On Feb. 5, 2016, staff at Bangladesh Bank fixed a seemingly inconsequential reporting glitch only to discover that $1 billion in unauthorized transfer instructions had been issued against their accounts, with $81 million already cleared and (as of this writing) lost for good.
Large-scale breaches of technical systems such as this one that, which lead to the loss of funds and/or other sensitive data, are among any organization’s worst nightmares. To date, humanitarian and development groups have largely been spared. Sadly, we do not expect this to continue. As the shift towards digital data and digital payments accelerates — with all the benefits of speed, accuracy, efficiency, and ultimate impact that it will bring — we believe that the risk of significant security breaches will also rise, as the scale on which technical systems can be compromised increases.
We hear this concern echoed in conversations taking place throughout the sector. From sessions on cybersecurity at this year’s NetHope Global Summit to discussions organized around the “Principles for Digital Development,” we are asking each other: How can we reap the benefits of scaled technologies and scaled data without exposing ourselves to scaled risk?
At Segovia, we discuss the same question with our partners — international NGOs and bottom-of-the-pyramid enterprises who process large volumes of sensitive beneficiary data and issue millions of dollars worth of payment instructions on a regular basis. Even minimalist systems for doing so, such as sending instructions via emailed CSV files, open a Pandora’s box of security risks.
So where to begin? The history of technological and regulatory evolution in other sectors (for example electronic health records or payment cards) teaches us that it is critical to engage the community in an early discussion of key principles, before rather than after the proliferation of new technical systems. Newly emerging technology-driven fields often suffer from a lack of understanding of the complexity of the underlying technology; ad hoc and unintended use; unnecessarily large numbers of interacting components and systems and a lack of standards. The early definition of good practices and standards can help prevent this, ensuring that systems are built toward well-defined goals.
Toward this end, we released this week a whitepaper laying out our internal framework for understanding the most critical technological considerations in enterprise systems for humanitarian (and development) work. The paper is organized around a series of concrete questions that managers can ask of current or proposed systems to evaluate their security properties. At the same time, we view these questions as a useful device for stimulating broader discussions about standards and best practices which could ultimately be certified by third parties or codified in procurement norms. They are the questions we ask ourselves in driving daily development of the Segovia platform.
Some of the questions facing us seem intuitive (for example, what user data to encrypt) and yet lead to subtle tradeoffs. For example, some matching and arithmetic operations are feasible on an encrypted database where the data is numeric, such as one containing only ID numbers. Yet some complex text-processing or photo processing algorithms on encrypted data may not even be possible within the current state of the art. If one has to decrypt the data in order to run matching or parsing algorithms over it “in the clear,” then the protection of the encryption is lost and is probably just wasted time and effort.
Other questions are less immediately obvious. For example, ensuring that technology is easy and enjoyable to use (i.e. providing a good “user experience”) is not usually framed as a security issue. Yet a poor user experience can force staff to find ways around the system’s security mechanisms simply to do their jobs. When a program manager cannot easily adjust payment schedules within a system, for example, it is all too tempting to export the data and manipulate it manually in a spreadsheet — at which point all carefully crafted security protocols are irrelevant.
Finally, it is crucial that we learn to evaluate the process by which technology is architected and implemented, in addition to testing the technology itself. Simply maintaining software quality — software free of the bugs that are responsible for many vulnerabilities — requires a foundation of good software hygiene and software development best practices: architecture reviews, code reviews, methodical unit and system testing, careful version control, and so on. At the architectural level, principles such as data immutability (similar to the “blockchain” approach to recording transactions in digital currencies such as bitcoin) must be embedded deeply and early in the DNA of a system.
So what next — how do we proceed quickly and pragmatically to reduce the risks of major breaches? In our view, the key thing is not to wait for others to take the first step. NGOs will not be able to implement all the principles they might like to overnight but can begin to include them in procurement reviews — for example, requiring that procured systems be able to log all actions taken within them, or asking proposing teams to demonstrate prior experience building systems that reached significant scale.
NGOs can also begin writing funding proposals that emphasize positive steps that they are taking. Funders will not be able to mandate immediate compliance with a broad set of principles, but can begin to include them in scoring rubrics, generating incentives for the sector to move toward stronger security. For example, they could award points to proposals that include provisions for immutable data storage and disaster recovery plans.
Securing humanitarian and development data will take time and collective effort. We’re grateful to our partners who have shared insight and experience with us and excited to add our current synthesis to the conversation. We’re optimistic that the end result will be better stewardship of the funds and personal information we all hold on behalf of the world’s most vulnerable.
Join the Devex community and access more in-depth analysis, breaking news and business advice — and a host of other services — on international development, humanitarian aid and global health.