Generating reliable data: a must when it comes to cybersecurity
Taking the right decision is impossible without the ability to collect, generate and make available reliable and secure data, within a necessarily short response time. Secure data management has become one of the basics of any IT system protection policy, and a vital challenge for Industrial Control Systems (ICS).
Supervision can ensure that system operation is monitored and assessed in real-time. However, in increasingly critical environments, this kind of supervision implies broad-ranging and fine-grained data collection. The collected data must be sufficiently varied to improve intrusion detection techniques, while developing new risk detection capacities. The aim is to create supervision systems that are simultaneously “smart”, “self-learning” and “responsive”. This is unattainable unless more attention is given to achieving the level of data quality and reliability that is required for this kind of analytical process. There are many hurdles to overcome to achieve that aim. For instance, how do you make sure that an intrusion has not been concealed by altering daily data? Or that data has been generated by a particular ICS or by one of its components? Or that the system is not being “misled” one way of the other? Not to mention the constraints related to confidential or personal data traceability. All these questions refer to the same issue, i.e. how to produce trustworthy, reliable and secure data. This is obviously even more crucial when dealing with Industrial System Control data.
Producing reliable and anonymous data
The Cyber CNI Chair’s expertise is therefore partly focused on building and developing ad hoc solutions to ensure reliable and trustworthy data traceability. In other words, making sure that supervisors or IT managers can rely on the integrity and source of the data processed by their systems. Whenever collected data is labelled as “confidential” or “personal”, the data protection systems must make sure the data cannot be disclosed or re-identified. Many different techniques have been developed over the last few years to anonymise this kind of data, in particular via k-anonymity or different kinds of l-diversity protection. One of the research paths explored by the Cyber CNI Chair is to adapt these techniques in order to anonymise and secure the collected data. The problem is ensuring that the anonymised data will remain relevant and useful for supervision purposes, depending on the processing mode (i.e. aggregation, merging, correlation, etc.). Further work remains to be done in the field of “Big Data” environments and the adaptation of all the different ICT protection systems to these new environments.