I have been interested in cyber security since the late nineteen nineties. One of the first things that I learned about was the three tenets of information security, which are confidentiality, availability and integrity. These three building blocks are at the core of every cyber security practice. While there has been debate over the years as to the three tenets being able to stay relevant with the new technologies that are emerging, I personally believe that it is a good foundation.
When I think about the latest cyber security events, I look at the three tenets and wonder which tenet was not applied? For example, if you look at Facebook, I would claim that integrity was not part of their process.
When a cyber security person talks about integrity, what do they exactly mean? For us, integrity means the integrity of the data throughout its lifecycle. When the data was created, who created the data, and has it been changed, if so, who changed the data.
Why is data integrity important and in my opinion, the most important component of security today?
First, there is not one digital system today that does not rely on data, and it is becoming more integrated every day. This means that if data is corrupted in the first process, as the data spreads, it will continue to corrupt the whole process, thus making critical decision based on data useless. For example, weather patterns are made up of data. What if all the data that makes up a weather pattern is actually corrupted? What if you could change the data that a sensor is collecting in the middle of an ocean to show a possible hurricane, or the opposite, what if you could change the data, for all the sensors in the ocean, to not show that winds were increasing. You could change a weather computer model that could possibly kill thousands of people.
Second, data integrity could fight off disinformation. Disinformation campaigns are serious. Not only has disinformation impacted the elections in the United States, but also in England, and with our other allies. Disinformation campaigns can be extremely dangerous and can even cause civil unrest. Example, there has been a disinformation campaign by Russia against democracies in the West. Evidence has shown that foreign policies have been manipulated and that there is a long term goal to weaken democracies by taking away the trust we hold in our Government and her institutions. The Russian disinformation campaign has also set out to cause division and distrust with each other. And many of us have become willing participants in their campaign through social media.
Third, data integrity of personal identifying information; your data will strategically rise in importance to bad actors whether it can be sold, or manipulated for someone else’s campaign. Check your profile, not only on Facebook, but on the Internet. To check your profile on Facebook, go to settings under your account, and click download a copy of your Facebook data. They will send you an email with your data.
Integrity of data is a cornerstone for a good information security practice. Data will only be increasing as we continue to digitize our life. Make sure your digital life is in order, and stay safely Connected.