Modern field guide to security and privacy

Opinion: How to build public trust in our data-powered universe

The weaponization of data at the micro level is a serious challenge. Don't let the era of Big Data give way to a future of Bad Data.

Ann Hermes
AUSTIN, TX - March 12: South by Southwest (SXSW) Interactive attendee, Natasha Wiscombe checks her phone outside of the JW Marriott hotel where panels are being held on March 12, 2016, in Austin, Texas. Photo by

Do you trust your data? Recent headline events make that an essential question.

All around us is proof that the newest persistent threat in cybersecurity – and perhaps the most pernicious – is data manipulation. When millions debate the validity of a national election or the veracity of news stories, the role of information security in a smooth-functioning society has never been clearer. After data landmines deliberately planted by cybercriminals are detonated, we are confounded on where truth ends and fiction begins.

No matter your politics, I think we can agree: Data drives decisions, and decisions make history. But what if vandals pervert data used as a foundation for civic policy or military action? This is the so-called Big Data era, in which countless organizations base pivotal decisions on information they presume accurate.

We know individuals scan their news feeds today with a fresh realization that things actually may not be as they are presented, but now government and business leaders alike also wonder where and when truth is replaced by slant, bias, or outright fiction. We can’t let the era of Big Data give way to a future of Bad Data.

Thankfully, Big Data is not the problem. Small data is the big story.

As we’ve abruptly realized, the weaponization of data at the micro level is a serious challenge. When data is poisoned, our adversaries are messing not only with our minds, they are messing with what matters most. The best response, though, may surprise you: think small.

Assuring data integrity means securing the environments where it’s stored, transmitted, and accessed. But today those environments are borderless. If you’re a mobile information worker, you’re tapping in from your Wi-Fi-equipped car, your fitness club, and via your household router – the same router you use to stream Netflix and connect a lengthening list of smart Internet of Things (IoT) gadgets.

The amorphous corporate boundary means enterprise security as we used to think about it – with all of its protect-the-castle metaphors – is as good as dead. 

We manage massive infrastructure deployments across corporate and government real estate, but deploy far too little security where people really to their work. Prime attack surfaces are now the personal car, the coffee shop or airport, and especially the home network, where many IoT devices are shockingly exposed to attack. (Consumers don’t load security updates onto their computers with much consistency. They’re even less likely to do it for smart TVs, connected printers, and security cameras deployed using factory-installed passwords.) 

When employees tote their laptops and tablets home and plug into unprotected networks, or trade data with unprotected devices, it creates countless new points of vulnerability. With an increasing amount of work being done from home, it’s time for all of us in cybersecurity to do our homework.

That’s why the IoT-powered home is exactly where we now see the biggest opportunity – in fact, the imperative – for greater data integrity: across this jumbled, straight-to-the-horizon mosaic of billions of small devices, billions of small vulnerabilities, and billions of small attack vectors. 

Adversaries no longer bent on data theft, or even on data monetization, are now relentlessly testing the IoT’s weaknesses and our homes’ limits to discover where data manipulation at the micro level can have the largest downstream macro impacts. The Mirai-based botnet attack last October was simply a probing of the IoT as a potential Ground Zero. We can’t let the Internet of Things become the Internet of Terrorism.

Every digital home must have smart, protected architecture, and the only way the private sector can do its part is by linking arms and cooperating. No one private cybersecurity player can drive security unilaterally. Competitors must perform in concert like an all-star team, partnering across an open ecosystem. Working together, we can put more hands and more experience on the job to be done. We can collaborate to consistently deliver better outcomes for our customers.

There’s a role for government, too. If we can require cars to be equipped with seat belts, airbags and, soon, backup cameras – safety mandates that save many thousands of lives each year – we can develop digital security standards that generate like positive impact. A safe user experience should be coded into every connected device or sensor design. A better-protected industrial IT landscape should be a baseline component of homeland security policy.

But technology innovation typically comes from private industry. Engrossed in separate missions, pursuing uncoordinated self-interests, we have not exactly created a seamlessly secure computing environment. Quite the contrary. But that can change. It must. We now see data weaponization has the potential to compromise a cohesive, confident, civil society. It demands a cohesive and confident response.

Competitors, colleagues, and customers: we share the same goals, and we know declining public trust is a bad outcome for all of us.

Let’s work as a dream team, with urgency, to address today’s alarming patchwork of small-bore digital vulnerabilities and inspire more confidence. The biggest dividends of the new connected world will come only when we sweat the smallest of details, side by side. Let’s work together.

Chris Young is senior vice president and general manager of the Intel Security Group, Intel Corp. Follow Chris on Twitter @youngdchris.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.