Great Security Doesn’t Ruin Party Time
Blog: Jim Sinur
As organizations roll out most excellent / smarter processes and applications to compete in the digital world, the opportunity for abuse increases. The number of smart resources dynamically contributing to changing goals and desired outcomes will be increasing and the power that these resources posses will make them a target for those with bad intentions. These smart processes can be lead the wrong direction easily as they are built to auto-adjust to changing conditions thereby producing unexpected consequences in the hands of the wrong people. Those with bad intent can change the goals, decisions, and actions of processes and applications and hurt many as a consequence. Security will have to step it up while becoming less visible and easy to deal with in the new digital world. See http://jimsinur.blogspot.com/2015/06/security-is-boat-anchor-to-digital.html
Misguiding Processes with Patterns & Goals:
The kind of dynamic and real time processes and applications that will be emerging in the digital world will be susceptible to bad consequences through fooling the process into pursuing the wrong sets of goals by feeding these processes with false patterns. Most of the new processes will be able to sense events and patterns of events and those with bad intent can mislead a processes into sensing the wrong events and changing the goals to undesirable under the conditions and contexts.
Misguiding Processes with Decisions:
These dynamic processes will likely be dependent big data and embedded algorithms. Those with bad intent could alter the algorithms or the data bound for the analysis. Switching the combinations and sequence of these algorithms could have a bad and maybe undetectable effect until later down stream. This could be true of cognitive services (COGs) or machine learning where constraining rules and policies could be tampered with in real time.
Misguiding Processes to Act Improperly:
Besides messing with the goals or decisions, the actual actions could be altered in real time to create havoc. If for instance a fire drone was being flown for observation purposes it’s code could be altered to interfere with outcomes rather than help. In the case of fire observation, the drone could be directed in the flight paths of retardant craft and cause misses and delays at a minimum.
Great security starts and making sure that the participants in the processes are authenticated and the persons authorizing change to the processes are authenticated in a fool proof manner. In additions there should be extra controls on key pieces of code and code sequences. There should be a security sensitivity analysis based on likely and unlikely scenarios in addition to authentication.