What is truth?
No, I’m not getting philosophical on you. I’m raising what will be the biggest issue in cybersecurity in the coming decade: data integrity.
Think about it.
Currently, you likely take it as a given that data from your computers, smartphones and occupancy sensors is for the most part legitimate. You might question facts in a news story on an unknown web site, but if your building management system says it was 68 degrees last week or that a given project used 450 kilowatt hours of power, you’d likely believe it barring mechanical failure or obvious data corruption. This will change.
Bad actors are constantly developing new technologies and methodologies that allow them to get inside networks and alter data – impairing and impeding an organization’s mission readiness. This problem only multiplies with the Internet of Threats … err, sorry … Internet of Things. Imagine if firefighters could not determine the status of electrical systems in a building or if the accuracy of sensors could only be assured one-third of the time. Compromising the truth is the essence of what Lieutenant General Vincent R. Stewart, USMC, calls “fifth generation warfare.”
“It is about winning the decision space,” he said during a recent keynote speech at the 2017 DoDIIS Worldwide Conference. “The goal is panic and paralysis and to rob the enemy of the ability to think and act.”
Russia’s actions toward Ukraine show how fifth generation warfare works. The barrage of misleading reports around events like the cyberattack on Ukraine’s grid in 2015 that disrupted power ultimately hampered Ukraine’s ability to act decisively. Fifth generation warfare isn’t about defeating someone in the field. It is about creating the conditions for defeat.
Like with cybersecurity intrusions, no silver bullet to ensuring data integrity exists. The best defense ultimately will be vigilance and training. Still, there are technologies, patterns and best practices that can help:
Air Gap Architectures. The Internet of Things revolves around allowing more people across your organization access data from building systems, sensors and other devices, which multiplies risks. Oil companies employ diode-based systems that allow traffic from machines to reach financial and other departments inside companies without worrying about inbound traffic. These systems aren’t foolproof – individual devices can still be compromised – but they reduce risk.
Supply Chain Integrity. Outsourcing is a way of life in the electronics world and that won’t change. Most semiconductors will still come from overseas because that is where fabrication facilities and manufacturing know-how are located. However, manufacturers and software developers need to develop more transparent and more accurate supply chain documentation.
Fraud Detection. Data integrity is already a problem with email. 93 percent of attacks are initiated by phishing emails from bad actors, often purporting to be lawyers or accountants of the victims according to Kevin Mandia at DoDIIS. Over 95 percent of private companies are not ready to repel these hackers – particularly as attacks become quite sophisticated as a result of social engineering. Telling legitimate emails from false ones can be nearly impossible. Companies need to deploy software that automatically combs and verifies both emails and their attachments in order to prevent potential multibillion-dollar losses.
Encryption. While pervasive in many agencies, encryption is regularly ignored in private businesses. The barriers to adoption, however, are falling. Virtually all flash memory-based drives will contain self-encrypting technology by 2018 and software vendors continue to improve the interfaces to make it easy to use.
More Stringent Default Settings and Standards. Simcha Weed, a security expert with the Defense Intelligence Agency, decided to test out the synchronization and security settings on new cars to assess how they balanced convenience and security. In about 20 seconds, her phone synced with the car’s Bluetooth module and downloaded her contacts and call history – leaning much more toward convenience than security. Better safeguards sounds simple, but manufacturers – and users – will have to make a concerted effort in this area.
Multiple and Redundant Sources. Everyone needs to operate like a news agency confirming, and reconfirming, information. Vencore – which specializes in harvesting images, social media information and other public sources – was able to determine that Russia was shipping war materiel to Syria by scrutinizing the multiple 24-hour public photo streams of the straits. Public sources won’t replace agency intelligence, but can supplement it. “Hyperlocal data is more informative than we expected,” said Patrick Biltgen, Technical Director of Analytics at Vencore.
If you look at the recent history of security break-ins, the motivations and sophistication of state actors behind recent attacks and the sheer scale of the problem, you might be tempted to throw up your hands and give up. Stop. Breath. Stay calm and just learn! Look back to 90s. Virus outbreaks were a chronic problem, but through diligence and cooperation, these traditional threats were mitigated over time. By cooperating on solutions for the problem of data integrity, we can take steps toward mitigating these new threats as well.
About Steve Sarnecki
Steve Sarnecki is Vice President of Public Sector at OSIsoft, where he helps federal civilian, defense and intelligence agencies optimize missions by implementing the PI System for a smarter operational infrastructure. Steve helps the DoE, NIH, NASA, and the US Army to fully harness the potential of sensors and IoT by transforming fragmented protocols and data streams into meaningful intelligence.