Unisys could be helping the New Zealand government put flesh on the bones of its cybersecurity strategy.
Unisys Asia-Pacific security head John Kendall was in Wellington last week talking with government agencies on cybersecurity among other security topics. One aspect of the discussions was “what we’re doing with the cybersecurity operations centres we’ve implemented now for a number of different customers,” he says.
An operations centre pulls in and correlates security information from many different sources within and sometimes outside an organisation, typically from heterogeneous equipment and software.
The government published a cybersecurity strategy last year, which was criticised in some quarters as being lightweight and lacking definite proposals.
Kendall, based in Canberra, says he will be talking with “Police, Defence and a number of other agencies” while he’s in Wellington. Topics likely to be discussed include Unisys’s Stealth encryption technology; originally developed for the US government, this allows information up to “secret” level to be transmitted over public networks. The data is doubly encrypted, then “bit-split” into small packets “so even if you had access to both encryption keys, it would be impossible to find all the data and piece it back together.”
Stealth allows users to set up “communities of interest” using Microsoft’s Active Directory, so information intended for a particular community is encrypted with a key specific to that community, which means that session can be seen by no-one outside the group.
Stealth is used by the US Department of Defense, but is also beginning to be adopted by commercial companies such as the Hertz rental car chain, to protect customer information.
Unisys aims to make security more proactive and not purely defensive, Kendall says. The company’s security measures are designed to work in with systems the customer may already have in place, he says, rather than being built as a “monolithic stack” that only relates to other Unisys products.
Kendall is also pitching Unisys’s expertise on the other side of the security coin – intelligence; in particular open-source intelligence (OSINT) – analysis of information gathered from publicly available sources.
The growing amount of data now publicly available through databases, news feeds, social media and many other sources demands powerful analysis tools, he says.
“The problem used to be that we couldn’t get enough information; now the problem is too much information.”
Drawing together information on the same subject used to be an approximate matter of simple keyword matching; now, Kendall says, the language is analysed in a more advanced way; “we match concepts” – representations of the meaning behind the language.
Nor is it enough to gather and match the information, he says; valuable, credible information must be distinguished from “noise”, ill-founded rumour and deliberate disinformation.
This is achieved by a form of reputation scoring of sources; attention is also paid to the time and place of the communication, to take account of the influence of other rumours abroad in the same space.
OSINT techniques are being used by the US Department of Homeland Security and US border control agencies, but these too are creeping into the commercial realm.
These days commerce has taken on some of the characteristics of war, Kendall says; “the right information helps you beat your competitors and the sooner you can get it the better.”
A further complication comes from the fact that a lot of the information on public networks nowadays is in audio and video form, in multiple languages including local dialects; recognition of concepts from such material demands new techniques of analysis.