“Poor IT Security – a threat to democracy”.
Is the above a correct statement, or just a tabloid headline?
– It’s a good tabloid headline in that case, since it’s both remarkable and true, says Jan Helin, Program Director of Swedish Television (Sveriges Television, SVT).
As a modern media executive, Jan Helin has to be constantly aware, of the threats connected to IT Security. And the problems that they pose, to the media industry.
– The whole fake news debate, has given people a better awareness of the danger, with trusting IT systems as such. The danger, with the integrity of all types of digital distribution.
The issue about IT Security and the media is of course, not a new one. The United Nations, NATO and the USA – amongst others – have all already expressed worry about the desinformation threat, de facto being a threat to democracy as we know it.
According to Jan Helin (Editor-in-Chief at leading Swedish daily tabloid Aftonbladet, 2008-2016, before becoming Program Director at Swedish Television), the problem of IT Security and the media, can be split into two main parts.
– The first one is that it is no longer a conspirational theory that damage is being done, in many different, more or less sophisticated ways. Through weaknesses in IT Systems, or that hackers are skillful in manipulating data. That’s why it’s important with technical integrity in IT Systems, for media corporations. It’s important to be sure, that no one is “backend fishing”.
And the other one?
– What I am a little worried about, is the classical attitude about source protection. I think that this can never be a technical question. You can never trust a technical system, to guarantee source protection.
Jan Helin, who will be part of the media panel, at the Nordic IT Security conference at Stockholmsmässan on November 7 this year, thinks that a “change of culture” is necessary at the editorial desks.
If the material is sensitive enough, it should simply not be handled electronically.
The real name of the “Deep Throat”-source, in the famous Watergate scandal that lead to president Richard Nixons impeachment in 1974 in the USA, is a good example of material that should never be available through any connected device.
– That type of material, should be outside of all technical systems. This problem is too complex, there are too many issues with this question, to trust any technical system.
On the other hand, there is IT technology today, that is regarded as “more or less foolproof”.
But Jan Helin still thinks this is the wrong mindset, for media executives.
– Possibly one can use encrypted chats, if that is available. But this is a question of media culture, not technology.
Helin thinks that newspaper reporters should still handle sensitive scandals, of the Watergate format, just as if time has stood still, since then.
– Yes, one should meet physically somewhere, where one is not bugged and no one is eavesdropping.
But isn’t it a bit of “Stoneage thinking”, not to rely on modern technology?
– Well, it may sound a bit “writer romantic”. But it is important, to have that attitude today, that we don’t think that source protection can be secured by technology.
The threats posed in Sweden by inadequate IT Security, became very apparent for the media for instance in March 2016, when all Swedish national daily press had their websites hacked by DDoS-attacks.
Making them unaccessible to the public.
– Of course DDoS attacks, or “traffic overload” attacks, are serious. But they are basically easy to discover… and easy, to do something about. And worst case scenario, is that you get shut down.
There are also known antidotes to DDoS attacks, according to Helin.
– One can work with protection, with “redundancy”. I have been involved in handling some of these attacks myself. You work with “These servers are in China, let’s shut them dom”… we can just cut the traffic, from specific countries, for example.
But what type of attacks then, should the media corporations fear even more?
– The most devious ones are the hacker attacks, where you can’t see, that someone has infiltrated your system. The most extreme examples, are those who have infiltrated for a long time, and do a public stunt about it.
But what’s the point, of this type of “Cyber Attack”?
– The intruder infiltrates secretly. Then a type of game commences. The infiltration is made visible. The hacker or hackers, want the other part to say, “Yes, they got in. But we are now sure, that nothing is compromised and that no damage has been done”.
And that is when the “hit” comes:
– It’s first then, that the hackers start releasing material, about what has been done. So there is some kind of game plan. DDoS-attacks, seem like throwing eggs or something, compared with these type of attacks!
Footnote: In the media panel at Nordic IT Security, in Stockholmsmässan on November 7, the participants are: Jan Helin, Program Director, SVT. Linus Larsson, Tech Editor, Dagens Nyheter. Thomas Mattsson, Editor-in-Chief, Expressen. And Henrik Tilly, Head of Operations, Schibsted.