By Alejandro Alvarez
The following was published by the Atlantic Council's "New Atlanticist" blog on 23 Oct. 2015.
Increased cooperation between the public and private sector is essential to tackle growing issues with big data security, experts and analysts agreed at a symposium on big data and cybersecurity on Oct. 22 at the Atlantic Council.
The all-day event, “Big Data, Bad Actors,” was jointly produced by the Atlantic Council’s Brent Scowcroft Center on International Security and Thomson Reuters. The conference sought to examine how bad actors use disruptive technology to impact global infrastructure, and what role governments and the private sector play in mitigating the threat.
“Big data and technology is being used by bad actors, whether individual criminals, organized crime, cyber attackers, violent extremists, or human traffickers. It's hard to believe this, but it's true,” said Deirdre Stanley, Executive Vice President and General Counsel at Thomson Reuters.
Unprecedented data breaches are quickly becoming the norm. Within the past year, Sony Pictures Entertainment and the United States Office of Personnel Management (OPM) have fallen victim to two of the largest thefts of confidential information in history.
A report commissioned by the Atlantic Council and Zurich Insurance Group in September determined that the annual costs of being connected are quickly starting to outweigh the benefits.
“That trend doesn't bode well,” said Atlantic Council President and CEO Frederick Kempe. “Unless defense becomes stronger, unless we learn how to deal with the offense of bad actors, and unless the public and private sectors come together to develop a common approach to systemic cybersecurity, the Internet of the future will be a far less reliable engine for growth and prosperity.”
In his keynote address, US Department of Homeland Security Deputy Secretary Alejandro Mayorkas discussed what role the federal government is playing in tracking down and neutralizing bad actors.
“We are extraordinarily capable in identifying individuals whose vulnerability to [cyber attacks] has been exploited by terrorist organizations or individuals,” Mayorkas said, “but we are challenged not just from a resource perspective but from a technological perspective."
Asked what most keeps him up at night, Mayorkas replied: “I would say the use of social media to galvanize an otherwise disenfranchised individual in the United States to follow a terrorist or violent extremist path, and to conduct an attack in the homeland.”
The role of non-state actors on the international stage, especially extremist or terrorist groups, is ever growing, Mayorkas emphasized. It’s all part of a new era in international relations where politics goes hand in hand with the digital age, including big data, said Barry Pavel, Director of the Scowcroft Center.
“We think we're already in a different era of world history, we just haven't named it yet,” Pavel said. “We think it's a 'Westphalian plus' world [where] nation states aren't going away but they're being joined on the stage by individuals and groups who are taking very significant action.”
Some of the most notorious hacks in recent memory may have been politically motivated—there’s evidence actors working under the Chinese government were responsible for the OPM hack, while the source of the Sony breach has been traced back to North Korea.
Whatever the case might be, panelists agreed that data, while hugely beneficial to global society, is now being weaponized on a daily basis. The answer, argued experts, is to look at bad actors as being motivated by identity, and to increase public-private cooperation to combat it.
“Whatever the conversation we have about bad actors, it has to be about identity,” said Jason Thomas, manager of innovation at Thomson Reuters Special Services.
“The direction that we have received from [the Obama] administration is solve this problem in collaboration with the private sector,” Mayorkas added. “We, collectively, are asking questions. We do not yet have a solution, but it is very much a partnership-driven analysis—it is not unilateral.