For agencies worried about data manipulation, help is on the way
- By Mark Pomerleau
- Oct 08, 2015
As scary and problematic as recent high-profile cyber incidents are, U.S. officials have warned that the next cyber tactic could be worse: data manipulation.
“I believe the next push on the envelope here is going to be the manipulation or deletion of data, which will of course compromise its integrity,” director of National Intelligence James Clapper told lawmakers on the House Intelligence Committee last month. Such an attack could render a vast set of data worthless, as leaders would be unsure of its accuracy.
Some in the private sector have begun to address this concern. In a recent demonstration, Lockheed Martin and Guardtime tested “pre-packaged technology that mitigates data manipulation attempts by internal and external threats to a networked mission centric environment,” according to a release from Lockheed. The company contends that the demonstration, which took place at its Center for Innovation in Virginia, was the first such exercise designed to address these concerns associated with data manipulation threats to networked, mission-centric environments.
“This particular technology specifically addresses data manipulation issues and mitigates it, such that if someone attempted to do so it could be readily discovered,” David Hamilton, president of Guardtime Federal, told Defense Systems. “At the very top level, what the technology does, is it signs any size digital file—and it signs it in such a way that it is impossible to alter the signature on the time so that at any time in the future you can validate the authenticity in a file whose signature you have previously signed. That includes audit files you can sign, aircraft operating systems files, banking files, banking transactions – there’s a whole host of different types of files that can be signed.”
Hamilton said that the technology pertains not just to data files but to the system’s integrity, allowing users to discover if anyone has altered, doctored or manipulated a program.
Lockheed said the anti-tamper technology would be effective for military, aerospace and industrial systems that depend on complex processes, software supply chains, interconnectivity and storage platforms.
“This new technology offers great opportunity for enterprise and embedded mission systems alike,” Ron Bessire, Lockheed Martin Aeronautics' vice president for Engineering and Technical Operations, said. Bessire said the technology is primarily software that runs on some customized hardware and runs on some existing platforms.
The recent demonstrations involved existing equipment to show that the technology could be included into a system to sign and verify files, integrating real hardware with Guardtime and Lockheed software.
While the technology is available commercially around the world, the demonstration tested the higher end of the equipment to show defense officials. “The defense community that has attended this test have been extremely positive about what they witnessed,” and said they would be interested in it, Bessire said.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.