Visible to the public SoS Musings #12 - The Trouble with DataConflict Detection Enabled

SoS Musings #12

The Trouble with Data

There is a growing concern about data on or accessible by the Internet. Businesses are worried about their legal responsibilities and liabilities for data. A FTI consulting study highlights the State of the Union on Data Privacy and Security. "A clear and recurring theme is that in-house legal teams are under greater pressure to meet ever-changing and increasing data-related challenges," said Chris Zohlen, a Managing Director in the Technology segment at FTI Consulting and co-author of the study. Several participants said that they do not believe their organizations are safer than they were five years ago. Cloud storage and GDPR regulation were among their concerns.

The growing IoT aggravates the problem. We are in a zettabyte era. A Tripwire article explores what it means and advocates for using Artificial Intelligence (AI) tools and also being smart about and honest about what are dealing with. It reports that the Cisco 2017 Annual Cybersecurity Report reveals to us that less than half of legitimate alerts actually lead to some sort of correction and less than 1% of severe/critical alerts are ever investigated.

In 2016 an article in the Federal Technology Insider proposed a three-step triage to avoid alert overload. This consisted of: Set a Goal (categorize alerts and reduce false positives), Get the Right Information (have the alert include device name and rule that generated the alert) and Consolidate (informational alerts should be given in a daily or weekly fashion). Helpful advice if you could do it but impractical given volume.

An article in Infosecurity magazine reports: A full 80% of organizations receiving 500 or more severe/critical alerts per day currently investigate fewer than 1% of them. According to research from Enterprise Management Associates (EMA), it's mainly a resource issue: Not only do 68% of organizations suffer from some sort of staffing impact to their security teams, but larger organizations are collecting gigabytes to terabytes of data each day. In the end, detailed analysis showed that in aggregate, 80% of the organizations receiving 500 or more severe/critical alerts per day were only able to investigate 11 to 25 of those events per day, leaving them with what EMA characterized as "a huge, and frankly insurmountable, daily gap."

In March GCN magazine reported on GSA's recent plans for modernizing IT infrastructure. Based on direction from the White House, the General Services Administration's Technology Transformation Service is taking the lead to help agencies modernize their IT infrastructure. Joanne Collins Smee, acting director of TTS and deputy commissioner of the Federal Acquisition Service, outlined GSA's priorities for the next year at a March 1 AFCEA Bethesda event. Smee listed action items from the American Technology Council's December report on IT modernization, the creation of five Centers of Excellence at the Department of Agriculture and the administration of the Technology Modernization Fund (TMF) as her top priorities to modernize government systems. The five CoEs are: Cloud Adoption, Infrastructure Optimization, Customer Experience, Contact Center, and Service Delivery Analytics. Privacy and Security do not appear.

AI can provide help but more is needed. Privacy and Security should always be addressed, especially at the inception of a new system. We are going to continue to want and need more data. Strategic scientific research to discover provable methods to lessen the attack surface; which assures the designers and users, needs to be strongly supported and grown.