The Agency’s Security Office held the third ESA International Security Symposium at ESRIN on 13–14 February under the theme ‘Big Data And Security: A New Challenge For “Space”?’, welcoming around 150 experts in the field of security in national and international organisations, as well as industry.
The event was a unique opportunity to address security issues among public and private international and national organisations about the hot topic of big data and security.
The quality of the panel speakers was one of the many factors that made the Symposium a success. Keynote speakers representing international organisations such as ENISA, Europol, ITU, EUSC and INFN, National Security Authorities of ESA Member States, Universities and Industries such as Symantec, Microsoft, Airbus and Silver Athena addressed important security issues they are facing and the manner in which the subjects are dealt with in each of these organisations.
The Symposium underlined as today human activities lead to a data collection and processing on an unprecedented scale, producing the so called Big Data. How big is Big Data? “If we suppose than a Byte is a grain of rice, a Petabyte of data covers Manahattan, a Zettabyte fills the Pacific Ocean and a Yottabyte is an Earth-size rice-ball” said Corrado Giustozzi, Member of the Permanent Stake Holders Group of ENISA.
Big Data also represents change and new approaches, and many executives have sought to understand and appreciate how they can begin to derive value from the advanced application of data and analytics. “Big Data is not just a technological advance but represents a paradigm shift in extracting value” said Prof. Ernesto Damiani of CINI (Consorzio Interuniversitario Nazionale per l’Informatica).
“Big Data information, transparency, free and open access, open technology transfer and global cooperation how can we find the right balance when addressing the relevant and embedded security issues? “said J. Woerner ESA Director General
Big Data can be a double-edged sword, bringing insight, while also posing risks to privacy or abuse when data falls into nefarious hands. When the big data contains personal information, the level of detail is such that gives rise to serious privacy concerns. That is where the European Data Protection legislation, presented by the European Data Protection Officer, comes in and regulates the matter to ensure proper protection of individuals’ personal data. “According to EU law, personal data is any information relating to an identified or identifiable natural person” said Massimo Attoresi from EDPS.
Recently, there have been expressions of fresh concern regarding the risk of Big Data abuses, from data breaches to WikiLeaks and instances of data hacking. This has given rise to growing attention to the application and implications of Big Data.
Therefore when addressing how to reduce security risks in the context of Big Data systems, it has to be holistically approached in relation to which one is the core business of each Organisation.
When we address breaches in Big Data we have to distinguish :
“-Big Data Breach: adversary breaks into the system and sees (a) all available data sources and (b) the internal state of the Big Data system.
No silos boundaries: full playground!
-Big Data Leak: adversary collaborates to the computation of analytics and takes advantage of de-normalization to attract information in regions
-Big Data Degradation: honest-but-curious adversaries will just peek, but a malicious attacker could doctor her own or other people’s data, leading to wrong decisions which may cause permanent damage” said Ernesto Damiani.
An new approach to how to secure the Organisations and its customers in the Big Data context and which are the most effective technique to analyse and predict security incidents, was given by Professor Roberto Giacobazzi, that announced a new method to make surveillance of the cyberspace by surveiling the code and its correlation between the actor and threats.
In conclusion, the only way to cope with the threats and new challenges given by Big Data is: cooperation, as the NIS Directive on cybersecurity aims to achieve. To this end, establishing a standard for cooperation and a common language for infosharing have been indicated by all the speakers as the path to follow.