If cybersecurity technology developed in Estonia had been implemented in the US, NSA leaker Edward Snowden would have been detected and stopped, according to the developers of a pioneering detection and verification technology.
The Baltic state has been at the forefront of digital security innovations since a then-unprecedented cyberattack toppled large parts of the country’s infrastructure for three weeks in 2007. In the aftermath, Estonian scientists have developed world-leading defences to ensure the country’s digital systems aren’t compromised again and records not lost or manipulated.
They’ve highlighted grievous holes in other country’s defence systems, including those which enabled Snowden to leak data and cover his tracks.
Current security practices require large organisations, including governments and multinational organisations, put their trust in outsourced security providers, cyber-security appliances, firewalls, security-critical configurations and the credentials of the administrators and auditors who manage those systems. Every point in this system is a site of potential leak or manipulation, as shown in the example of Snowden, who worked for NSA contractor Booz Allen Hamilton as an expert in cyber counterintelligence and had access to NSA systems. One of the obstacles for large organisations is the difficulty of continually verifying their trust in these systems and managers is well-founded and thus their data is secure.
Weaknesses in this chain provide inroads for integrity attacks, those which attempt to corrupt data to undermine trust it in or the system itself. The vast majority of cyberattacks to cloud service providers, governments, multinational enterprises, and connected devices are thought to be integrity attacks.
Estonian scientists have thus developed a system, called Guardtime, which provides real-team monitoring of the integrity of digital events. It’s described as a “near-perfect detection technology,” verifying and attributing each event on networks in such a way that the privacy of each event is preserved but their integrity can’t be denied.
Guardtime’s Keyless Signature Infrastructure (KSI) provides independently verifiable proof of data creation time, authenticity and identity without relying on cryptographic secrets or trust anchors like administrators. It, therefore, demonstrates in real-time the truth behind every data object, rather than the trust invested in it.
Therefore it makes it impossible for insiders like Snowden or external cyber attackers who gain entrance to the system to cover their tracks.
Dr Ahto Buldas, chair of information security at Tallinn University of Technology and chief scientist at Guardtime, said: “In Estonia, Edward Snowden could not have committed his unauthorised act. With real-time monitoring of the integrity of digital events, his attempt to cover his tracks would have raised an alert and he would have been held accountable for his actions.”
Matt Johnson, distinguished veteran of the United States Air Force Office of Special Investigations and Guardtime CTO, said: “Guardtime allows organisations to identify and visualise threats and changes to important intangible assets and data; such as copy and transfer, deletion, and manipulation – all in real-time. Our integrity instrumentation allows you the fundamental ability to tag, track, and locate your assets in cyberspace. A GPS for data.”
The UK government has been offered access to the new technology, which is said will facilitate big data governance while preventing data breaches and corruption by proving integrity and accountability.