Cybersecurity for think tanks part one: shock digitisation

SERIES Cybersecurity for think tanks 5 items

The COVID-19 crisis has led to what many felt was a ‘shock digitisation’ of the world: in a matter of weeks, all day to day activities had to be digitised to support working from home and to maintain social distancing.

Political institutions, schools, and companies moved their operations online. Governments started to hold cabinet meetings via video conferencing platforms, and international summits and face-to-face meetings of the UN Security Council and EU Council were replaced by video calls.

UN Security Council meets online. Source: Al Jazeera English via Twitter, 25 April 2020

Some think tank outputs (like social media outreach and web publishing of policy papers) were already digital before COVID-19 hit. But an essential part of our work was not. The majority of political consulting, background briefings, workshops, and conferences still happened face-to-face. Hence, when lockdown came – and shock digitisation with it – many of us have been treading new terrain.

Many think tanks, for the first time in their history, introduced mandatory telework, restricted travel, cancelled all in-person events, organised online staff meetings, and stepped up their digital game considerably.

Source: GMF Newsletter
Source: Brookings Institution COVID-19 guidance

While going digital certainly comes with many benefits (such as scalable outreach via social media, and increased productivity due to Cloud and collaboration platforms), it also comes with IT-security risks.

Risks include the loss of confidential information due to hacking or data breaches, as well as disruptions to digital infrastructures due to configuration errors or hacking.

What’s more, during recent years think tanks and political foundations have become, as Microsoft warns, the focus of foreign intelligence agencies. And now, even less-sophisticated actors are starting to engage in cyber espionage, including Iran, Saudi Arabia, North Korea, and Turkey. The Snowden leaks also remind us that in the intelligence world there are no friends, only partners, so even spying among allies can be expected.

This left many of us wondering how to secure the digital transformation of think tanks and how to boost IT-security.

Generally speaking, IT security deals with:

  • confidentiality (no unauthorised users should have access to information),
  • integrity (protecting information from unwanted deletion or modification), and
  • availability (your data/services are available to you all the times).

In this series, we want to take a closer look at the security challenges posed to think tanks by this new situation, and provide both technical background information and practical advice for how to create safer spaces for sensitive conversations online.

It will also be great to hear about your own experiences and exchange good practices! Please don’t hesitate to get in touch and let us know how you have been dealing with this.

The cybersecurity for think tanks series:

  • Part two: know your risks, threats and set up
  • Part three: what to do
  • Part four: the bright and dark sides of Zoom
  • Part five: how to create safer spaces for sensitive conversations online