Technology developed in partnership with the Estonian government that helps to protect against theft or manipulation of data has been launched in the UK, aimed at helping government organisations to more securely share information.
Guardview, a product based on Keyless Signature Infrastructure (KSI) technology, allows organisations to identify threats and changes to electronic activity, data, software or infrastructure, developed following cyber attacks on the Estonian Government in 2007.
Rainmaker Solutions, the company that has brought Guardview to the UK, describes it as a 'GPS for data' because it lets you 'tag, track, and locate your assets in cyberspace'.
Current cyber security solutions usually work by looking for patterns of compromise and rely on trusted individuals who could breach protocols by circumventing the protection and covering their tracks. They do not provide a way to verify that your data is safe. UK government organisations often use an amalgam of these security products - called 'defence in depth' - including firewalls, virus and vulnerability scanners.
"Often government security solutions focus on the confidentiality of information rather than integrity", says Tim Hanley, Partner at Rainmaker Solutions. But according to the company, the vast majority of attacks to cloud service providers, Governments and multinational enterprises are integrity attacks.
"Confidentially is important, like making sure personal details for citizens are not stolen, but integrity is much more important. The consequences of someone changing your blood type, immigration status or criminal record data could be catastrophic", Hanley says. "By focusing on confirming the integrity of information system security, the integrity of data, tracking data and ensuring that audit trails have not been tampered with, Guardview independently automates verification online or offline".
If a data integrity breach does occur, Guardview provides an audit trail with information on time, integrity and provenance, without the need for human verification. The software can be configured to take various actions such as to stop the data from leaving the organisation's network, report the incident for human intervention, block the individual user or create a heat map of incidents.
The product is already in use by the Governments of China, Estonia, Malaysia, Philippines, Thailand and the US. Now, Rainmaker Solutions, in partnership with Guardtime, plans to bring it to this country's public sector. "We have only just brought this product to the UK and so will soon be starting conversations with UK government organisations we know are interested."
Hanley says that Guardview could also be used by UK Government organisations to show citizens which of their personal data have been viewed and either legitimately or fraudulently amended.
"The Government wants to share more data between public sector organisations and thus create a more complete picture of an individual. But Government also wants to address the concerns of privacy organisations and campaigns. A great way to do that would be to provide an independently-verifiable view to each citizen of who has been accessing data related to them and what changes have been made".
Guardtime Chief Scientist Dr Ahto Buldas invented KSI. In a press release Buldas said: "In Estonia, Edward Snowden could not have committed his unauthorised act [with KSI in use]. With real-time monitoring of the integrity of digital events, his attempt to cover his tracks would have raised an alert and he would have been held accountable for his actions."
Earlier this week, Business Secretary Vince Cable announced a £4m competition for UK companies to develop ideas to combat cyber security threats, run by the Government's Technology Strategy Board starting in 2015.