Just as the spread of the COVID-19 virus caught the world largely unprepared to have sufficient healthcare provision available, likewise the technology response to the wholly remarkable set of circumstances and challenges that have come in its wake. In the world of cybersecurity, we are also accustomed to the spread of viruses that can move even faster than this novel coronavirus and we have to have the mechanisms in place to both prevent outbreaks whenever possible but otherwise stem the impact.
Beware the other virus! Latest novel cyber risks
- Numerous coronavirus domains have been created with the intention of luring unsuspecting and desperate citizens into buying face masks and home testing kits.
- An ongoing “massive” COVID-19-themed phishing campaign is attempting to install the NetSupport Manager remote access tool on Windows devices, according to a series of alerts from the Microsoft Security Intelligence team.
CyberSec4Europe Partner Response
CyberSec4Europe is continuing with the course of work outlined when we kicked off 15 months ago. But the Cybersecurity Competence Network should be ready to jump in if and when a new, unpredicted crisis occurs.
There is always room for improvement: most initiatives have not yet released source code or detailed technical specifications, but it is important to recognise – and if possible to take some comfort from – the cross-border collaboration that is taking place right now as a spontaneous human response to the crisis.
As an indication of the top priorities from a cybersecurity point of view that are under consideration when systems are being designed, here are some examples:
- privacy-by-design: not only on the application layer, but also the network layer below
- transparency: what is happening inside
- independent auditing: of code, deployment, design, etc
- anonymity: including changing IDs, etc
- no central entity to trust: neither private nor governmental
- interoperability: with other countries and approaches
- place of legislation: is any data leaving Europe?
To get to the point: we want to highlight the work CyberSec4Europe partners and others are doing to support and to help combat and manage the spread of the virus.
Cybernetica is working together with the DP-3T group of researchers to bring their privacy-preserving contact tracing app into Estonia. They have done the first government briefings and hope that Estonia will pick a privacy-preserving option that does not include building a surveillance system. The DP-3T members at EPFL, KU Leuven, UCL (and more) have been our research collaborators for years so we feel excited about the success probability.
* DP-3T is a Decentralised Privacy-Preserving Proximity Tracing system (see below)
DAWEX has launched the COVID-19 Data Exchange initiative, a privacy-respecting exchange platform of non-personal data essential for healthcare professionals and organisations who are at the front line in providing care, conducting research, ensuring transports and logistics of critical equipment, and saving lives. The COVID-19 Data Exchange initiative is a privacy-respecting exchange platform of non-personal data essential for healthcare professionals and organisations who are at the front line in providing care, conducting research, ensuring transports and logistics of critical equipment, and saving lives. A whole ecosystem participating in the exchange of data, and testing data anonymisation, encryption and other services being carried out in the pilot in the resolution of this crisis could contribute to the global effort to beat the virus and restrain its economic impacts.
The COVID-19 Data Exchange allows participants to securely source, publish and exchange non-personal data with public and private organisations from multiple sectors aiming at stopping the virus’s progression and its economic impact. The Data Exchange technology enables users to remain in full control of the data they share, with whom they share it, and to keep track of all data flows. The platform acts as a trusted third-party where users benefit from multiple governance features providing maximum security, traceability and confidentiality. Data is exchanged in full compliance with regulations, leveraging blockchain technology to ensure the integrity of licensing contract in private or open data mode. Only strictly vetted participants are granted access to the platform to ensure strict confidentiality and relevance of the data exchanges. To broadly open-up the platform access to the maximum of countries and avoid any infringement of respective privacy regulations, participants are not authorised to create data offerings containing personal data on the COVID-19 Data Exchange.
On the COVID-19 Data Exchange,
- Scientific communities can access vast amounts of data from all around the world, including data sources that are not easily available.
- Hospitals and other healthcare operations can have access to cutting-edge yet easy-to-use tools to publish and share field non-personal data with a large global community.
- Many other stakeholders having a direct impact on the resolution of this crisis can find and exchange valuable data. Amongst them are specialised equipment manufacturers and distributors, governmental agencies or public services, banks, insurance, retailers, transport and logistics organisations.
- Various types of non-personal data can be exchanged including, but not limited to, statistical data, research data, anonymised raw data, tests results, equipments sourcing and inventory data, social and sentiment data, and many other types of data (open data or private data).
Open & Agile Smart Cities (OASC) is now scouting operational digital solutions that effectively mitigate the impact of COVID-19 on our health care systems, the economy and society as a whole that support cities and communities to:
- share, integrate, visualise & analyse relevant data to tackle the spread of COVID-19
- offer citizens a digital platform to help each other and to connect to neighbours in need.
- mitigate the economic impact of the COVID-19 crisis.
- restore social activities and keep communal work and cohesion alive.
- manage, track or distribute vital human, medical, technical and other resources
The solutions will be showcased in the brand-new OASC Catalogue to be launched by the end of April, where other cities and communities can discover and reuse them.
If you are operating a solution that helps tackle the COVID-19 pandemic running (or planning to run) on OASC Minimal Interoperability Mechanisms or a suggestion for a joint project, please share with Open & Agile Smart Cities by filling in this form.
All data submitted will be stored and managed by Open & Agile Smart Cities. For any questions, please contact firstname.lastname@example.org
Decentralised Privacy-Preserving Proximity Tracing (DP-3T)
The Github repository contains a proposal for a secure and privacy-preserving decentralised privacy-preserving proximity tracing system. Its goal is to simplify and accelerate the process of identifying people who have been in contact with an infected person, thus providing a technological foundation to help slow the spread of the SARS-CoV-2 virus. The system aims to minimise privacy and security risks for individuals and communities and guarantee the highest level of data protection.
The team working on the project includes persons from EPFL, ETH Zurich, KU Leuven, TU Delft, University College London, CISPA, University of Oxford, TU Berlin / Fraunhofer HHI (and more), who have been our research collaborators for years so we feel excited about the probability of success.
Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT)
“A health crisis must not lead to a weakening of privacy that so many generations before us have fought for.”
PEPP-PT is a multinational initiative announced on 1 April 2020 to provide the complete framework for a digital tracing solution in full compliance with European privacy and data protection law. The intention is to help manage the COVID-19 outbreak in a socially, economically and humanly tolerable way. As the pandemic is spreading rapidly across Europe and around the world, the founders and members of the initiative believe that a social and economic collapse can only be
avoided if potential infection chains can swiftly be identified, and singular infection cases and their exposed contacts can quickly be isolated. Achieving this objective is essential for managing testing- and health-system-resources at maximum efficiency and, thus, to facilitate a restart of social and economic life.
The PEPP-PT team has members from the following countries: Austria, Belgium, Denmark, France, Germany, Italy, Switzerland and Spain.
“The virus has spread quickly and knows no political boundaries. To bring it under control, we must act in the same manner; speed and international cooperation are essential to protect health, privacy, and the economy.”
ECSO COVID-19 Cybersecurity Response Package
Based on a survey amongst its members, ECSO has published its COVID-19 Cybersecurity Response Package which includes rapid response initiatives, tools and services from ECSO members, partners and other stakeholders. This package will continue to be updated and disseminated through the ECSO website and social media channels as part of its Cyber Solidarity campaign.
GPA: Data protection and Coronavirus (COVID-19) resources
The Global Privacy Assembly (GPA) has published an online catalogue on its home page of the latest guidance and information from GPA members, data protection authorities and observers on data protection and COVID-19 from around the world.
“Over the course of the past few weeks, the global community of technologists, privacy experts, and epidemiologists has worked tirelessly towards a secure, privacy-first, GDPR-compliant, and open-source approach to enable globally compatible digital contact tracing.”
TCN (Temporary Contact Number) is a global coalition for privacy-first digital contact tracing protocols to fight COVID-19 which emerged on 5 April 2020. Their first and foremost goal is to get secure tracing apps running on billions of users’ devices globally — fast. The TCN Coalition’s easy-to-implement privacy-first protocol, agreed upon and reviewed by dozens of experts, is open-source, extensible, free of charge, and available for implementation immediately. The core of the protocol is a completely anonymous number which is generated to privately record interactions between compatible mobile devices without allowing them to be tracked.
The coalition urges all major technology companies, app developers and governments to implement apps compatible with this shared protocol. They welcome other groups engaged in similar efforts to join them and encourage any other contact tracing coalitions to adopt similarly secure privacy-first protocols.
More information on the TCN protocol is available on GitHub.
And on a lighter note …
Covid-19 has transformed every aspect of our lives, including our lexicon. The expression “social distancing”, for example, has gone from being a relatively unknown piece of academic jargon to something we hear multiple times a day (although the World Health Organization prefers “physical distancing”). Usage of the phrase “flattening the curve” has increased exponentially. The word “super-spreader” has also spread from mouth to mouth at a dizzying rate. “Face mask”, previously an indulgence at a spa day, is now the armour you should wear – in many countries – to buy groceries.
The crisis has also birthed new words.
- Covidiot (noun): someone who stockpiles toilet paper and flouts physical distancing rules to sunbathe in the park; alternatively, someone who goes to the park so they can take photos of people in the park and shame them for being in the park.
- Doomscrolling (verb): obsessively consuming depressing pandemic news, searching for whatever the opposite of a dopamine hit is.
- CovideoParty (noun): a virtual watching party.
- Quarantini (noun): an alcoholic beverage you sip at home. Experimental cocktails mixed from whatever random ingredients you have left in the house. The alcoholic equivalent of a store cupboard dinner. [For those interested in such matters, a quarantucci is a Negroni according to actor, Stanley Tucci]
Speaking of which, if it’s 6 o’clock (or later) in your lockdown, it could be time for a “locktail” at “wine o’clock” during lockdown, which seems to be creeping earlier with each passing week …
(Adapted from Arwa Mahdawi, The Guardian, 15 April 2020)
And there’s more – much more – given the time for creative word plays so many of us have had. When and where will it end?
- Coronacoaster: the ups and downs of your mood during the pandemic. You’re loving lockdown one minute but suddenly weepy with anxiety the next. It truly is “an emotional coronacoaster”.
- Blue Skype thinking: a work brainstorming session which takes place over a videoconferencing app. Such meetings might also be termed a “Zoomposium”. Naturally, they are to be avoided if at all possible.
- Le Creuset wrist: it’s the new “avocado hand” – an aching arm after taking one’s best saucepan outside to bang during the weekly ‘Clap For Carers.’ It might be heavy but you’re keen to impress the neighbours with your high-quality kitchenware.
- Coronials: as opposed to millennials, this refers to the future generation of babies conceived or born during coronavirus quarantine. They might also become known as “Generation C” or, more spookily, “Children of the Quarn”.
- Furlough Merlot: wine consumed in an attempt to relieve the frustration of not working. Also known as “bored-eaux” or “cabernet tedium”.
- Coronadose: an overdose of bad news from consuming too much media during a time of crisis. Can result in a “panicdemic”.
- The elephant in the Zoom: the glaring issue during a videoconferencing call that nobody feels able to mention. For example, one participant has dramatically put on weight, suddenly sprouted terrible facial hair or has a worryingly messy house visible in the background.
- Quentin Quarantino: an attention-seeker using their time in lockdown to make amateur films which they’re convinced are funnier and cleverer than they actually are.
- Covidiot or Wuhan-ker: one who ignores public health advice or behaves with reckless disregard for the safety of others can be said to display “covidiocy” or be “covidiotic”. Also called a “lockclown” or even a “Wuhan-ker”.
- Goutbreak: the sudden fear that you’ve consumed so much wine, cheese, home-made cake and chocolate in lockdown that your ankles are swelling up like a medieval king’s.
- Antisocial distancing: using health precautions as an excuse for snubbing neighbours and generally ignoring people you find irritating.
- Coughin’ dodger: (rhymes with coffin dodger …) someone so alarmed by an innocuous splutter or throat-clear that they back away in terror.
- Mask-ara: extra make-up applied to “make one’s eyes pop” before venturing out in public wearing a face mask.
- Covid-10: the 10lbs / 5kgs in weight that we’re all gaining from comfort-eating and comfort-drinking. Also known as “fattening the curve”.…and finally, finally: One sentence to sum up 2020, so far: at one point last month, 1 toilet roll was worth more than a barrel of crude oil!