In the 1990 true story The Cuckoo’s Egg astronomer and computer expert Clifford tracks a KGB hacker through the network of computers that made up the early Internet. At one point he watches the hacker poking around in a machine that controls a piece of medical equipment. Stoll is outraged, worried that through carelessness or intent the hacker could tamper with the machine configurations in such a way that it would hurt a patient. No longer does he see the hacker as someone who just does damage in the virtual world, now the consequences have spilled over to the real.
Brazilian hackers have made a similar leap from virtual to real in recent weeks. Working together with crooked logging companies, hackers have organized the logging of 1.7 million cubic metres of excess timber by generating fake logging permits in Brazil’s automated allocation system.
This sort of spill over, from virtual mischief to real world consequences is only likely to increase as computers and computerized systems take over a larger part of our lives. As more real world decisions are made based off of electronic data, especially automated decisions, the integrity and accuracy of that data becomes paramount.
This goes beyond security concerns. There’s also the question of data entry. How does you data get into your systems. In a way that prevents keying errors? If automated actions are based off of it, are there sanity checks? These are all questions that businesses working to automate processes need to ask. Below are 3 key concerns that all businesses should worry about when it comes to their data.
1. Is it safe? – Who can edit your data? Don’t just worry about outside hackers, worry about internal vulnerabilities too. Is there an employee who could wreck havoc with a few misplaced key strokes? Is there an audit log to hunt who’s responsible? Internal threats, both intentional and unintentional are far more dangerous than external.
2. GIGO – A classic computer acronym, Garbage In Garbage Out. Pay very close attention to how your data is getting into the system. Does that OCR scanning software read as well as it claims? Is your data entry team rewarded for speed or accuracy. And if your systems take automated actions based on this data, then double, triple, and quadruple check it for accuracy.
3. Double Blind – In the book mentioned earlier, Cliff Stoll first starts chasing after the hacker because of a 75 cent descrpancy in his companies two seperate accounting systems. Sometimes redundancy is a good thing because it ensures accurate data. Is there some mechanism in your systems so you can tell when data is not as it should be?
Given the extraordinary impact that computers have on our daily lives in terms of information and records it is a logical extension to for them to also automate our physical world, but with incidents such as this one, SCADA system infiltration at power plants and utility infrastructures and the now nearly two decades old example of medical device manipulation – we simply MUST hold ourselves and our society to a higher standard in terms of security. To not do so risks something far more damaging than these tragic examples have already demonstrated.
Related posts:
- Small Businesses in the Secruity Bullseye Hackers and data thieves are increasingly focusing their efforts on...
