Try for free
    30.01.2018

    CIA triad: history and modernity

     

    From a historical perspective, information leaks always caused problems. And it was not less serious for the people concerned – executions, persecutions, wars, loss of property, etc. The time has passed and the amount of people involved has just increased. Now, when we hear about a leak, not only royal and noble ranks but common people are concerned whether their data is affected.

    The basis of information security is a triad of its properties - Integrity, Accessibility and Confidentiality – known as CIA triad.

     

    Integrity

    Modern technologies allow you to control the integrity of information by means of hashing procedure. For any set of information, hashing will produce a unique set of characters (hash sum). It is completely unique even if a letter of the source text is replaced or a pixel in the image is repainted. With almost full confidence, hashing allows control the integrity of information transfer and is used with electronic signature, for instance.

    One of the ambitious projects to correct the violation of integrity was a large-scale revision of the church service-books of the Russian Orthodox Church launched by Patriarch Nikon in the 17th century. The thing was that these books were originally translated from Greek often with errors and through centuries were copied by clergymen each of whom somehow distorted the text. In order to identify the mistakes, Nikon decided to refer to the Greek original and rewrite all the church texts. Part of the clergy did not agree with revision. That became the next reason for the split of the Russian church.

    "Fictitious entry" has become an elegant way to notice a leak in the context of information integrity. In the middle of the last century, encyclopedia compilers and cartographers made significant efforts to produce their work. Unscrupulous competitors could easily take advantage of that job. It was almost impossible to prove plagiarism in such cases. However, if the author added a small piece of false information to a true one it became easier to identify the plagiarism. A fictitious entry is copied along with the other text. So did the publishers of The Trivia Encyclopedia. As a trap they placed in the book a deliberately misleading information about the name of detective Colombo. After this they could sue Trivial Pursuit Quiz for the use of some of their questions and answers. In the same way, false streets are placed on the maps and nonexistent numbers appear in telephone books.

     

    Accessibility

    The accessibility of information means that users that have required access rights could always use these rights – to have access to information first of all, and also to store it, modify, copy and use.

    To use any information you need to know it. But sometimes it's not so simple. Without modern technologies data exchange was carried out with the help of runners. The postal system in ancient Greece was well established in the form of land and sea mailing. As a rule to transfer the messages governments sent foot messengers. They called them ‘hemerodromes’. And the most famous of them was Pheidippides. According to Plutarch's legend in 490 BC the messenger reported to Athens about the victory in the Battle of Marathon before collapsing and dying.  

    In 1877 the Italian astronomer Giovanni Schiaparelli composed one of the first descriptions of the Martian surface. During the planet's "Great Opposition", he observed a network of linear structures on the surface of Mars which he called "canali" in Italian, meaning "channels" (indicates an natural construction) but the term was mistranslated into English as "canals" (indicates an artificial construction). Among the most fervent supporters of the artificial-canal hypothesis was the American astronomer Percival Lowell, who spent much of his life trying to prove the existence of intelligent life on the red planet. He theorized that an advanced but desperate culture had built the canals to tap Mars' polar ice caps, the last source of water on an inexorably drying planet. As these assumptions were popularized, the "canals" of Mars became famous, giving rise to waves of hypotheses, speculation, and folklore about the possibility of intelligent life on Mars, the Martians.

     

    Confidentiality

    All confidential information contains value. Here a secret arises as well as those who guard it and those who seek to get it and use. Before the main media tool was invented - the printing press - the secret was whispered in one's ear or passed on in a sealed envelope.

    Leaks became an instrument of political battles in ancient Rome filled with intrigues, betrayals and insurrections. That happened to the conspiracy led by Sergius Catilina. The secret organization failed because of anonymous letters. They came to high-ranking Romans who passed them on to Cicero. Using the evidences and the gift of eloquence (through which we know him) Cicero convinced the senators that the Roman Republic was in danger. The plot was uncovered, and five conspirators were executed.

    However, that was a time when there were no mass culture and mass media. And there was no explicit request for "truth" from another participant of history - the people. The newspapers started to help actively disclosing confidential and sensitive information. Secret data appeared in print. Its publication began to influence society leading sometimes to large-scale results.

    For example, the story of the XVIII century when correspondence between the Governor of Massachusetts, Thomas Hutchinson, and a member of the British government occurred. It contained information about the infringement of the rights of Boston citizens and indulging the interests of Britain. The letters were published in the local newspaper. And this greatly increased tensions, which eventually led to the war for US independence.

     

    Information leakages nowadays

    We live in the information digital era. Data volumes go off scale, and the sensitivity of society has only intensified. Therefore, modern leaks are huge and have large-scale consequences.

    Just remember the publishing of Panama Papers containing 11.5 million files with personal and financial data. An even greater volume - data on 170 million credit and debit cards and personal information of its owners - the result of three-year hackers activity led by Albert Gonzalez. Sony's loss of $ 3 billion in 2011 as a result of the leakage of names, birth dates, mail and physical addresses, logins and passwords, purchase histories and payment addresses of 77 million PlayStation Network users.

    Leaks started to lead to multi-million dollar losses. It became harder for companies and state institutions to protect themselves.

    Through the past few years, the loss of confidentiality hit heavily the National Security Agency and the US Central Intelligence Agency. For the first time newspapers talked about the NSA and the CIA in this context. After one of the specialists who worked both in these departments copied and leaked 1.7 million secret files concerning the total surveillance of communications between citizens of many countries around the world led by American special services. This specialist was Edward Snowden. After the incident, the information about the activities of the American special services poured down. The latest notable cases were the hacking of NSA systems by hackers from The Shadow Brokers and the leakage made by an unknown informer of the Vault 7 document package containing information about the CIA's methods of work.

     

    Obviously, the world outside the window since the time of Cicero to Edward Snowden has changed. Although these stories have much in common. People that possess information have a serious power added. However, no one is insured against leakage. The circumstances and ways of leakages may differ a lot - from Greek papyri to network gateways - the decisive factor is always the human component. Therefore, the work with people must be under the first attention in the context of ensuring information security. It is necessary not only to protect the perimeter of the organization by technical means, but also to conduct ongoing analysis and work with the personnel. 

    Important publications

    The SecureTower DLP system

    • Protection against data leaks caused by employees
    • Control of employees' work on computers
    • Identification of potentially dangerous employees (risk analysis)