Or criminals will benefit instead of the world's poor...
Broadband will do nothing but good in developing countries - provided its arrival is accompanied by appropriate security, says Tony Dyhouse.
Communications technology, in particular broadband, has long been considered a key aspect of improving life in the Third World.
Readily available internet access offers obvious benefits in areas such as education, health and trade, and has been identified as important in achieving the UN Millennium Development Goals - a set of targets and plans to reduce global poverty and improve living standards.
But earlier this month statistics from the International Telecommunications Union (ITU) showed fixed broadband penetration is below one per cent in many of the world's poorest countries, while the cost of access can be simply too high for the average income. To address this issue, ITU secretary general Hamadoun Touré is trying to encourage all countries to have a framework that ensures every citizen has access to broadband.
Such efforts should be applauded. However, while providing cheap and accessible broadband access is seen as the biggest challenge, the security implications of bringing millions of vulnerable people online have escaped close attention.
Openings for cybercriminals
A dramatic rise in the number of people online who have little understanding of technology opens up huge opportunities for exploitation by cybercriminals. We need to give this issue serious consideration before we launch broadband on unsuspecting populations in the poorest parts of the world.
As world leaders gather at the UN 2010 Millennium Development Goals summit in New York this week, the Broadband Commission for Digital Development has presented a report (PDF) looking at models for broadband provision in different economies. These models will inevitably involve private sector broadband companies as well governments and regulators.
If the resulting plans are to be successful, it is critical that all parties involved engage with the security profession and develop appropriate measures to address security when rolling out broadband.
The actual threats that the developing world will face are no different to those experienced elsewhere, but because of fewer financial resources, less regulation and less education, the impact of such threats could more damaging.
Potential for phishing scams
The obvious risks are scams and fraud. Far too many people in the UK still fall for phishing scams - and we have no excuse. In African villages, for example, where people with little money will look to the internet for medicines, advice and financial support, the opportunities for exploitation are terrifying if users are not educated to understand the risks.
More serious for the world as a whole, and more likely to be overlooked, is the increasing power this greater availability will give botnets. Estimates suggest that hundreds of thousands of computers are used as botnets, which gather user data and harness computer power for criminal activity.
Dramatically increasing the number of connected computers will only increase the damage botnets can do. Such computers will be seen as easily exploited and become particular targets as online security gradually improves in the developed world.
This concern isn't unique to poorer countries. In fact, this very phenomenon happened in the UK when we introduced broadband. We were ahead of the game in rolling it out but failed...
...to take proper security precautions. As a result, we quickly became one of the biggest contributors to global botnets and received considerable international criticism.
Since then fraud, botnets and other cybercrime have become everyday occurrences in the UK and other wealthy countries, costing millions for governments, companies and individuals.
Learning from experience
If we can't control the problem in the UK, with our multimillion pound security industries and tech education, it might sound like an impossible task to make, say, the whole of Africa secure. But we have one key advantage - experience.
It is important that we learn from this experience. New technology must have adequate security built in. Rolling these measures out will require the support of governments in developing regulatory frameworks, as Touré rightly states, and these frameworks must prevent companies from reducing costs by cutting back on security.
These provisions must be supported by adequate education programmes. Instructions on using new technology, and those responsible for training people to use them, must cover basic security.
It is imperative that, as we introduce millions of new users to the internet, we ensure they know not to click on suspect links, respond to requests for financial details, post unnecessary personal information or buy products from untrusted sources.
Technology and educational programmes
We know many of the technological and behavioural challenges and we have the expertise to develop technology and educational programmes, which can be rolled out together to mitigate the dangers of global access to broadband.
The worry, as always in security, is that we won't. It will seem easier to get the technology out there, start exploiting the benefits it brings, start making money, and worry about security later.
I would urge anyone involved in these programmes, be they UN commissioners, technology companies, or politicians developing the legal frameworks, to engage with the security profession and draw on their expertise to form their plans for the developing world.
Otherwise we will be faced with huge and expensive problems that may be impossible to address, and all our good intentions could backfire.
Tony Dyhouse is cyber security director at the Digital Systems Knowledge Transfer Network, an independent, free-membership body set up by the Technology Strategy Board to combine expertise in distributed computing, cyber security and location services to help address the challenges of digital Britain. The Cyber Security Programme brings together business, government and academia to collaborate on effective responses to cyber security threats.