Pages

13 September 2018

Confidentiality, Integrity, Authenticity

By Justin Sherman

CIA—confidentiality, integrity, authenticity—is the core foundation of information security. Anyone who has taken an introductory class in network security or operating systems (or a cyberspace survey course) knows these principles. These principals define/illustrate a Western- or liberal-democratic-centric definition of cybersecurity or “information security.” Other countries certainly don’t see information—or even “cyber” itself—in quite the same way. Russian uses of “information security,” for instance, are far more philosophical, and the same goes for China, who has historically pushed censorship, surveillance, and other human rights abuses via the Internet under the guise of “information security.”

Cybersecurity professionals are taught to uphold and protect CIA, yet most of history’s high-profile cyber incidents succeed when they target and compromise one of these three points: confidentiality. Incidents from Target to Equifax to the Office of Personnel Management to Facebook have all represented some breach of confidentiality, in which information that was supposed to be protected was improperly disclosed. How breaches of confidentiality usually occur also implicate the ‘A,’ authenticity when hackers hide their identities or masquerade as legitimate users.

But not as much attention—at least not on a macro level—is paid to cyber threats against integrity (the ‘I’ in CIA). Integrity means that recorded electronic information has not been altered or manipulated without authorization since its moment of origin. The data could be log files, financial figures, or the content of an email—really anything that is assumed to be legitimate but may, in fact, not be. Under the principle of integrity, we want to know—to trust—that the information in question has not been changed without permission.

The Stuxnet cyber weapon, launched against an Iranian nuclear enrichment facility in Natanz, manipulated system data to hide the attack from plant operators. In addition to disabling alarms, the code transmitted false data to make it look like the plant was operating normally. (It wasn’t: the cyber weapon was spinning the facility’s centrifuges faster than they should have been, which ultimately damaged the devices and delayed Iran’s nuclear development program.)

Going forward, we’re going to see an increase in such attacks against data itself—attacks that compromise integrity. I might see a fraudulent charge on my debit card, or a company may suddenly find alterations in their ledgers. An intelligence agency may find out their phone interceptions were under manipulation, or a prosecutor may no longer be able to reliably present phone call records in a courtroom.

As critical infrastructure becomes increasingly connected—from hospital networks to traffic grids to server farms—attacks that manipulate data itself will become increasingly viable for malicious actors looking to disrupt any number of systems. We must ask ourselves: What happens when intelligence agencies cannot trust the integrity of their intel from the field? What happens when banks cannot trust the integrity of a transaction? What happens when live feeds from an electrical grid sensor are undependable? And so on.

Stuxnet was a complex cyber weapon that required time, resources, and sophisticated engineering. Not only did Stuxnet’s designers need inner knowledge of the Natanz plant’s operation, but they also needed expertise with its specific industrial control systems.

Point being, it won’t be easy for just anyone to manipulate data without a trace, especially in some of the sensitive and highly controlled environments mentioned above. But attacks that compromise the integrity of data are going to pose a greater risk over time, particularly when they originate from Advanced Persistent Threats or sophisticated cyber actors with the means and resources to execute such attacks precisely and in secret. The response, therefore, cannot just be to apply log management, user access control, and some of the more typical software (or hardware) cybersecurity solutions. More is needed to assure the provenance of data and to confirm its integrity.

In a world where data cannot be trusted, we need to start thinking about—and in some ways, rethinking—how we achieve trust in the digital records of our lives. For some, it may already be too late.

No comments:

Post a Comment