18 February 2017

Opinion: How to build public trust in our data-powered universe

Chris Young

FEBRUARY 15, 2017 —Do you trust your data? Recent headline events make that an essential question.

All around us is proof that the newest persistent threat in cybersecurity – and perhaps the most pernicious – is data manipulation. When millions debate the validity of a national election or the veracity of news stories, the role of information security in a smooth-functioning society has never been clearer. After data landmines deliberately planted by cybercriminals are detonated, we are confounded on where truth ends and fiction begins.

No matter your politics, I think we can agree: Data drives decisions, and decisions make history. But what if vandals pervert data used as a foundation for civic policy or military action? This is the so-called Big Data era, in which countless organizations base pivotal decisions on information they presume accurate.

We know individuals scan their news feeds today with a fresh realization that things actually may not be as they are presented, but now government and business leaders alike also wonder where and when truth is replaced by slant, bias, or outright fiction. We can’t let the era of Big Data give way to a future of Bad Data.

Thankfully, Big Data is not the problem. Small data is the big story.

As we’ve abruptly realized, the weaponization of data at the micro level is a serious challenge. When data is poisoned, our adversaries are messing not only with our minds, they are messing with what matters most. The best response, though, may surprise you: think small.

Assuring data integrity means securing the environments where it’s stored, transmitted, and accessed. But today those environments are borderless. If you’re a mobile information worker, you’re tapping in from your Wi-Fi-equipped car, your fitness club, and via your household router – the same router you use to stream Netflix and connect a lengthening list of smart Internet of Things (IoT) gadgets.

The amorphous corporate boundary means enterprise security as we used to think about it – with all of its protect-the-castle metaphors – is as good as dead. 

We manage massive infrastructure deployments across corporate and government real estate, but deploy far too little security where people really to their work. Prime attack surfaces are now the personal car, the coffee shop or airport, and especially the home network, where many IoT devices are shockingly exposed to attack. (Consumers don’t load security updates onto their computers with much consistency. They’re even less likely to do it for smart TVs, connected printers, and security cameras deployed using factory-installed passwords.) 

When employees tote their laptops and tablets home and plug into unprotected networks, or trade data with unprotected devices, it creates countless new points of vulnerability. With an increasing amount of work being done from home, it’s time for all of us in cybersecurity to do our homework.

That’s why the IoT-powered home is exactly where we now see the biggest opportunity – in fact, the imperative – for greater data integrity: across this jumbled, straight-to-the-horizon mosaic of billions of small devices, billions of small vulnerabilities, and billions of small attack vectors. 

Adversaries no longer bent on data theft, or even on data monetization, are now relentlessly testing the IoT’s weaknesses and our homes’ limits to discover where data manipulation at the micro level can have the largest downstream macro impacts. The Mirai-based botnet attack last October was simply a probing of the IoT as a potential Ground Zero. We can’t let the Internet of Things become the Internet of Terrorism.

Every digital home must have smart, protected architecture, and the only way the private sector can do its part is by linking arms and cooperating. No one private cybersecurity player can drive security unilaterally. Competitors must perform in concert like an all-star team, partnering across an open ecosystem. Working together, we can put more hands and more experience on the job to be done. We can collaborate to consistently deliver better outcomes for our customers.

There’s a role for government, too. If we can require cars to be equipped with seat belts, airbags and, soon, backup cameras – safety mandates that save many thousands of lives each year – we can develop digital security standards that generate like positive impact. A safe user experience should be coded into every connected device or sensor design. A better-protected industrial IT landscape should be a baseline component of homeland security policy.

But technology innovation typically comes from private industry. Engrossed in separate missions, pursuing uncoordinated self-interests, we have not exactly created a seamlessly secure computing environment. Quite the contrary. But that can change. It must. We now see data weaponization has the potential to compromise a cohesive, confident, civil society. It demands a cohesive and confident response.

Competitors, colleagues, and customers: we share the same goals, and we know declining public trust is a bad outcome for all of us.

Let’s work as a dream team, with urgency, to address today’s alarming patchwork of small-bore digital vulnerabilities and inspire more confidence. The biggest dividends of the new connected world will come only when we sweat the smallest of details, side by side. Let’s work together.

No comments: