Chris previously led business development for Impermium, a cybersecurity startup that was acquired by Google. Prior to that, he was the Product Director for Plan X, a Department of Defense cyber warfare research and development program at DARPA. He also served in the Obama Administration as the Director for Cybersecurity Legislation and Policy on the National Security Council staff in the White House.
Finan’s presentation addressed the topic: “Cyber Tampering: The More Pernicious Risk, and Why We Need to Tamper-Proof Our Society.” Drawing upon his experience in working on cybersecurity policy for the White House, he explained how the government has been challenged to keep pace with changing technology: “Policy always lags technology, so when you think about policy responses to issues that emerge from technology, you really have to think about responses that have a lot of play in the joints, so they can grow and live as the policy advances.”
Finan explained that his firm focuses on “tamper-proofing” technology, ensuring that the data within systems cannot be changed or manipulated. He argues that “manipulating data, undermining the integrity of systems, is a graver threat than simple theft of destruction.” Citing examples like military logistics, command-and-control, and financial systems, he says that the impacts of data tampering are vastly underestimated. “I think there needs to be more focus on data integrity,” he said. “We’ve tended in cybersecurity policy to put a lot of emphasis on confidentiality, some emphasis on availability, and very little emphasis on integrity…. I’d like to think about ways that we can spur greater focus on integrity.”
Among his recommendations for mitigating this risk: assume that credentials will be compromised, assume that air-gapping is not wholly effective in reducing risks, create immutable data stores, and use distributed ledgers.
To hear more of Finan’s presentation—including his recommended mediations—watch the video below. The slides are available here.