guardtime

Blog & News

02Sep

The Industrial Internet: Forensics, Attribution and Data Governance

data gov·ern·ance noun \‘datə ˈgə-vər-nən(t)s\

: overall management of the availability, compliance, integrity and security of the data employed in an enterprise.

The Industrial Internet

“On the slavery of the machine, the future of the world depends”

- Oscar Wilde

In January of this year when John Chambers, CEO of Cisco, pegged the “Internet of Everything” as a future seventeen trillion USD market many people scoffed. With declining sales and a stock price that has flat-lined for the last 10 years (we remember buying Cisco 90 strike calls in 1999) it is not surprising the Cisco would aggressively promote new markets.

However, in one area, the Industrial Internet, they might be being conservative. The Industrial Internet, or the convergence of the global industrial system with the power of advanced computing, analytics and low cost sensing is bringing us to a threshold of a new era of innovation.

Connecting the digital world with the world of machines holds the potential to bring about profound transformation to global industry bringing greater speed and efficiency to industries as diverse as automotive, aviation, energy, power and health-care.

Learning from Internet History

“Those who cannot remember the past are condemned to repeat it”

- George Santayana

When the inventors of the Internet implemented their ideas for communication they weren’t thinking about security. Indeed at the time there was little justification for thinking about security and no one could ever have predicted the profound impact and trillion dollar industries that have been built based on their invention.

The reality is that there has been little fundamental innovation in security in the last 40 years. PKI still remains the only tool in the cryptographic toolshed for authenticating data but the model is based on centralized trust authorities which is in direct opposition to distributed open systems such as the Internet.

PKI relies on trust authorities (a Certificate Authority, CA in the case of identity or a Time Stamp Authority (TSA) in the case of time). As we outlined in a previous post, if all you have is a PKI hammer, then everything looks like a nail.

PKI was invented so that two parties can share a secret across an insecure channel – and for that purpose and that purpose alone it has been a massive success, as implemented in protocols such as TLS.

For everything else, and especially for authentication of data at rest the complexities and cost of key management make it impossible to scale. 1990 to 2000 were the “Years of PKI”. Nothing materialized then and in 2014 nothing much has changed. Like eating spaghetti with a spoon, it is the wrong tool for the job.

What is Keyless Signature Infrastructure?

After suffering a crippling, prolonged national-scale cyberattack, Estonia recognized that a new approach was needed to restore and guarantee trust in digital systems.

Under the auspices of the Estonian Government and the small country’s private sector, in 2007 a team of Estonian cryptographers, network architects, software developers and security specialists designed a digital signature system that could provide exabyte-scale real-time authentication for all the world’s networked digital assets.

The new approach was designed from the ground up using only hash-function cryptography with dimensions of verification including time, integrity and identity and with the following design goals:

Scale-Free: The system should be able to sign and verify an exabyte per second.

Trust-Free: Does not rely on key-stores, administrators or trusted third parties.

Portable: Data can be verified even after that data has crossed organizational boundaries.

Real-Time: The signatures should be able to be verified in real-time.

Indefinite Expiry: The signatures should not have an operational lifetime.

Carrier Grade: The system should be able to deliver 99.999% availability.

Offline: The system should not require network connectivity for verification.

Post-Quantum: The system should be work assuming functioning quantum computers i.e. they cannot rely on traditional asymmetric key or elliptic curve cryptography.

Implications for the Industrial Internet: Audit, Compliance, Security, Forensics and Identity

Audit: Immutable and Self Auditing Infrastructure

After a couple of decades of consumerization of the internet, the manual efforts to maintain technologies and underlying infrastructures became unsustainable. As a result, new technologies were developed to reduce these manual efforts and provide “everything as a service”.

For instance, applications are now becoming independent of the infrastructure components relying on IaaS, PaaS and obviously SaaS. Growing from there, Software Defined Data Centers are now being created where an application can be fully independent of an Infrastructure and could move from one to another without any code revision.

The cost savings of developing an application once and being able to move it anywhere in your ecosystem are simply massive. Additional technology innovations such an analytics and big data are enabling our ability to self-learn from customers behaviors and drive improved consumerization of products across the world. Further self-learning technology allows IT operators to predict when infrastructure or applications approach failing states and even newer technologies allow them to “self-heal” before an impacting incident.

We now have self-learning, self-analyzing, self-healing systems but the process of auditing them remains complex, particularly in environments where compliance controls are inherently important.

And therein lies the value of KSI technology where you not only can provide self-auditing capabilities to these systems, but you can further enable the growth of self-managed systems that compliance and control concerns were previously limiting.

Compliance: Dynamic Attestation

The state of the compliance art in cloud computing is for third party auditors to conduct an infrastructure and security audit once per year and certify that a provider is in compliance with specified regulations and guidelines.

This snapshot in time is completely inadequate for a world of continuously communicating 50 billion machines. Dynamic attestation, on other hand can provide real-time assurance that the state of security and controls and the virtual environment itself is in the correct state independently from any auditor or trusted party.

Security

By integrating KSI into the fabric of the Industrial Internet every component, configuration, and digital asset can be tagged, tracked, and located with real-time verification no matter where that asset is transmitted or stored.

Subsequently with this real-time awareness, real-time incident response, real-time data-loss prevention, investigation, and/or network resilience it is now possible to detect and react to any misconfiguration, network and/or component/application failure.

Integrity and Confidentiality

Let’s look at possible integrity and confidentiality breaches for the Industrial Internet.

	Integrity Breach	Confidentiality Breach
Your Car	Your braking system stops working.	Your braking patterns are exposed.
Your Flight	Your plane’s instruments report that you are 1,000 feet lower than you actually are	Your flight plan is posted on the Internet. (note: it already is)
Your Local Power Station	Critical systems compromised leading to shutdown or catastrophic failure	Your electricity bill is published online.
Your Pacemaker	Shutdown and death	Your heatbeat becomes public knowledge.
Your Home	Your security system is remotely disabled	The contents of your fridge are “leaked”. You drink how much beer?

Reality is that because of history the focus of almost all security to date has been on confidentiality of data in motion when in reality what is needed for the Industrial Internet is integrity of data at rest. Indeed confidentiality and integrity are opposite problems and because of the lack of tools available security professionals have been limited to a single tool to address both (PKI). Indeed most modern attacks are caused by integrity breaches - which then leads to a data or confidentiality breach - in essence confidentiality is what you get when you have integrity. Don't take our word for it - here is what the US military have to say about integrity in cyberspace:

"The nation’s top military officer said the United States lacks a strategy for cybersecurity, and data integrity remains one of the biggest security concerns for the Defense Department."
Speaking today at a conference on disruptive military technologies, sponsored by the Atlantic Council, Joint Chiefs Chairman Gen. Martin Dempsey warned the nation remains unprepared for a major cyber-attack."

Forensics

As the computing paradigm shifts from the traditional on premise model with enterprises owning and controlling their own infrastructure to an outsourced cloud model where compute, storage and networking are all shared resources the need for a forensics rethink becomes ever more apparent – traditional forensics technologies are struggling to keep up with technological progress.

Indeed it feels that digital forensics hasn’t advanced much since the 1980s. The status quo is still for an investigator to use imaging tools and try and figure out what happened after the fact.

A Change in Mindset: From Ex Post Facto to In Situ

By integrating KSI in to the fabric of cloud computing everything that happens automatically comes with independent verification, chain of custody and portability of evidence across organizational and service provider boundaries baking in mathematically provable and legally admissible evidence.

It’s a change in mindset from “ex post-facto” i.e. forensics done after the incident, to one of “in situ” i.e. “in place”, forensic auditability is intrinsic to the system.

Extending Ronald Reagan’s doctrine to Cyberspace

Today in Estonia we have the honor of hosting US President Barack Obama and presenting to him our view of cybersecurity and how a nation like Estonia can defend itself in the digital realm.

However it was in fact a previous US President, Ronald Reagan who paved the way for thinking about verification and mutual auditability between actors where trust is low (such as cloud computing). Reagan’s solution was “доверяй, но проверяй” a Russian saying that was translated for Ronald Reagan and became his signature phrase “Trust, but Verify”.

This worked in the physical world of nuclear weapons because it was possible to have extensive verification procedures to monitor compliance on both sides.

What however of the digital world? How to verify anything at all when all activity is represented in digital form and easily manipulated without leaving a trace?

KSI achieves exactly that for the digital world – it is possible for outsiders to verify everything that happens to data, independently from those who manage the data.

When presented with KSI the first reaction of most technicians is disbelief – how can you prove time without a trusted time source? How can you authenticate an exabyte of data within a single second?

Typically, after the multi-hour math fight the understanding dawns and the implications are understood – for cyber security, for insurance, for financial transactions, for health-care and for governance – it is now possible to eliminate the need for trusted authorities to validate electronic information.

Quantum-Immune Machine Identity Management

PKI was designed for humans to authenticate themselves across insecure channels - not for a world of 50 billion continuously on, continuously communicating machines.

Even more significant for PKI is that the underlying signature algorithm, RSA, will be comprehensively broken in a world of practical quantum computers. Whatever your view on quantum-computing, the world's leading nation states have put an end of life date on RSA as 2016 - and there is no alternative - yet.

Conclusion

The cost of ineffective cybersecurity, the lack of transparency, the inability to conduct forensic audits, the inability to implement effective governance are challenges that need to be addressed for as the global industrial system converges with the power of advanced computing and analytics to create the Industrial Internet.

KSI, delivered as a core network service to world governments and global corporations via their telecommunication and mobile infrastructure partners it is possible to meet all the security, audit, integrity and compliance requirements that are so desperately needed for the dawn of the age of machines.

To quote Victor Hugo: “Nothing is as powerful as an idea whose time has come”.

For KSI and the Industrial Internet that time is now.

Mike Gault

Co-founder and CEO Guardtime

Mike on linkedin

Latest news

Jul 09

Guardtime re-elected to ECSO Board of Directors

by Guardtime

Jul 03

Guardtime and DMI Broaden Strategic Alliance to Bring Blockchain and Artificial Intelligence Solutions to U.S. Healthcare Sector

by Guardtime

Jun 25

EY, Sensyne Health and Guardtime to use AI and blockchain to link health care reimbursement and actual patient outcomes

by Guardtime

Jun 19

Guardtime joins Computer and Communications Industry Association

by Guardtime

Show archive

June 12, 2019

Guardtime presents at HIMSS

June 04, 2019

Guardtime Closes Strategic Investment from SICPA, Establishes HQ in Switzerland

May 27, 2019

Guardtime’s new Head of Strategy Luukas Ilves introduces his next steps towards making the world’s information universally reliable

May 27, 2019

Guardtime won the second Estonian digital government hackathon

May 20, 2019

Guardtime delivers cyber exercises for UK critical infrastructure

April 25, 2019

In Memoriam Mari Kert-Saint Aubyn

April 05, 2019

Guardtime Founding Member of Global Blockchain Association

February 28, 2019

Guardtime to Lead Pan-European Cyber Range Federation Development

February 20, 2019

KPMG forms strategic alliance with Guardtime

February 11, 2019

Happy blockchain days at HIMSS in Orlando

January 31, 2019

Defence Technology Institute of Thailand partners with Guardtime for Cybersecurity Research

January 09, 2019

European Space Agency selects Guardtime for Data Provenance

November 29, 2018

Estonian President visits Guardtime

November 28, 2018

China Food Safety Cloud selects KSI Blockchain for food supply chain track and trace

November 21, 2018

Guardtime Health Appoints Ain Aaviksoo as Chief Medical Officer

November 09, 2018

Dutch Government deploys Guardtime's KSI Blockchain for integrity assurance

September 06, 2018

SUMMUS Global and Guardtime launch partnership to offer blockchain-powered medical specialist platform in Asia

September 04, 2018

Aletheia and UMVA China announce Alliance for Blockchain and Automotive Supply Chain

July 15, 2018

SICPA and Guardtime announce solution to architect trust into U.S. elections

June 20, 2018

World’s first blockchain-supported Personal Care Record Platform launched by Guardtime and partners to up to 30 million NHS patients in the UK

June 16, 2018

Guardtime’s Glen Ogden to present at BioNJ 2018

June 12, 2018

Guardtime's Martin Ruubel to present at Wirtschaftstag 2018

June 07, 2018

Crypto-custody platforms: 8 must haves for institutional investors

May 24, 2018

World’s First Blockchain Platform for Marine Insurance Now in Commercial Use

April 17, 2018

Guardtime signs a global pledge to fight cyber attacks

March 12, 2018

Guardtime delivers specialized Cyber Exercise for the UK Civil Nuclear Sector

March 08, 2018

Aletheia awarded Chinese Government contract for a blockchain-based platform targeting copyright violation, fake news and online advertising fraud

February 12, 2018

Verizon to deploy blockchain platform based on Guardtime technology

January 29, 2018

NIAP certification for Black Lantern anti-tamper hardware platform

January 23, 2018

Guardtime and Metaco launch SILO: the cryptocurrency asset management solution for financial institutions

January 12, 2018

Guardtime and CYCL Announce Strategic Partnership for Blockchain-based Content Management Solutions

January 10, 2018

Guardtime wins Sovereign Blockchain Contract for Thai Government

January 05, 2018

Guardtime appoints Randy D. Bishop as General Manager for Energy Infrastructure

November 27, 2017

Guardtime appoints Kaido Raiend as CISO

October 29, 2017

Guardtime, EDF and Industry Partners Sign Agreement for €26 Million Project Targeting Smart Energy Transmission Grid

October 23, 2017

Guardtime and Intrinsic ID Awarded Dutch Government Contract for Distributed Energy Marketplace

October 16, 2017

Guardtime and SICPA Announce Strategic Partnership for Enabling Trust in Public Services in a Digital Environment

October 11, 2017

Guardtime appoints Mari Kert-Saint Aubyn as Head of European Affairs

October 03, 2017

Guardtime at Defense Industry Expo Electronic Warfare & Military Cyber Live

October 02, 2017

Guardtime Announces EPIC Systems Integration, Targets US Health Care Interoperability

September 21, 2017

U.S. Department of Energy Contracts Guardtime, Siemens and Industry Partners for Blockchain Cybersecurity Solution

September 04, 2017

EY, Guardtime and Industry Participants Launch the World's First Marine Insurance Blockchain Platform

September 01, 2017

Guardtime appoints Luc Dandurand as Head of Cyber Operations

August 21, 2017

VOLTA – a Compliance Product for GDPR

August 20, 2017

Blockchain IdAM: Guardtime Awarded Development Grant by EU

July 29, 2017

KSI Blockchain to Secure Driverless Buses in Tallinn

May 29, 2017

The 9th CyCon Starts in Tallinn, Estonia

May 21, 2017

SAP Combats Cyber Risk in Military Supply Chains with Blockchain

May 10, 2017

Jamie Steiner at DIA Amsterdam on 11-12 May

April 27, 2017

Lockheed Martin Contracts Guardtime Federal for Innovative Cyber Technology

February 27, 2017

Guardtime Awarded Best Government Emerging Technology at WGS 2017

February 06, 2017

Guardtime Appoints James Koo as President of Guardtime Singapore

February 01, 2017

Guardtime Awarded Contract for Next-Generation NATO Cyber Range

January 12, 2017

NMC Health Partners with UAE-based Telecom 'du' for a pilot to deploy Guardtime’s KSI Blockchain

November 25, 2016

Martin Ruubel to Give Keynote at TRUSTECH, the Largest Event Dedicated to Trust-Based Technologies

November 18, 2016

Securing the Physical Supply Chain: PUF Technology and KSI Blockchain

October 24, 2016

Dentsu ISID, SIVIRA and Guardtime Pilot Farm to Fork Supply Chain Tracking with Blockchain

October 06, 2016

GE and Ericsson launch KSI Blockchain based Cloud Assurance for the Industrial Internet

October 03, 2016

Intrinsic-ID and Guardtime Announce Alliance on IOT Blockchain

September 21, 2016

AssureNet and Guardtime Implement Blockchain based Connected Car Liability Management

August 31, 2016

Lifetrack Medical Systems Upgrades its Digital Radiology Platform with Guardtime's KSI Blockchain Technology

August 28, 2016

Blockchain-Enabled Cloud: Estonian Government selects Ericsson, Apcera and Guardtime

July 20, 2016

Guardtime Federal Appoints Jeffrey Schrader as CFO

July 17, 2016

Increasing Healthcare Security with Blockchain Technology

July 05, 2016

Guardtime Signs a Strategic Alliance Agreement with EU Commission on Cybersecurity

June 28, 2016

Guardtime Announces KSI Blockchain Integration for Oracle 11g and 12c

April 25, 2016

Innovative Approaches for Enhanced SATCOM Security

March 16, 2016

Blockchain and Implications for Trust in Cybersecurity

February 12, 2016

Estonian eHealth Authority Partners with Guardtime to Accelerate Transparency and Auditability in Health Care

November 17, 2015

Estonian Ministry of Defence and Guardtime Support Cyber Defence Education

November 08, 2015

Guardtime Announces New Development Center in Irvine, California, Doubles Engineering Staff

October 13, 2015

Blockchain Based Immutable Infrastructure

October 07, 2015

Lockheed Martin and Guardtime Federal Target Data Manipulation Cyber Threats

September 17, 2015

OPM Breach - Truth, Trust and Integrity

September 13, 2015

The End of Lies: The Coming Blockchain Revolution

July 08, 2015

A Blockchain Alternative to Certificate Pinning

June 24, 2015

Why Let’s Encrypt Everything Misses the Point

May 21, 2015

Guardtime Announces BLT, New Blockchain Standard for Digital Identity

May 15, 2015

Guardtime Appoints Tony Kenyon as CTO EMEA

May 13, 2015

BlockCloud: Re-inventing Cloud with Blockchains

April 06, 2015

Six Reasons Security Will Fail on the Industrial Internet

March 15, 2015

Six Reasons why Encryption isn’t working

March 03, 2015

Ericsson introduces industrialized data-centric security

February 10, 2015

Q: What do HSBC and Anthem have in Common?

January 17, 2015

Blockchain Security Implications for the Industrial Internet

December 07, 2014

Our answer to Peter Thiel: Start with Integrity

November 03, 2014

What Geer’s Law means for Visa

October 28, 2014

In Docker We Trust? Containerization, Security and Trust Models

October 14, 2014

Guardtime Recognized as the Leading Technology Company in Estonia

October 08, 2014

Matt Johnson to Present at PNAA Defense, Space & Security Conference

October 06, 2014

Google, Subrogation and Cloud Data Residency

October 05, 2014

Matt Johnson to present at the ETSI/IQC Quantum-Safe Crypto Workshop in Ottawa Canada on 6-7 October

September 22, 2014

Data Poisoning

September 12, 2014

Native Forensics, Integrity Instrumentation and Breach Management

September 09, 2014

David Hamilton Appointed as President of Guardtime Federal

September 03, 2014

Ericsson and Guardtime Partner to Create Secure Cloud and Big Data

September 02, 2014

The Industrial Internet: Forensics, Attribution and Data Governance

August 24, 2014

Block Chains, Time and Lorentzian Frames

August 22, 2014

C-RAN: Addressing Vulnerabilities with KSI-Enabled Cloud Forensics

August 20, 2014

Rethinking Cloud Forensics

July 02, 2014

Matt Johnson’s Keynote at Asia Cyber Liability Conference in Singapore

June 30, 2014

Privacy, Integrity and Big Data Rules

June 20, 2014

What Bitcoin means for SWIFT: Technological Progress and Provable Security

June 18, 2014

Hardening PKI to Address the IoT and Mobile Devices

June 14, 2014

Cisco's Vision of Next Generation Cybersecurity

June 12, 2014

Addressing CIO Concerns Over the Public Cloud

June 12, 2014

Trust and Truth in the Public Cloud

June 02, 2014

Integrity: The Number One Threat to Corporations

May 28, 2014

Big Data and Privacy in the Digital Age: Matt Johnson @ TIA 2014

May 21, 2014

Ebay, Attribution and Digital Forensics

May 20, 2014

Advertising, Regulatory Compliance and Personally Identifiable Information (PII)

May 11, 2014

Target: A Confidentiality or Integrity Breach ?

May 07, 2014

Big Data Governance and Security for the Fortune 500

April 29, 2014

Freedom Online Coalition Dinner Hosted by President Toomas Hendrik Ilves in Tallinn

April 28, 2014

Guardtime And Authentise Form Strategic Partnership For 3D Printing IP & Supply Chain Assurance Services

April 25, 2014

Attribution And Data Lakes: The Future of Big Data

April 16, 2014

President's Day in Estonia

April 09, 2014

Whitepaper: Virtualization and Attribution

April 09, 2014

Heartbleed

April 07, 2014

Guardtime Launches Industry’s First API Integrity Platform

March 25, 2014

Securing APIs and Operational Data Sources using KSI

March 23, 2014

KSI and Third Party Verification (TPV) Services

March 03, 2014

Whitepaper: Cloud Insecurity and True Accountability

February 28, 2014

Implementing Data Governance at Internet Scale

February 10, 2014

The Target Compromise: Trust and Verification in Cyberspace

January 23, 2014

Cyber Security: A 3 Trillion Dollar Problem for Governments & Global Corporations

November 22, 2013

Privacy and Integrity on the Internet of Things. If all you have is a PKI hammer…

September 15, 2013

Guardtime invited to 68th General Assembly of the United Nations

September 04, 2013

ZDNet: The Estonian cryptography startup that wants to be the Qualcomm of data security

June 08, 2013

Cyber Conflict 2013, Government Accountability and The Insider Threat

April 12, 2013

Quantum Computing, KSI and Flat-Earthers