January 10, 2017

What’s worse than having your data stolen?

Markus Melin

Head of Tieto Security Services, Tieto

The modern society is built on data. Having data stolen or taken hostage isn’t the biggest threat, however. If malicious attackers manage to manipulate our data without us noticing, we’re in deep trouble.

In 2010, a computer virus fed incorrect information to centrifuges in an Iranian uranium enrichment plant. This made the centrifuges rotate at wrong speed, which finally destroyed the system – and set Iran’s nuclear program back several years in one swift blow.

In 2012, the FBI estimated that hacked smart electricity meters had cost a Puerto Rican electric utility an annual 400 million dollars.

These are examples of tampered data wreaking havoc. No data was stolen, nothing was destroyed. Just some small tampering of changes to critical data feeds can stop an industrial plant, disrupt air traffic, and cause financial damage to businesses.

In 2014, attackers tried to distort operational data from satellites belonging to the US weather agency NOAA. The satellites’ data is crucial for disaster mapping  and safeguarding air and sea traffic. Incorrect information could have caused serious trouble and life-threatening situations. 

Internet of Badly Functioning Things

The World Wide Web’s founding father Tim Berners-Lee recently commented that disrupted traffic data could instruct all vehicles to take the same routes. This would grind an entire city to a halt.

With the Internet of Things, the correctness of data becomes essential. It’s all too easy to cripple a smart city by feeding wrong information to internet-connected devices.

The Guardian quotes Mr Berners-Lee: “When people are thinking about the security of their systems, they worry about other people discovering what they are doing. What they don’t think about is the possibility of things being changed.” 

Mucho mistrust

However, there is an even darker side to data sabotage than cars running into each other, all traffic light turning green at the same time or delivery drones dropping pizzas to the wrong address.

Not being able to trust data may shake the foundations of the way modern societies and businesses function.

We are accustomed to making decisions that are based on data. Forward-looking businesses describe themselves as data-driven.

But what if an attacker has ever-so-slightly changed the numbers you see in your ERP dashboard? Little by little, you start making increasingly bad decisions, because you don’t know the real situation. 

What can you do about it?

The whole idea of data sabotage is that changes go unnoticed for as long as possible. Regular methods in detecting anomalies might not work, because the data seems right.

It’s good to start with basic security measures, such as strong encryption and strict access control. You need mechanisms to identify unwanted visitors in the network who are trying to tamper the data through endpoints by using malware, or directly in the database. You must make life difficult for the attackers.

How can you be sure of the integrity of your data, then? Perhaps Artificial Intelligence could come to the rescue. After all, intelligent systems should be able to learn how the data should look and alert if they suspect foul play.

While it’s not impossible to fool AI systems, the researchers from MIT have presented an interesting security solution. They have combined machine learning with human intuition and claim that the combination predicts cyber attacks much more efficiently than previous methods.

The best way to protect yourself from data sabotage is to have a thorough security policy, keep a close eye on the latest developments in AI, and understand that human security experts are still necessary.

Read how the European Union is putting pressure on data integrity through GDPR, and how enterprises must prepare for its requirements.

Stay up-to-date

Get all the latest blogs sent you now!