Market Need

Market Need

GUD Content-Centric Security (CCS) is generally applicable wherever it is crucial to ensure the integrity of information throughout its life-cycle. CCS provides a real-time, sustainable information assurance software architecture that mitigates enterprise risk and supports compliance for a burgeoning host of mandates from numerous regulatory bodies. As the cost of compliance becomes increasingly onerous, it becomes increasingly necessary to develop technology tools to lessen the impact.

Supply chain participants with varying trust levels are now exchanging increasing amounts and types of content, using a growing number of devices and applications. Each represent significant information assurance vulnerabilities: it is critical not only that the sender and receiver of content are who they claim to be, but also that the information exchanged is both deemed unimpeachable and protected from intentional manipulation.

The existing Network-Centric Security (NCS) approach has three major vulnerabilities:

To manipulation of data before it is exchanged;

To modification of content after an authenticated session has been established;

To authorized insiders acting as rogue parties.

Security breaches and inadvertent leakage are inevitable with current state-of-the-art authentication, because NCS separates content from controls. There are many recent examples of NCS-related disasters.

Congress recently learned that documents exposed after Peer-to-Peer (P2P) file downloads inadvertently published the Pentagon's entire secret backbone network infrastructure diagram, classified contractor data regarding improvised explosive devices (IED), terrorism threat assessments for U.S cities, and information from five Department of Defense information security system audits. *

Citigroup had 3.9 million banking records stolen after a sophisticated attacker successfully manipulated the electronic shipping manifest and redirected the deliveries to the rogue party.** The CIA in unprecedented fashion recently announced that cyber criminals, in an extortion attack, had successfully hijacked computer systems and disrupted several utility company power grids in foreign countries.*** Every day, we learn of private and public entities with compromised electronic files, many of which include highly sensitive or proprietary data.

Equally alarming is the fact that e-crime is becoming harder to prosecute due to the inability of prosecutors to authenticate electronic evidence and prove in unimpeachable fashion that the electronic evidence gathered has not been manipulated. The above examples represent a few of what are becoming regularly announced major problems. The root cause of these breaches is dependency upon centralized authorities, which separate electronic content from security controls.

Because of the structural complexity of existing information sharing architecture, existing systems are vulnerable to increasingly sophisticated attacks. Attackers may be insiders, competitors, organized crime, terror groups, or rogue nation states.

While the cost may be high for compliance to internal quality assurance, business process rule-sets, and external regulatory mandates, the cost of failure can be catastrophic.

*“Classified U.S. Military info, corporate data available over P2P'” Computerworld, 7/25/07

**“E-Hijacking new threat to trucking”, Fleet Owner.com, Sean Kilcarr, 11/3/2005

*** “Hackers Have Attacked Foreign Utilities, CIA Analyst Says”, WashingtonPost.com, Ellen Nakashima and Steven Mufson, 1-19-2008