Back to blogs

Blog | FEB 28, 2022

Data Sabotage – The Risk of Blind Faith in Data

Cyber SecurityData Notarization

Imagine the impact on your business when you make decisions based on manipulated data. What happens if attackers hijack smart sensors or other critical devices and send fake data to manipulate decisions made by operators, data models or applications? The growing number of IoT devices and data-driven decision-making is increasingly enticing attackers to not only steal or encrypt data but also actively tamper with it. Such “industrial fake news” has the potential to cause even more damage than the fake news on social media. Tributech’s technology provides data security from the outset to reduce blind faith in data and establishes more credible trust from the sensor to the consumer.

The next big threat in IoT

Most companies these days realize that they cannot afford to turn a blind eye to topics such as data security, encryption, and access management when dealing with data of any kind in their daily business. In practice, however, we see that companies often struggle to answer the question of how to ensure that their data is not damaged or tampered with between data sources and the respective data consumers, whether internally or when data is shared with customers, suppliers, and partners. Damaged data can come from many sources like failures in data export or transfer, issues with a database, or even a malicious actor that is interfering in between.

There is a trend across almost every industry towards amassing larger amounts of data, increasing interoperability between systems, and transferring data across companies. These intersections and handovers of data from one system to another increases the risk of being vulnerable to data sabotage.

Tampered data is already a huge challenge in the media and marketing industry, where it’s referred to as “fake news”. The term describes the deliberate misrepresentation of information to influence people’s decision-making and beliefs. It’s believed that fake news entered the public’s consciousness in 2016, when Buzzfeed editor Craig Silverman discovered a stream of made-up stories originating from the same Eastern European town. Since then, fake news has become a major problem that has swayed elections, influenced major political referendums such as Brexit, and has harmed the credibility of every single piece of content on social media, fake news or otherwise.

Data sabotage targeting IoT

Analysts at ABI Research estimate that 25 percent of cyberattacks will target IoT devices in the next couple of years. This means that companies need to be aware of the trend of deliberate misinformation and the potential impact if IoT data is targeted. Tampered IoT data can cause tremendous harm to businesses as it is used for interpretations, decisions or actions triggered within a company – it may even endanger the safety of people when security mechanisms are triggered by data inputs.

As a recent example published by Bloomberg shows, hackers attacked critical safety equipment of an energy grid and transmitted fake sensor data to confuse operators making crucial decisions.

Bloomberg Quote

As in this example, it is not possible for many users or applications to detect data that has been damaged or tampered with between the source and the consumer. Even end-to-end-encryption is usually not capable of covering the entire data pipeline and is limited to verifying data only within the transmission process.

Encryption is not enough

The growing extent to which businesses, infrastructures, data platforms, companies, etc. are interconnected means that data “moves” across system boundaries during its lifecycle and is used for different use cases. Encrypting data end-to-end helps ensure that data is unaltered when in transit or at rest. However, it has limited capabilities when

  • data is transferred across different systems

  • there is a time delay when the data is transferred from the source to the consumer

  • end-to-end encryption only covers parts of the data pipeline or

  • there are data scheme transformations.

For example, a company that operates energy generators, collects production data and stores it in its infrastructure. A selection of this data is transferred to the energy provider for reconciliation and billing once a month. Although the data is encrypted end-to-end, it is not possible to guarantee that the data is unaltered due to the time delay between the data transfers and the transmission across system boundaries.

Data notarization mitigates risk of data sabotage

To overcome these issues, systems require an additional layer of security that allows companies to verify and audit data at any point in time, regardless of the layers in between. Enter our Data Notary Service – a blockchain-based auditing solution to verify the integrity and origin of data.

This data notary service helps you to keep deliberate misinformation away from your IoT-platform or data service by acting as an independent party at the data source that verifies origin and integrity of the data. The principle is equal to a notary in the physical world: A notary is an independent body that certifies documents for your company.

One part of data notary service is located directly at the data source and creates cryptographic proofs of the data, which are securely stored in a blockchain-based trust layer. The second part of the data notary service is integrated in the backend and enables the consumer of the data to verify origin and integrity across systems and companies at any time – even of high-frequency data streams.

Interested in protecting your business?

Our technology provides an enterprise solution for a data notary that can easily be integrated into existing data platforms and processes. If you are interested, do not hesitate to reach out and contact us.

Thomas Plank
CEO, Tributech

Blog | FEB 28, 2022

Contact us

Interested in protecting your business? Get your data notary that can easily be integrated into existing data platforms and processes.