Cybersecurity in the Context of Global Missions
Written by Josh.
Josh is a full-time worker in the global missions community. Though his specialties revolve around cybersecurity, his heart is that all would come to know Christ.
This is the first in a series of articles that will walk through the various aspects of cybersecurity in the context of missions, focusing on the four major groups in our community: (1) Partnering Churches & Individuals, (2) Organizational Offices, (3) Short & Long Term Field Personnel, and (4) National Believers. Each of these groups has unique cybersecurity needs, which requires that they are addressed separately. This first article sets the foundation for this discussion and is high-level in nature. The rest of the articles will be “ground-level,” focusing on practical strategies and methods.
Cybersecurity In the Context of Global Missions
“In our survey of 30 key MENA ministries, we found that mission organizations were not only experiencing financial loss, but more than 50% had staff or seekers that experienced arrest or harassment, prison, expulsion – and even death – due to cybersecurity breaches.”
– Cyber Security Report 2017, Media Impact International
Joan1 was one of many expatriate workers who was expelled from a country in the early 2010’s. The reason? Contact lists on a confiscated smartphone allowed local authorities to make “guilty by association” connections between expat workers and eventually, expel all of them. There are many more examples that paint a bleak picture of how our actions in the digital world are impacting ministry worldwide. Reducing this impact goes beyond simply keeping people “safe.” Instead, cybersecurity in the context of missions focuses on allowing us to:
- Be better stewards – lose fewer resources from security incidents.
- Be more protective shepherds – sheltering non-believers who are disproportionately affected by ministry security incidents.
- Cross difficult barriers – allowing the ministry to more lovingly and compassionately advance in higher-risk regions.2
If these things are important to us, how should we respond to the risk of ministering in a digital world? Should we allow ourselves to live in fear to the point that we miss the opportunities that He brings along? Or should we go to the other end of the spectrum and throw up our hands and say “Enough of this! I’m not going to worry about cybersecurity – I am going to just get ministry done.” Scripture rejects both of these mindsets. 2 Timothy 1 makes it clear that in the extension and preservation of the Gospel, God has not given us a spirit of fear, but of power, love, and self-control. From this perspective, take a minute and think on this:
Paranoia is the antithesis of security culture. True security culture requires a clear head, pragmatism, personal self-control and dependence on God.3
Let’s break this down.
Culture & Clarity – You’ll notice that it is not just a security mindset, but a culture of security. This is because it is a continual process of understanding your environment and determining whether something or someone is a threat that needs to be considered. It is ongoing. You can never spend enough time or money and declare yourself “secure,” and not have to be concerned about security ever again. This does not mean we are in a constant state of fear or paranoia. Rather, clearly thinking through the issues and dealing with them appropriately.
Pragmatism – The more “secure” we make something, the less usable it becomes. Best practices are only best for the purpose they were designed, and are not applicable in all circumstances. We should not be implementing best practices just because they are best practices. Instead, we should be focusing on practical steps that will reduce real-world risk.
Self-Control – Notice the focus on self-control. As will be seen, much of the damage that is incurred from cybersecurity incidents can be reduced if we placed a higher value on personal self-control, especially as it relates to the use of social media.
Dependence on God – This is critical. If we are truly concerned about the extension and preservation of the voice and presence of the Gospel around the world, then we may be called to take risks beyond what would be considered customary. We must walk in wisdom and dependence on God as we take these risks.
What does this all of this look like practically? Later in this series, we will discuss how it is key that you map the different “threat actors” or groups in your environment and their relationships to you as well as each other. Knowing “Who’s who” gives us the needed information to understand the security context, and how we fit into it.
This same mindset applies in the digital world. If we can map the different actors in our environment, who they are, what they want, and how they will attempt to get it, we can establish steps that will help reduce the risk of them succeeding. Here is a real example:
- Who: A nationalistic religious opposition group focused in a particular country. They are extremely active on social media.
- What: Their goals consist of attempting to expel short/long term religious workers active in their country.
- How: They scour social media for posts from other religious workers that could be used as evidence to get them removed from the country.
Risk Reduction Steps: The key steps should include a higher level of training and situational awareness for how your workers are using social media in this particular country. Likewise, your workers should have a consistent, legitimate reason for being in-country.
Here’s an example, then, of how a “best practice” may not be applicable. Would requiring workers in this country to use encrypted hard drives reduce the risk posed by this particular group? No, it wouldn’t. Encrypting hard drives has its uses, but it would not help in this situation.
This is the crux of cybersecurity. Understanding who is targeting you, why they are targeting you, and the tactics and tools they will use against you – then applying practical risk-reduction steps. Thinking of cybersecurity from this perspective grounds us in reality without generic hand-waving about “the bad guys.”
In the next article in this series, we will continue to look at cybersecurity in the global missions context, specifically in relation to partnering churches and individuals.
1) Cybersecurity is important in the context of ministry so that we:
- Can be better stewards.
- Can be more protective shepherds.
- Can better cross difficult barriers.
2) There are four crucial aspects to the right mindset:
- Culture & Clarity
- Dependence on God
- Name changed for privacy
- Adapted from conversations with Seth Hanford
- Adapted from the AIA Organizing Guide, 2nd Edition: Secure Affinity Group Meeting and Communication Practices