Cyber Conflict 2013, Government Accountability and The Insider Threat
This week in Tallinn at the Conference on Cyber Conflict we had the opportunity to listen to two keynote speakers, Toomas Hendrik Ilves, President of the Republic of Estonia (right on photo), and General Keith B. Alexander, Director of the NSA (left on photo).
This blog is a short summary of the conference from Guardtime's perspective.
President Ilves and Estonian Government TransparencyEstonia is generally recognized as the most advanced digital society in the world where 100% of health records are online, 99.8% of transactions are electronic and where laws are promulgated using an ID card behind a computer screen.
A key pillar of Estonian society is transparency and every citizen has a legal right to know what personal information is being stored on Government networks.
President Ilves talked about how the Estonian Government has implemented KSI on their Government databases providing not only transparency over citizen related data but also mathematical certainty over its time, provenance and integrity.
In Estonia it is impossible for a system administrator to conduct malicious activity and cover up his or her tracks. At a more general level it is impossible for anyone to rewrite history.
General Keith B. Alexander, Cloud Computing and AttributionGeneral Alexander’s talked about how the theft of Intellectual Property is the biggest transfer of wealth in history and there is an urgent need for technologies that can provide attribution.
This is a very interesting topic for us as we think we can help. The Attributed Internet has been a distant dream since the start of the 1990s. However in 2013 with the emergence of technologies such as KSI and IPv6 it can be come a reality with very little effort.
KSI provides automatically generated and independent evidence of what happens on a network. With strong authentication/massive expansion of video it will be possible to build a preponderance of mathematically certain evidence over the ‘who’.
In our view it may well be the case that privacy is dead – but if Big Brother is watching then at least there is a way to provide complete transparency and accountability over what he does with the information he collects. Most people will gladly give up data privacy for the shared benefits it can bring. What they want is transparency and accountability over how that data is used.
Michael Covington: Threat Implications of The Internet of ThingsMichael Covington, a Cisco security product manager gave his take on the Internet of Things. By 2020 there will be an incredible one trillion sensors generating information and a key attack vector will be manipulating either the software operating on the sensor or the data generated by the sensor.
Rainer Gerhards, recently explained why he integrated KSI into the Linux default syslog daemon. By being ‘keyless’ there is no trusted third party – and there is mathematical certainty on the data you receive is correct.
Machines don’t lie – humans do – and KSI provides a chain of custody all the way from sensor to end user ensuring humans can’t interfere for the lifetime of the data.
Kevin Sullivan & Jan Neutze: Automated Collective DefenseThese Microsoft executives gave a great presentation on the growth of electronic data volumes and how to automate a collective defense to a cyberattack.
There will be x50 surge in data volumes by 2020 with 75% of electronic data being hosted on third party networks. Your bank statement, your health records, your search history is nothing more than electrons flowing on someone else’s network.
Unless you live in Estonia you have no proof or protection from being abused. A bad actor, whether an insider intent on fraud or a state sponsored cyberattack intent on framing you for activities that you did not commit can manipulate data (such as you bank account) and you will have no way to prove otherwise.
Bruce Schneier recently blogged that the big US Tech firms are like feudal lords and we are their vassals, peasants and serfs handing over security without accountability. It is an insightful post but he may not be fully aware of the latest technologies when he states that it is “not possible to audit the activities of the cloud service providers”.
It is possible. KSI gives citizens a completely transparent audit over all information and activities on Government networks. If you are serious about “Don’t be evil” then KSI gives you the ability to prove it, and be indemnified from claims that you are.
ConclusionGuardtime’s mission is to provide transparency for the world’s information. US President Barack Obama said on Friday June 7th that you can’t have 100% security, 100% privacy and zero inconvenience.
At Guardtime we agree. The good news is that you can have 100% transparency and accountability, across all networks for all citizens and their respective Government institutions that serve and protect them.
Image by Ardi Hallismaa (Kaitseväe Peastaap)