Science and Technology

How to Win the Cybersecurity War

October 7, 2016  • David Shrier & Alex Pentland

Key Points

  • As reflected in the 2015 hack of 21.5 million federal employees and contractors, cybersecurity is a serious and growing risk to US national security.
  • Hackers are evolving, but experts give us coding strategies to combat them.

We are losing the cybersecurity war. In 2015, over 21.5 million federal employees and contractors – just about anyone who got a US federal security clearance outside of the CIA – received a notification that their Social Security Number and personal information had been stolen from their Office of Personnel Management (OPM) files. When seeking a government security clearance, you have to fill out a very detailed personal information form, an “SF-86.” All of those were now in the hands of parties unknown.

Experts have suggested that this OPM hack, the DNC email hack, and the Sony hack are the results of state-sponsored cyberwarfare.

Adding insult to injury, scammers latched on to this latest data disaster and sent out fake notification letters and emails, leading to further data breaches. Experts have suggested that this OPM hack, the DNC email hack, and the Sony hack are the results of state-sponsored cyberwarfare.

After decades of cybersecurity efforts, even the US government’s “secure” files aren’t safe. Forget it if you are a customer of Ashley Madison, or Target, which were also recently hacked. Better cryptography alone isn’t the answer. The analogy is that with cryptography, you are making harder and harder walls, which is great as far as it goes. When someone penetrates those walls, though, they still have access to all of your data.

The absence of good data-sharing is visible every time you have to fill out the same information on medical paperwork.

What’s more, improving security typically comes at the cost of more data silos, making it harder to share information. This runs counter to the fact that data is more useful when shared. The absence of good data-sharing is visible every time you have to fill out the same information on medical paperwork when you go from one doctor to another or one clinic to another.

We are arguably at a place of crisis.

The good news is that, thanks to the rise of popularity of ledger technologies (like Blockchain), and data management methods such as secure multiparty computation and secret-sharing, we now have a potential solution.

Even if you could hack one node on the network, you’d just get a data fragment.

The first part of the solution, “OPAL” (Open Algorithms), inverts traditional coding paradigms. Instead of bringing the data to the code, we’re bringing the code to the data. No longer do we consolidate and then code different data sources. Instead, we distribute the code to the various pieces of data, which reduces the attack surface for hackers. The French government has funded our early work in developing OPAL.

The second part, “ENIGMA,” breaks up data into thousands of small pieces, encrypts each piece, and scatters them. Even if you could hack one node on the network, you’d just get a data fragment. Even better, you can perform computations on the encrypted data fragments. When combined with OPAL, you can transform and gain use out of data while dramatically improving its security. Corporate collaborators are underwriting our efforts to implement ENIGMA as an open source code project.

OPAL/ENIGMA, and techniques like it, promise to deliver new weapons to the war on cybercrime — while making all of that data significantly more useful for society.

David Shrier and Alex Pentland are the authors of Frontiers of Financial Technology. Alex Pentland spoke at Securing Our Future: Cambridge Cyber Summit.

This post originally appeared on CNBC.

Related
Science and Technology
Can we protect corporations from cybercrime?
October 6, 2016 • Stuart Madnick