为避免网络攻击，公司当如何防止数据操纵？

2017年，康拉德·沃伊特入侵了密歇根州沃什特诺县监狱的IT系统。沃伊特的一位朋友在那里服刑，于是他篡改了该县的电子监狱记录，把他的释放日期提前。幸运的是，监狱工作人员找到了能证实这一骗局的书面记录，立即通知了联邦调查局和国土安全部。沃伊特现在和他的朋友一起服刑。

这个数据操纵的例子展示了网络攻击的一个新战场：这种攻击破坏了人们对数据可靠性的信任，而正是这种信任驱动着日益数字化的世界前行。

新闻里的网络攻击往往分为两类：窃取敏感数据、切断数据访问的勒索软件攻击。然而，高级军事和情报官员认为，操纵数据本身构成的威胁可能最大。曾任美国网络司令部（Cyber Command）和国家安全局（National Security Agency）局长的罗杰斯上将曾作证说，他认为最糟糕的网络事件是“大规模的数据操纵”。由于几乎所有东西都已经数字化，大量数据在全球范围内相互关联，数据操纵造成的威胁几乎覆盖了所有行业和部门。

据《华尔街日报》（Wall Street Journal）报道，如今，多达85%的股票交易是在“自动驾驶”模式下进行的，“由机器、模型或被动的投资公式控制”。事实上，快速、自动化的交易模式遍及整个金融市场和各大交易所。这种模式依赖复杂的算法，需要输入来自于多个数据源的数据，包括股价和其他市场的趋势等。如果黑客暗中改变输入算法的基础数据，就可以诱使计算机程序执行能够导致“瞬间暴跌”的交易，给整个市场造成严重破坏。

工业生产也同样容易受到影响。2017年，黑客部署了一种新型恶意软件Triton侵入沙特阿拉伯的一家石油化工厂。黑客入侵了工厂的技术操作系统，更重要的是，入侵了工厂的安全控制系统——这是防止设备故障和潜在灾难性爆炸或火灾的最后一道防线。Triton内置自毁程序，该程序将创建“无效数据，以覆盖其操作痕迹”。幸运的是，Triton的操作软件仅导致工厂关闭，而没有引起爆炸。

与此同时，深度造假正在改变全球政治。那些被篡改的音视频逼真地展示着那些从未发生过的事情，从未说过的话。他们使用机器学习算法和人脸映射软件来模拟真人。把迈克·泰森的脸换成奥普拉·温弗瑞或把尼古拉斯·凯奇的脸换成艾米·亚当斯（饰演超人女友露易丝·莱恩），可能会挺有趣。

但美国国防部却笑不出来，因为有可能会出现一段假的但相当可信的视频，视频中某位世界领导人或许正在煽动暴力或宣战。美国国防部先进研究项目局（Defense Advanced Research Projects Agency）推出了一项重大举措，以打击“大规模自动化虚假信息攻击”。他们的想法是利用算法和机器学习来实时处理成千上万的视频和图像，寻找“不一致语义检测器”。

在今天这个新的数字世界里，我们无法完全相信自己的眼睛和耳朵。对企业而言，这种风险已经成为现实，不再仅仅是理论：最近，一名利用深度伪造技术冒充的首席执行官在电话中成功指导下属进行欺诈交易，令企业领导人和执法部门深感不安。

是时候让所有组织都适应这一现实了，是时候让普通人在自己的数字生活中加入一个新问题：“如何确保我看到的是真实的？”网络安全最重要的是对分割后又重新编目的网络和数据保持警惕。为了提防数据操纵，有三点最重要：指纹识别、终端可见性和备份。

数据完整性的基础是对文档和数据进行指纹识别。在此过程中，通过软件嵌入一个惟一的、与组织的数据清单匹配的文本串来验证数据。这在外人看来无害，同时让信息所有者能够验证自己的数据。

除了在创建信息时就做好信息验证外，组织还需要保护好信息的存储和访问。组织中使用的每一种设备都需要设立专门账户和规划方案——不仅是计算机和智能手机，还有存储驱动器、接入的显示器和设备。这些“终端”中的每一台设备都可以成为进入门户的门户——也可以成为早期预警系统，从而保护组织中更大的网络不受侵害。终端安全可靠是防范数据操纵攻击的重要手段。

任何曾因软件崩溃丢失文件、将笔记本电脑落在机场安检处或手机被盗的人都知道数据备份有多重要。同样的原则也适用于网络被破坏的银行，所有的客户和账户记录都被替换成了篡改后的数据。为了重新生成几十万条准确的记录，银行需要有之前的（但是最近的）未被损坏的数据组。与之类似，组织需要不断地备份和保存重要的数据和文档——保存在单独的网络中，这些数据和文档可以用来进行数据和流程的交叉检查，还可以快速重建损坏的系统。

纵观历史，技术变革迫使社会为了追求真相和信任做斗争。印刷机、摄影、无线电、移动图像和PS技术都改变了人们对真实、想象和伪造的理解。在这个新时代，网络不法行为正在侵蚀人们对金融、工业和政治体系的信心，公共部门和私营部门都有责任在一个欺骗日益增多的时代，努力维护人们的信任。

皮特·J·贝沙是威达信集团（Marsh & McLennan Companies）的执行副总裁兼总法律顾问，经常就网络安全问题在美国国会作证。阿里·马海拉斯是美国联邦调查局纽约外勤办公室负责反情报和网络行动的特工。

In 2017, Konrads Voits hacked the IT system of the Washtenaw County Jail in Michigan. A friend was serving a sentence there, so Voits digitally altered the county’s electronic prison records to accelerate his scheduled release date. Fortunately, jail staff found paper records proving the deception and promptly notified the FBI and Department of Homeland Security. Voits has now joined his friend serving time behind bars.

This example of digital data manipulation is a harbinger of a new frontier in cyber attacks: a breach of trust in the integrity of the data that powers the increasingly digitized world.

The cyber breaches that make the news tend to fall into two categories: the theft of sensitive data and ransomware attacks that cut off access to data. Yet, senior military and intelligence officials believe that manipulating the data itself may pose the greatest threat of all. Admiral Mike Rogers, former head of the U.S. Cyber Command and the National Security Agency, once testified that his worst-case cyber scenario involved “data manipulation on a massive scale.” As virtually everything becomes digitized and globally interconnected by vast volumes of data, the threat posed by data manipulation spans virtually every sector and industry.

Today, as much as 85% of stock market trades happen “on autopilot,” as the Wall Street Journal reported, “controlled by machines, models, or passive investing formulas.” Indeed, rapid-fire, automated trading cascades across financial markets and exchanges. It relies on complex algorithms using inputs from multiple data sources, including share prices and other market trends. If hackers surreptitiously alter the underlying data feeding the algorithms, they can induce the computer programs to execute trades that precipitate so-called flash crashes that cause havoc in the markets.

Industrial production is similarly susceptible. In 2017, hackers deployed Triton, a new form of malware, to penetrate a petrochemical plant in Saudi Arabia. The hackers gained access to the plant’s operational technology systems and, critically, its safety controls—the last line of defense against equipment failure and potentially catastrophic explosions or fires. Triton included a built-in self-destruct program that would create “invalid data to cover its tracks.” Fortunately, Triton’s operational malware caused the plant to shut down rather than explode.

Meanwhile, deepfakes are altering global politics. These manipulated bits of video and audio realistically display something that never happened or was never said. They use machine learning algorithms and facial-mapping software to animate real people. It may be funny when it’s blending Oprah Winfrey into Mike Tyson or Amy Adams (as Lois Lane) into Nicolas Cage.

But the Department of Defense (DoD) isn’t laughing so much, given the possibility of a fake but believable video of a world leader inciting violence or declaring war. The DoD’s Defense Advanced Research Projects Agency has undertaken a significant initiative to combat “large-scale automated disinformation attacks.” The idea is to deploy algorithms and machine learning to instantaneously process hundreds of thousands of videos and images searching for “semantic inconsistency detectors.”

In today’s new digital world, we can’t always believe our own eyes and ears. The risk is no longer theoretical for companies: Corporate leaders and law enforcement were recently rattled by a deepfake impersonating a CEO successfully directing a fraudulent transaction over the phone.

It’s time for all organizations to adapt to this reality and for individuals to add a new question to their own digital lives: “How do I know what I’m seeing is real?” The most important cybersecurity practices require the constant vigilance of segmented and inventoried networks and data. For data manipulation, three aspects rise to the top: fingerprinting, endpoint visibility, and back ups.

The foundation of data integrity will be fingerprinting documents and data. The process uses software that authenticates data by embedding a unique, identifying text string that matches to the organization’s data inventory. While it looks benign to outsiders, it gives the owners of the information the ability to validate their data.

In addition to verifying information at its creation, organizations need to secure it where it’s stored and accessed. Every device used in an organization needs to be specifically accounted and planned for—not just computers and smartphones, but storage drives and connected monitors and devices. Each of these "endpoints" can really be gateways into a network—or early warning systems to protect an organization's larger network from being compromised. Sound endpoint security can be a vital guard against data manipulation attacks.

Anyone who’s lost a document to a software crash, left their laptop at airport security, or had a phone stolen knows how important it is to back up their data. The same applies to a bank where the network’s been compromised, and all customer and account records replaced with altered data. To regenerate hundreds of thousands of accurate records, the bank needs an earlier (but recent) set of uncorrupted data. Similarly, organizations need to be able to constantly back up and preserve, in separate networks, vital data and documents that can be called on to crosscheck data and processes, and quickly rebuild corrupted systems.

Throughout history, technological changes have forced society to grapple with truth and trust. The printing press, photography, radio, moving images, and Photoshop all precipitated shifts in what can be understood to be real, imagined, or counterfeit. In this new era of cyber malfeasance that threatens to erode confidence in financial, industrial, and political systems, it’s up to both the public and private sectors to focus on safeguarding trust in a time of increasing deceit.

Peter J. Beshar is executive vice president and general counsel of Marsh & McLennan Companies and has testified frequently before Congress on cybersecurity matters. Ari Mahairas is the special agent in charge of counterintelligence and cyber operations at the FBI’s New York Field Office.