Network Infrastructure Gets Larger, but Less Protected

How to Analyze 'Big Data' and Prevent Cybersecurity Threats From Adversaries

By Aaron Hand

After hearing Shawn Henry, president of CrowdStrike Services, give dire warnings about rampant threats to network infrastructures and the data they hold, IBM's Michael Valocchi wondered aloud whether we should just keep all that big data to ourselves.

Henry and Valocchi both spoke recently at ABB Automation & Power World in Orlando, Fla. Henry, who spoke about cybersecurity dangers, knows what he's talking about. He's a retired executive assistant director at the FBI who oversaw computer crime investigations around the world.

SEE ALSO: Ever More Data, but Still Cyber Vulnerable

"The DNA of all of your companies resides on the Internet. And it's incredibly valuable," Henry said, noting the value of intellectual property, R&D, corporate strategies and more. "There's an increasing push to move it all to the network. It's all riding on an inherently insecure infrastructure."

That infrastructure, Henry insisted, is only getting larger and less protected. "Imagine trying to protect a building with 100,000 doors," he said. "There are too many vulnerabilities right now."

It's an incredible challenge for which there is no short-term answer, Henry said. To make a better run at the problem, however, the focus needs to change. "We've been focused on how to reduce our vulnerabilities," Henry pointed out. "We need to focus on who our adversaries are."

Those adversaries take three main shapes: organized criminal groups largely centered in Eastern Europe that are focused on monetary gain by attacking major corporations; terrorist organizations, which are an increasing threat, particularly to infrastructure; and foreign intelligence service groups operating on behalf of governments that steal data for economic gain, military gain or some other advantage.

While people might run screaming from the threat that a physical bomb presents, they have a harder time understanding and grasping the very real threat of having an unwelcome visitor in their network. "In many cases, the adversary had been in that network for months or even years, and had gone undetected," Henry said, noting such adversaries as trusted insiders, disgruntled employees, or people setting up wireless hotspots, just waiting to intercept vital information.

"We often think of the vulnerability to data; you want to maintain some level of confidentiality," Henry said. "But with the depth and breadth of access that adversaries have right now, they can change the data or completely destroy the data."

That data, along with advanced analytics, is what Valocchi, global energy and utilities industry leader at IBM Global Business Services, came to talk about. "Big data," he said, has replaced "smart grid" as one of the most overused and misunderstood terms used today. Above all, Valocchi emphasized that big data is not a technology trend, but rather a business trend. "If I can't prove the business value, I'm not going to embark on the journey," he said.

The concept of big data refers to the sheer volume of data that's out there — the scale of data (terabytes) and the variety of data. It's coming at us from so many different sources, in near real time, and now even in unstructured forms, Valocchi said. "It's all over the place. And it's coming at us like nothing before," he said. "And real time is coming at us so quickly, we also have to worry about the veracity of the data. How certain are we that the data is good?"

Valocchi summed up the issue surrounding big data with four key characteristics: volume, variety, velocity and veracity.

Although Valocchi called it "early days" for big data, a lot of data-based initiatives are beginning to take off around the globe. A survey of executives found that almost half of the organizations polled are at least having discussions about big data projects. The survey showed that 47% are planning big data activities, and almost a third (28%) are at the pilot and implementation stages.

On top of that, Valocchi said, the big data discussions have moved out of the IT departments into operational, finance and other departments. "It's no longer an IT-driven discussion."

Valocchi reported on five key findings: Customer analytics are driving big data initiatives, which is happening not just in banking, but in industry and utilities as well; big data is dependent on a scalable and extensible information foundation; initial big data efforts are focused on gaining insights from existing and new sources of internal data; big data requires strong analytics capabilities; and the emerging pattern of big data adoption is focused on delivering measurable business value.