Coping with data leaks using nature’s ideas
In the aftermath of the massive leak of US Embassy cables, the media are perpetuating the fatalistic misconception that modern technology has irreversibly outgrown our ability to keep sensitive information safe.
Yet the pessimistic arguments sound so reasonable. Local computer networks filled with valuable data are part of every modern-day institution, very large files are easily transmitted to DVD storage, USB devices, or mobile phones, while internet makes basically anything easy to publish and e-mail provides a straightforward way to contact anybody discreetly. Moreover, every business depends on customers, and there are plenty of them no matter which side of the ‘fence’ are you on. While WikiLeaks happily embraced stolen government cables, tax authorities around the western world are appreciating stolen account data from Swiss banks, to note two recent prominent cases.
No matter how well-protected our databases are by state-of-the-art firewall technology and password protected access, and no matter how good our admin and security policies are, the most malicious leaks are still caused not by sophisticated penetrations from the outside, but accidentally or deliberately by insiders. The workforce population dealing with sensitive data is enormous. According to Steven Aftergood, a senior research analyst at the Federation of American Scientists, more than 2.4 million hold security clearances. The private sector employs another even bigger army of people who have been granted access to all kinds of valuable information. So how to prevent frustrated individuals from taking out their revenge for broken ambitions or stop the greedy from monetizing valuable data that they have access to?
The first thing that springs to the mind of a scientist is to look for useful ideas in nature. All plants and organisms are made of cells, which not only provide protection from the external environment, but also offer an enclosed location for intracellular contents. In higher organisms, cells are organized to form tissues and organs, but there is no single large “supercell” that consists of all the necessary biological machinery, but rather millions of microscopic cellular compartments. The most important advantage of this design is its robustness. Robustness allows a system to maintain its functions in the face of internal and external disturbances. If a cell is compromised, this induces cell death, while the organism as a whole is not endangered. The ability to replace individual tissue cells in response to a wound or sickness allows maintaining organs to function. Cutting your finger may cause a local infection, but this smart design prevents the entire skin, the largest human organ, from turning red.
Nature perfected its survival strategy by fine-tuning a compartmentalization model on various levels of biological organization over billions of years. By looking at cell compartments and how they function in organisms, we can learn about how to organize classified information efficiently. Just as fragile molecules are encapsulated in cells, sensitive data should be locked up in a number of small safes. Large monolithic data spaces should be divided into segregated units and secured with different keys to create a system which is far less vulnerable to damaging leaks.
The notion of compartmented information is not unknown to the intelligence community, just as it is not unknown to experts in various fields of the data security industry. Good practice endeavors to restrict specific types of sensitive information to locations where individuals deal directly with the related task. “Your medical records should be kept in the hospital where you get treated; your bank statements should only be available at the branch you use; and while an intelligence analyst dealing with Iraq might have access to cables on Iraq, Iran and Saudi Arabia, he should have no routine access to information on Korea or Zimbabwe or Brazil” stated professor of security engineering at Cambridge University, Ross Anderson, for The New York Times.
According to the Wikipedia article Classified information in the United States, sensitive government information is protected by a compartmented data structure. Nonetheless, WikiLeaks published a wealth of classified information because a 22-year-old US Army soldier found them all in one place.
“Cablegate” is far from being the first incident of what has become an emerging phenomenon, but it is the most seismic, chiefly because of the massive volume of leaked data. The next big scandal lurks for institutions or businesses that have either never heard of compartmentalization or that just traded it off for the sake of convenient information sharing. Any business executive who understands that there is nothing more damaging for a company than massive data leaks, must adopt the basic principle of data protection; the division of sensitive and precious information into seamless units, rather than merely limiting user privileges or the number of people with general access or clearance.
The faulty design of “watertight” compartments contributed to the Titanic disaster since the water spill was not stopped as it was supposed to be. It was not the iceberg, but the critical volume of water leaking in that eventually sunk the ship. Neither water leaks nor data leaks can be averted by compartmentalization, but it constitutes a basic form of passive protection to prevent disasters.
Author: Robert Mistrik, scientist and co-founder of the Slovak SaS party