Dr George Grispos is a postdoctoral researcher at Lero, The Irish Software Research Centre – the Science Foundation Ireland-backed centre for software research. In this interview he talks to TechCentral.ie about how forensic ready systems can help to combat the exponential rise in cybercrime
You are currently working in the area of ‘forensic-ready systems’. How do these systems work and what kind of information do they gather?
The idea behind the concept of a forensic-ready system is that we are looking to design, develop or engineer systems that will allow an organisation to maximise their potential use of evidence and reduce the costs of any investigation. Therefore, when a security incident or attack occurs, a forensic-ready system can help support forensic investigative efforts.
For example, it can assist with the preservation of evidential data, the analysis of an incident/attack to determine root causes and accelerate the restoration of devices and services affected. The information that the system will actually gather will depend very much on the organisation and the purpose of the system. This could include logging user actions with local timestamps (data and time information), network connection information or metadata generated from applications/processes running on the system.
Working in forensics implies the need for a strong relationship with law enforcement. Do you think agencies are suffering from a skills shortage when it comes to cybercrime?
For many years one of the problems that law enforcement investigators (and to a lesser extent investigators within organisations) have faced has been the growing backlog of incidents and investigations. This is because the number and types of cyber-related crimes are increasing exponentially.
For example, bullying or harassment through social networks – like Facebook and Twitter – continues to be a problem and often law enforcement need to be involved. This in turn could delay an investigator from analysing a cyber-attack that has resulted in the defacement of a public website.
As both the number and types of cybercrimes continue to increase, agencies will need more skilled investigators to effectively and efficiently investigate these various crimes. This is where forensic-ready systems can again help. For example, by providing investigators with access to information in a format that can be used to help determine root causes and identify who may be responsible for incidents and crimes.
Agile software development projects adopt a build, deploy, learn model with rapid iterations. That might be good for product development, but where does that leave forensics in the development lifecycle?
The concept of integrating forensics into the development lifecycle is still in its infancy. At the present time, there does not appear to be any approach or method for integrating forensic objectives into the development process.
This is also true for agile software development. From a forensics perspective, agile development could end up following a similar approach as we take with security requirements. This is because in a sense security and forensics are very similar.
Whilst the purpose of security is to ensure the confidentiality, integrity and availability of a system, forensics provides us with the ability to investigate attacks or incidents involving these principles. This could mean that ‘forensics engineering’ activities would follow a similar approach to those for security requirements engineering in the agile world.
We’re hearing more about ‘privacy by design’ and the message is getting across thanks to the upcoming General Data Protection Regulation. How does the ‘forensic by design’ message get out there? Does it take another WannaCry-scale attack?
It might have to! It has taken a long time for regulators and lawmakers to promote approaches like privacy by design and we could see similar timelines with forensic by design.
While attacks such as WannaCry will definitely keep the message of forensic by design in the spotlight, organisations can actually get other benefits out of a forensic-ready system than just forensic investigations.
For example, a forensic-ready system can support disputed transactions and also provide verification for legal and regulatory compliance. If forensic-by-design can be integrated into a specific legal or regulatory obligation, like we have seen with privacy by design and GDPR, we will eventually notice that more organisations could use the approach to fulfil these requirements.
We often hear that the weakest link in IT security is between the chair and the desk. What can be done at the technical level to reduce the impact of human error?
While there are several technical measures that can be used such as cryptography, password management and access management, we need a combination of these and other non-technical measures to reduce the impact of human error. Education can also play a big part in reducing human error, but more importantly we need to remove the ‘blame game’.
Other industries such as aviation, healthcare and rail all suffer from incidents caused by human errors. But these errors are an opportunity to actually learn and improve from the incident because human life could actually be at stake.
Although in information security the outcome is very rarely the loss of human life, we need to take a different light to how we view human errors and look at why the human actually caused the error. Often, we might find culture and process issues deep down as the root cause. As a result, we might need more than just technical controls to reduce human errors, if we have cultural or process issues that are causing these problems.
Subscribers 0
Fans 0
Followers 0
Followers