Last month, NetHope’s director for global programs and humanitarian operations, Isaac Kwamy, co-hosted an exclusive NetHope Solutions Center webinar with Rakesh Bharania, the West Coast lead for Cisco TacOps Operations. By way of introduction, Mr. Kwamy provided recent historical background to the current plight of Syrian refugees. In 2015, the world looked on as Syrian refugees began streaming into Europe. It became obvious, as refugee camps were established in Greece and the Balkans, that connectivity and communication were imperative needs for refugees, along with the basic requirements of food and shelter. NetHope, along with its partners, began setting up Wi-Fi hotspots and charging stations along refugee migration routes and refugee camps in Greece. Kwamy explained that as point person for the Cisco TacOps team, Mr. Bharania was instrumental in making connectivity a reality for thousands of refugees on the move. The challenge of installing and enabling internet connectivity included security provisions and protocols that also preserved the dignity of refugees as they navigated a route into Europe.
A new design for communication
Bharania began his presentation with a detailed description of the network design that NetHope deployed in European refugee centers. In the past, internet connectivity in and around human migration routes and camps focused on connectivity for aid groups and workers. In this case, the goal was to provide connectivity on a much larger scale for hundreds of thousands of people over a broad geographical area. Bharania explained that the United Nations Emergency Telecommunications Cluster identified this approach as part of their ETC2020 strategy: “ETC2020 seeks to ensure that all those responding to humanitarian emergencies - including affected communities - have access to vital communications services.” Emergency telecommunications workers have been mandated by the international community to treat connectivity as aid.
Bharania went on to assert that “Internet access for many of these refugees was not just an optional luxury, but it was actually essential to their safety and well-being.” For example, for a period in late 2015 and early 2016, internet access was essential in order to apply for asylum in Greece as applications could only be submitted through Skype. For Syrian refugees, internet connectivity is about much more that communicating with family and friends: it is vital for their future prospects.
“Internet access for many of these refugees was not just an optional luxury, but it was actually essential to their safety and well-being.”
NetHope’s approach to connectivity for the Syrian refugees in Greece needed to be a unique approach to a unique situation. Bharania described a network that was standardized so that it could be replicable wherever it needed to be deployed. To that end, they designed it to be smaller, lighter and highly portable. The system was streamlined to that it could be supported efficiently with as few resources as possible. And in order for the network to have positive outcomes for the most people, it had to be equitable. Equity meant that the network supported the largest number of users possible while preventing super-users from consuming too much bandwidth. But equity also meant an inclusive understanding of social dynamics that provided equal access regardless of gender, and that protected social norms by restricting content of an adult nature, and blocking peer-to-peer file sharing networks.
Bharania spoke about the need to build a network that wasn’t based on the “dumb pipe” models of the past where an organization would set up an internet hotspot and then neglect its ongoing operation and security. In contrast, the new networks were shaped with quality of service in mind. NetHope’s approach included a strict adherence to advanced cybersecurity protocols to guard against antagonists engaged in the Syrian conflict from infiltrating and crippling the network. Not to do so would expose both refugees and humanitarian aid workers to outside risks. Bandwidth devoted to voice and video chat was prioritized over other content to ensure that communications between refugees and their outside contacts were reliable. Conversely, rate-limiting became essential for devices that performed routine software updates that would otherwise slow down connection speeds for other users on the network. All of these design features were implemented with the "smart pipe" principle that NetHope will maintain responsibility for the health and failure of the network long before any of the users notice a problem.
Connecting Syria’s refugees
Mr. Bharania’s presentation included the detailed technical aspects of the networks that NetHope installed. The cloud-managed Meraki MX64 router with advanced malware protection (AMP), intrusion prevention software (IPS) and content filtering is still in service, and is being updated from the cloud regularly to ensure day-zero threat protection for the network. Access points are handled by a combination of the Meraki MR66 and MR72 outdoor access points. Both are cloud-managed and provide 802.11n or 802.11ac and they both support dual-band mesh networks. Point-to-point communications used for expanding the network’s reach from one end of the camp to the other, or to connect to another camp wirelessly is handled by the Ubiquiti M5 5Ghz. The backhaul portion of the network, that acts as a gateway between the network and the internet, is the cloud-managed Cradlepoint AER 2100 providing dual LTE service. At sites where LTE connectivity was not available, Bharania’s team used Eutelsat Tooway systems, a satellite ground station with a two-way dish antenna.
“It’s the largest humanitarian network that I am aware of in 20 years of humanitarian response.”
Cisco TacOps teams began to arrive in Greece, November of 2015. The first teams deployed into the Greek islands, and over the course of the next year, NetHope deployed nine teams to 62 sites that supported over 400,000 users.
Securing Syria’s refugees
When discussing the importance of security Bharania focused his presentation on the vulnerability of the refugees, and the danger of their private information being exploited. The primary mission of humanitarian aid work is to protect the vulnerable, and the primary purpose of security for the network is to protect that mission. The challenge with the issue of security, whether in a humanitarian crisis or in daily business, is the balancing act of security vs. access. Bharania emphasized that it is a balancing act that is unique to each situation where a humanitarian network is deployed. It must be calibrated specifically and executed correctly every time.
The intrinsic challenge for humanitarian cybersecurity is that it is fundamentally different from enterprise cybersecurity. “The security concerns that a business might have over user data and website functionality play a role in humanitarian cybersecurity, but fieldwork has a unique set of security challenges” said Bharania. With NGOs and UN partner organizations trending digital, not only is that data vulnerable to outside hacks but the threat can come from anywhere: a private entity or any government executing hacks that support their national interests. Bharania emphasized this by quoting from a report commissioned by the Office for the Coordination of Humanitarian Affairs (OCHA) in 2013 that stated “A humanitarian crisis can create a justification for waiving concerns about how information is collected and used, even as cyberwarfare, digital crime and government surveillance rises, particularly in unstable contexts.” Simply put, parties are especially vulnerable to lax cybersecurity in humanitarian crisis zones because there’s an expectation that security will be lax due to limited resources and a focus on immediate survival.
When security is compromised, the threat manifests in typical ways that even enterprise networks experience such as denial of service attacks, compromise of data, websites and infrastructure. But for the humanitarian sector, especially when working in the EU, unique threats must be taken into account. For NetHope setting up connectivity in Greece meant that refugees came under the purview on the European Union Privacy Directive. That meant ensuring electronic privacy by law. Also unique to the humanitarian sector is operational security. This is especially important in or near conflict areas where warfare could include electronic and cyberattacks as is the case in Syria. And most importantly is the threat of physical harm that is often present in a crisis zone, especially one where conflict is ongoing.
“We created what is arguably the most secure humanitarian network that’s yet been deployed.”
In response to multiple cyberthreats targeting Syrian refugees, NetHope has created networks with multiple layers of security using Cisco Meraki MX and OpenDNS Umbrella. The result is an automated 24/7 advanced security cyberthreat defense for refugees and humanitarian aid workers. This is the first use of OpenDNS in a humanitarian response.
Secure wireless connectivity innovations on a broad scale in the midst of a humanitarian crisis are going to generate profound lessons by design. Mr. Bharania shared discoveries as innovative as the fieldwork that produced them. The simple use of the hashtag when naming the local networks (#NETHOPE_FREE_WIFI) easily distinguished NetHope networks from others nearby, and placed the networks at the top of the list on users’ smart phones. Concerning personnel and system management, cloud-based system management allows remote monitoring of all systems from anywhere on the globe. To deploy professional IT personnel to multiple locations to manage network systems would be cost-prohibitive and a logistical nightmare. Therefore, cloud management protocols for physical network infrastructure is essential when there are no personnel on the ground. Equally important is the point that cybersecurity is no longer a luxury in humanitarian technology deployments. Cyberattacks against humanitarian aid workers and refugees are routine and constant.
When setting up networks in the refugee camps, workers noticed that people tended to congregate in areas where the WiFi signal was strongest. Bharania escribed that this had the potential for conflict as many of the camps were segregated by gender and/or ethnic group. Some of these groups had fought each other before becoming refugees. If one group was provided better access and a stronger signal that a rival, tensions could escalate and physical safety compromised for everyone. Technical innovations in this case needed to be consistently inclusive and lead to design decisions informed by an awareness of social dynamics, norms and mores.
Practical lessons learned included the fact that refugee camps grow. What needs are assessed one minute will not be sufficient three months later, so the lesson was learned to always overbuild. And electricity will always be a challenge. In order to prevent the access points from being unplugged from the grid by someone looking to charge their mobile device, running power via Ethernet was used as an effective workaround.
To learn more about The NetHope Emergency Response initiative and the work they’ve been doing to enable faster, better-coordinated responses to manmade and natural disasters, explore their Community Page.
Share this webinar.
Join our Community.
Share your journey.
A recording of this webinar, as well as a PDF of the presentation, can be found here.