in November 2013, in the direct aftermath of Typhoon Haiyan. The use of satellite imagery and other data, analysed online by volunteers, generated interactive maps that provided relief agencies with continually updated information about the disaster. Such projects have benefitted from the increasing popularity of social networks like Twitter and Facebook, as well as the prevalence of mobile phones.

Nevertheless, Patrick Meier from iRevolution has forecast that if security measures do not keep pace with such growing digital trends, then ‘open data … during disasters [will be] used by tech-savvy criminals to further their own ends’. Use of such data may not be limited to ‘tech-savvy criminals’; any actors with the right technological capabilities have the capacity to target vulnerable data systems. This becomes increasingly worrying when considering the extremely sensitive information which humanitarian organisations possess, such as the personal and biometric data of staff, refugees, staff movements and intended operations in contested areas. For instance, although most of the malware attacks of the Syrian Electronic Army have so far been aimed at opposition groups, the report Quantum of Surveillance found they also target NGOs, allegedly gathering intelligence that could help the Assad regime guide raids, attacks and arrests.

This demonstrates that open-source platforms can be used for hacking purposes and deeper infiltration into humanitarian systems. As previously mentioned, militant groups have reportedly used social media to plant malware intended to hack computer and information databases, and some NGOs have also faced virtual ‘attacks’ on their social media pages. Without a pre-formulated strategy to deal with these attacks, communications departments are naturally unsure about how they should react or engage with such groups on a public platform. Some security management training courses have integrated social media strategies into their programmes, including how to engage with hostile comments, but this has not yet become a mainstream policy consideration.

With the increased use of open-source platforms to coordinate humanitarian responses, concerns about the vulnerability of such information are rising. Elizabeth Ferris, from the Brookings Institute, claims that the ‘potential for even more deliberate and far-reaching attacks is clear’, especially given that there does not seem to be a robust security approach to protecting humanitarian computer systems.

SOURCES:

Humanitarianism in the Age of Context, Andrej Verity, 07 November 2014,
http://blog.veritythink.com/post/66264370324/humanitarianism-in-the-age-of-context

Crowdsourcing goes mainstream in typhoon response, Declan Butler, 20 November 2013, http://www.nature.com/news/crowdsourcing-goes-mainstream-in-typhoon-response-1.14186

Humanitarian Response in2025, Patrick Meier, iRevolution, 03 December 2014, http://irevolution.net/2013/12/03/humanitarian-response-in-2025/

Massacre Claim Shakes Iraq, Rod Nordland and Alissa J. Rubin, 15 June 2014, http://www.nytimes.com/2014/06/16/world/middleeast/iraq.html

How ISIS Games Twitter, JM Berger, The Atlantic, 16 June 2014, http://www.theatlantic.com/international/archive/2014/06/isis-iraq-twitter-social-media-strategy/372856/

How Isis is spreading its message online, Faisal Irshaid, BBC Online, 19 June 2014, http://www.bbc.co.uk/news/world-middle-east-27912569

Iraq conflict spills onto Australian social media, Natalie O’Brien and Leila Abdallah, 21 June 2014, http://www.smh.com.au/national/people/iraq-conflict-spills-onto-australian-social-media-20140621-zsh8c.html

Jihad Trending: A Comprehensive Analysis of Online Extremism and How to Counter it, Ghaffar Hussain and Dr Erin Marie Saltman, Quilliam Foundation, 13 May 2014, http://www.quilliamfoundation.org/free-publications/

Quantum of Surveillance: Familiar Actors and Possible False Flags in Syrian Malware Campaigns, Marquis-Boire, M., John Scott-Railton, J., Galperin, E., Electronic Frontier Foundation, https://www.eff.org/document/quantum-surveillance-familiar-actors-and-possible-false-flags-syrian-malware-campaigns

Social Engineering and Malware in Syria: EFF and Citizen Lab’s Latest Report on the Digital Battlefield, EFF, 23 December 2013, https://www.eff.org/deeplinks/2013/12/social-engineering-and-malware-syria-eff-and-citizen-labs-latest-report-digital

In Syria’s Civil War, Facebook Has Become a Battlefield, Kevin Poulson, 23 December 2013, http://www.wired.com/2013/12/syria-report/

Why Humanitarians Should Pay Attention to Cybersecurity, Elizabeth Ferris, The Brookings Institute, 02 June 2014, http://www.brookings.edu/blogs/up-front/posts/2014/06/02-cybersecurity-humanitarians-ferris

Background Reading

Wendling, C., Radisch, J. and Jacobzone, S. (2013), “The Useof Social Media in Risk and Crisis Communication”, OECD Working Papers on Public Governance, No. 25, OECD Publishing, http://observgo.uquebec.ca/observgo/fichiers/43799_5k3v01fskp9s-2.pdf

Managing the message: Communication and media management in a security crisis, Davidson, S., European Interagency Security Forum, October 2014, http://eisf.helpful.ws/resources/item/?d=7699

Related: