Across the world, just as most of us began to get the sense over the summer that the ‘new abnormal’ was a great improvement and relief after the constraints and tragedies associated with lockdown, the unseen threat of COVID-19 infection is re-emerging to undermine our confidence that life as we once knew it not that long ago might resume some time soon.
Like the virus the cyber risks have not gone away, and are taking on new forms as cyber attacks are reaching old and new targets. CyberSec4Europe is working despite these challenging conditions to continue to protect European society.
Most of us, in Europe and beyond, are already enjoying a release from the months of lockdown that severely challenged our personal and professional lives, and caused immense anguish and suffering. Undoubtedly ‘social distancing’, a term that didn’t exist until recently, will continue to be our daily concern for a long time to come. Who could have imagined that a nose and mouth face mask would become a fashion item?
Like the virus the cyber risks have not gone away, but have taken on new forms as cyber attacks are reaching old and new targets. CyberSec4Europe is working despite these challenging conditions to continue to protect European society. Teams of researchers and application developers have been working frantically to tackle the unprecedented challenges, both personal and professional, that the pandemic has thrown up. The push to stop the virus spreading has stimulated numerous mentored hackathons and other initiatives seeking to find the best in class across a range of domains.
From a cybersecurity standpoint, the risks associated with enforced home working have taken on a new dimension and demand for quality personal data through surveillance and location data is presenting many serious privacy concerns. Today’s situation is like never before and the risks are on a far greater scale than ever previously imagined.
BUT unlike at any other time, we are united across Europe and the world in facing these problems with the best technology, expertise, networks and communication software. When we eventually emerge from our confinement, the world will be a different place, as will we: transformed and stronger through adversity.
In the meantime, on behalf of CyberSec4Europe: be secure, keep safe and stay well.
In The News
According to the World Economic Forum (WEF), the advanced digital society built by Estonia became a lifeline during COVID-19.
- Estonia built one of the world’s most advanced digital society long before the COVID-19 pandemic, providing services such as electronic voting, online learning in schools, digital bureaucracy and healthcare.
- When the coronavirus crisis struck, this investment paid off as Estonia’s digital public services continued mostly uninterrupted.
- Public-private partnership and trust in public institutions are the secret of Estonia’s success. Citizens embraced the digital revolution because it was transparent, fair and to the benefit of all.
In early March, Estonia declared a state of emergency, closed its borders and entered a full lockdown to stop the spread of COVID-19. But while other countries scrambled to deal with school closures and disruption to vital services, Estonia simply continued to use the thriving, resilient digital infrastructure it had spent decades developing. Digital classrooms, online teaching materials and a huge range of online public services were already in place. Even more crucially, Estonians knew how to access and use them.
During the lockdown, 99% of government services remained available online in Estonia. Some public services continued as before, because they were already online. Others were quickly adapted to the new situation. Estonia’s success is about much more than technological innovation. At the heart of its transformation lies trust in public institutions, and a belief among Estonian citizens that everyone will reap the rewards of technological progress. Such broad support has led to a digital revolution that holds lessons for countries everywhere, and offers inspiration for re-thinking public services for a more resilient future.
What’s Been Done
Just as the spread of the COVID-19 virus caught the world largely unprepared to have sufficient healthcare provision available, likewise the technology response to the wholly remarkable set of circumstances and challenges that have come in its wake. In the world of cybersecurity, we are also accustomed to the spread of viruses that can move even faster than this novel coronavirus and we have to have the mechanisms in place to both prevent outbreaks whenever possible but otherwise stem the impact.
HELIOS @AI4EU Web Café – “COVID-19 and Contact Tracing Apps”
15:00-16:00 CET, 23 June 2020
This Café session in a new multi-presenter format, organised by Carmen Mac Williams from Grassroot Arts, showcased exciting speakers from the current European ICT research projects AI4EU and HELIOS as well as guests.
EUvsVirus Hackathon and Matchathon
@EUvsVirus is a mission-driven initiative that has proven to be extremely efficient in our fight against this unexpected and world-changing challenges associated with coronavirus.
During the weekend of 24-26 April, EUvsVirus attracted 2,164 multi-disciplinary, multi-nationality teams with innovative solutions to a Hackathon, which then sparked the development of 1,960 new cross-European partnerships by matching the best 120 teams with 458 supportive partners from the public and private sectors throughout May during the Matchathon.
#EUvsVirus initiative held on Tuesday 2 June its Accomplishment Day and the Final Ceremony to share thoughts about how #EUvsVirus has helped the community get through coronavirus.
The Final Ceremony was in the presence of Commissioner Gabriel accompanied by Mike Butcher (Editor-at-Large of Techcrunch) and Juan de Antonio (founder of Cabify). It also included testimonials of people that have seen their lives transformed thanks to #EUvsVirus and was followed by live music during a ‘tapas’ party. Be part of the #EUvsVirus Community. !!
Beware the other virus! Latest novel cyber risks
- Numerous coronavirus domains have been created with the intention of luring unsuspecting and desperate citizens into buying face masks and home testing kits.
- An ongoing “massive” COVID-19-themed phishing campaign is attempting to install the NetSupport Manager remote access tool on Windows devices, according to a series of alerts from the Microsoft Security Intelligence team.
CyberSec4Europe Partner Response
CyberSec4Europe is continuing with the course of work outlined when we kicked off 15 months ago. But the Cybersecurity Competence Network should be ready to jump in if and when a new, unpredicted crisis occurs.
There is always room for improvement: most initiatives have not yet released source code or detailed technical specifications, but it is important to recognise – and if possible to take some comfort from – the cross-border collaboration that is taking place right now as a spontaneous human response to the crisis.
As an indication of the top priorities from a cybersecurity point of view that are under consideration when systems are being designed, here are some examples:
- privacy-by-design: not only on the application layer, but also the network layer below
- transparency: what is happening inside
- independent auditing: of code, deployment, design, etc
- anonymity: including changing IDs, etc
- no central entity to trust: neither private nor governmental
- interoperability: with other countries and approaches
- place of legislation: is any data leaving Europe?
To get to the point: we want to highlight the work CyberSec4Europe partners and others are doing to support and to help combat and manage the spread of the virus.
Cybernetica is working together with the DP-3T group of researchers to bring their privacy-preserving contact tracing app into Estonia. They have done the first government briefings and hope that Estonia will pick a privacy-preserving option that does not include building a surveillance system. The DP-3T members at EPFL, KU Leuven, UCL (and more) have been our research collaborators for years so we feel excited about the success probability.
* DP-3T is a Decentralised Privacy-Preserving Proximity Tracing system (see below)
DAWEX has launched the COVID-19 Data Exchange initiative, a privacy-respecting exchange platform of non-personal data essential for healthcare professionals and organisations who are at the front line in providing care, conducting research, ensuring transports and logistics of critical equipment, and saving lives. The COVID-19 Data Exchange initiative is a privacy-respecting exchange platform of non-personal data essential for healthcare professionals and organisations who are at the front line in providing care, conducting research, ensuring transports and logistics of critical equipment, and saving lives. A whole ecosystem participating in the exchange of data, and testing data anonymisation, encryption and other services being carried out in the pilot in the resolution of this crisis could contribute to the global effort to beat the virus and restrain its economic impacts.
The COVID-19 Data Exchange allows participants to securely source, publish and exchange non-personal data with public and private organisations from multiple sectors aiming at stopping the virus’s progression and its economic impact. The Data Exchange technology enables users to remain in full control of the data they share, with whom they share it, and to keep track of all data flows. The platform acts as a trusted third-party where users benefit from multiple governance features providing maximum security, traceability and confidentiality. Data is exchanged in full compliance with regulations, leveraging blockchain technology to ensure the integrity of licensing contract in private or open data mode. Only strictly vetted participants are granted access to the platform to ensure strict confidentiality and relevance of the data exchanges. To broadly open-up the platform access to the maximum of countries and avoid any infringement of respective privacy regulations, participants are not authorised to create data offerings containing personal data on the COVID-19 Data Exchange.
On the COVID-19 Data Exchange,
- Scientific communities can access vast amounts of data from all around the world, including data sources that are not easily available.
- Hospitals and other healthcare operations can have access to cutting-edge yet easy-to-use tools to publish and share field non-personal data with a large global community.
- Many other stakeholders having a direct impact on the resolution of this crisis can find and exchange valuable data. Amongst them are specialised equipment manufacturers and distributors, governmental agencies or public services, banks, insurance, retailers, transport and logistics organisations.
- Various types of non-personal data can be exchanged including, but not limited to, statistical data, research data, anonymised raw data, tests results, equipments sourcing and inventory data, social and sentiment data, and many other types of data (open data or private data).
Open & Agile Smart Cities (OASC) is now scouting operational digital solutions that effectively mitigate the impact of COVID-19 on our health care systems, the economy and society as a whole that support cities and communities to:
- share, integrate, visualise & analyse relevant data to tackle the spread of COVID-19
- offer citizens a digital platform to help each other and to connect to neighbours in need.
- mitigate the economic impact of the COVID-19 crisis.
- restore social activities and keep communal work and cohesion alive.
- manage, track or distribute vital human, medical, technical and other resources
The solutions will be showcased in the brand-new OASC Catalogue to be launched by the end of April, where other cities and communities can discover and reuse them.
If you are operating a solution that helps tackle the COVID-19 pandemic running (or planning to run) on OASC Minimal Interoperability Mechanisms or a suggestion for a joint project, please share with Open & Agile Smart Cities by filling in this form.
All data submitted will be stored and managed by Open & Agile Smart Cities. For any questions, please contact firstname.lastname@example.org
Decentralised Privacy-Preserving Proximity Tracing (DP-3T)
The Github repository contains a proposal for a secure and privacy-preserving decentralised privacy-preserving proximity tracing system. Its goal is to simplify and accelerate the process of identifying people who have been in contact with an infected person, thus providing a technological foundation to help slow the spread of the SARS-CoV-2 virus. The system aims to minimise privacy and security risks for individuals and communities and guarantee the highest level of data protection.
The team working on the project includes persons from EPFL, ETH Zurich, KU Leuven, TU Delft, University College London, CISPA, University of Oxford, TU Berlin / Fraunhofer HHI (and more), who have been our research collaborators for years so we feel excited about the probability of success.
Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT)
“A health crisis must not lead to a weakening of privacy that so many generations before us have fought for.”
PEPP-PT is a multinational initiative announced on 1 April 2020 to provide the complete framework for a digital tracing solution in full compliance with European privacy and data protection law. The intention is to help manage the COVID-19 outbreak in a socially, economically and humanly tolerable way. As the pandemic is spreading rapidly across Europe and around the world, the founders and members of the initiative believe that a social and economic collapse can only be
avoided if potential infection chains can swiftly be identified, and singular infection cases and their exposed contacts can quickly be isolated. Achieving this objective is essential for managing testing- and health-system-resources at maximum efficiency and, thus, to facilitate a restart of social and economic life.
The PEPP-PT team has members from the following countries: Austria, Belgium, Denmark, France, Germany, Italy, Switzerland and Spain.
“The virus has spread quickly and knows no political boundaries. To bring it under control, we must act in the same manner; speed and international cooperation are essential to protect health, privacy, and the economy.”
ECSO COVID-19 Cybersecurity Response Package
Based on a survey amongst its members, ECSO has published its COVID-19 Cybersecurity Response Package which includes rapid response initiatives, tools and services from ECSO members, partners and other stakeholders. This package will continue to be updated and disseminated through the ECSO website and social media channels as part of its Cyber Solidarity campaign.
GPA: Data protection and Coronavirus (COVID-19) resources
The Global Privacy Assembly (GPA) has published an online catalogue on its home page of the latest guidance and information from GPA members, data protection authorities and observers on data protection and COVID-19 from around the world.
“Over the course of the past few weeks, the global community of technologists, privacy experts, and epidemiologists has worked tirelessly towards a secure, privacy-first, GDPR-compliant, and open-source approach to enable globally compatible digital contact tracing.”
TCN (Temporary Contact Number) is a global coalition for privacy-first digital contact tracing protocols to fight COVID-19 which emerged on 5 April 2020. Their first and foremost goal is to get secure tracing apps running on billions of users’ devices globally — fast. The TCN Coalition’s easy-to-implement privacy-first protocol, agreed upon and reviewed by dozens of experts, is open-source, extensible, free of charge, and available for implementation immediately. The core of the protocol is a completely anonymous number which is generated to privately record interactions between compatible mobile devices without allowing them to be tracked.
The coalition urges all major technology companies, app developers and governments to implement apps compatible with this shared protocol. They welcome other groups engaged in similar efforts to join them and encourage any other contact tracing coalitions to adopt similarly secure privacy-first protocols.
More information on the TCN protocol is available on GitHub.
And on a lighter note …
Covid-19 has transformed every aspect of our lives, including our lexicon. The expression “social distancing”, for example, has gone from being a relatively unknown piece of academic jargon to something we hear multiple times a day (although the World Health Organization prefers “physical distancing”). Usage of the phrase “flattening the curve” has increased exponentially. The word “super-spreader” has also spread from mouth to mouth at a dizzying rate. “Face mask”, previously an indulgence at a spa day, is now the armour you should wear – in many countries – to buy groceries.
The crisis has also birthed new words.
- Covidiot (noun): someone who stockpiles toilet paper and flouts physical distancing rules to sunbathe in the park; alternatively, someone who goes to the park so they can take photos of people in the park and shame them for being in the park.
- Doomscrolling (verb): obsessively consuming depressing pandemic news, searching for whatever the opposite of a dopamine hit is.
- CovideoParty (noun): a virtual watching party.
- Quarantini (noun): an alcoholic beverage you sip at home. Experimental cocktails mixed from whatever random ingredients you have left in the house. The alcoholic equivalent of a store cupboard dinner. [For those interested in such matters, a quarantucci is a Negroni according to actor, Stanley Tucci]
Speaking of which, if it’s 6 o’clock (or later) in your lockdown, it could be time for a “locktail” at “wine o’clock” during lockdown, which seems to be creeping earlier with each passing week …
(Adapted from Arwa Mahdawi, The Guardian, 15 April 2020)
And there’s more – much more – given the time for creative word plays so many of us have had. When and where will it end?
- Coronacoaster: the ups and downs of your mood during the pandemic. You’re loving lockdown one minute but suddenly weepy with anxiety the next. It truly is “an emotional coronacoaster”.
- Blue Skype thinking: a work brainstorming session which takes place over a videoconferencing app. Such meetings might also be termed a “Zoomposium”. Naturally, they are to be avoided if at all possible.
- Le Creuset wrist: it’s the new “avocado hand” – an aching arm after taking one’s best saucepan outside to bang during the weekly ‘Clap For Carers.’ It might be heavy but you’re keen to impress the neighbours with your high-quality kitchenware.
- Coronials: as opposed to millennials, this refers to the future generation of babies conceived or born during coronavirus quarantine. They might also become known as “Generation C” or, more spookily, “Children of the Quarn”.
- Furlough Merlot: wine consumed in an attempt to relieve the frustration of not working. Also known as “bored-eaux” or “cabernet tedium”.
- Coronadose: an overdose of bad news from consuming too much media during a time of crisis. Can result in a “panicdemic”.
- The elephant in the Zoom: the glaring issue during a videoconferencing call that nobody feels able to mention. For example, one participant has dramatically put on weight, suddenly sprouted terrible facial hair or has a worryingly messy house visible in the background.
- Quentin Quarantino: an attention-seeker using their time in lockdown to make amateur films which they’re convinced are funnier and cleverer than they actually are.
- Covidiot or Wuhan-ker: one who ignores public health advice or behaves with reckless disregard for the safety of others can be said to display “covidiocy” or be “covidiotic”. Also called a “lockclown” or even a “Wuhan-ker”.
- Goutbreak: the sudden fear that you’ve consumed so much wine, cheese, home-made cake and chocolate in lockdown that your ankles are swelling up like a medieval king’s.
- Antisocial distancing: using health precautions as an excuse for snubbing neighbours and generally ignoring people you find irritating.
- Coughin’ dodger: (rhymes with coffin dodger …) someone so alarmed by an innocuous splutter or throat-clear that they back away in terror.
- Mask-ara: extra make-up applied to “make one’s eyes pop” before venturing out in public wearing a face mask.
- Covid-10: the 10lbs / 5kgs in weight that we’re all gaining from comfort-eating and comfort-drinking. Also known as “fattening the curve”.…and finally, finally: One sentence to sum up 2020, so far: at one point last month, 1 toilet roll was worth more than a barrel of crude oil!