INTRODUCTION:
In IT/CYSE 200T I learned about how technology is related to Cybersecurity while developing our understanding of the whole system as well. Throughout the semester I wrote multiple papers and discussion boards relating to topics discussed in class and I will be sharing the best ones on my page. I want future employers to get a basic understanding of my thoughts on certain topics and ability to gain and transfer information.
The CIA Triad
Overview:
The CIA Triad is made up of three things which are confidentiality, integrity and availability and these things set up the guidelines for security when it comes to information. Each of these has its own purpose and they work together to achieve the goal and not separately, which is an important aspect to remember. The Authentication vs Authorization subtopic deals with the exact job each of them does. Authentication has the job of verifying who is accessing the material while Authorization is giving the access to see, read, or edit the material.
What is the CIA Triad?
The CIA Triad is made up of three concepts which are confidentiality, integrity and availability. Confidentiality deals with the protection of sensitive material against harmful entities that want to take it. Integrity is making sure that whatever material is being moved or transferred stays the same as the original. Availability’s goal is to be readily accessible for the people that are allowed to access it. Stated by “What is the CIA Triad? Definition, Explanation, Examples” “these three principles together within the framework of the ‘triad’ can help guide the development of security policies for organizations.”. Adding to the previous quote it shows that the triad helps companies focus on key areas and improve areas that they think need improvement.
Authentication VS Authorization:
The Authentication VS Authorization topic deals with the exact job each of them does. Authentication is the process of identifying the person as the one that is trying to access the resources. While Authorization determines if the device, which could be an application, or person can access the resources. As stated by “Authentication and Authorization for the Internet of Things” “Passwords are the most common ways to authenticate human users.”. We use these every day to log in to our apps, computers, etc. and it shows us that we’re identifying as the person that owns the account which is the authentication process. Once you’re authenticated you can look at the resources, but the authorization process may give you a limited number of resources depending on your situation. Authentication can be viewed as if you were an employee of a company, although you are a part of the company you won’t have the same permissions as say the CEO and thats where the authentication comes in to limit employees, people, etc. which overall keeps information secure and leaves people with access relevant to their role.
Conclusion:
The CIA Triad has set the guidelines for security guidelines when it comes to information and is a very important asset in the age of technological advances. It’s also important to see the subtopics that come from the CIA Triad such as Authentication and Authorization as it’s vital to know why and what you’re doing to keep your information safe.
Works Cited
Kim, Hokeun, and Edward A. Lee. “Authentication and Authorization for the Internet of Things.” IT Professional 19.5 (2017): 27-33
Chai, Wesley. “What is the CIA Triad? Definition, Explanation, Examples” TechTarget September 8, 2022.
SCADA Systems
Overview:
SCADA or Supervisory Control and Data Acquisition refers to a system that controls processes in a company. SCADA uses hardware and concepts such as RTU’s, PLC’s and HMIs to help with data and the interface between machine and human. The current problem with SCADA systems is that they are at high risk of potential threats due to their security.
What is SCADA?
SCADA or Supervisory Control and Data Acquisition refers to systems that control varies processes including infrastructure, facility or industry. As stated in “Risk Assessment of SCADA Cyber Attack Methods: A Technical Review on Securing Automated Real-time SCADA Systems” the goal is “Formerly, the goal of a SCADA system would have been to emphasize executing accurate and effective processes in a single location, such as a production facility, instead of safeguarding network information.” With this quote in mind, I will be talking about what hardware, concepts, and security issues come with the SCADA system.
SCADA Hardware/Concepts:
Starting with concepts RTU’s (Remote Terminal Units) and PLC’s (Programmable Loic Controllers) are both important to the SCADA system. As stated in “SCADA Systems” “Nearly all the control actions are automatically performed by the remote terminal units (RTUs) or by the programmable logic controllers (PLCs).” This includes data acquisition which starts at the RTU and PLC level and basic intervention or overriding that can adjust certain conditions. In terms of hardware the HMI (Human Machine Interface) helps give the processed data to the human operator. This way the human operator is able to control the system through the interface.
Security Issues:
The biggest issue of the SCADA system is the potential threat to attacks. “Because of the expanding connectivity of networks and the online accessibility of assets on the SCADA system, there is a danger of multiple vulnerabilities and cyber-attacks.” (Urooj et al.). Due to the components used they are easily vulnerable and are a big threat to it overall. This should lead to the organization updating their security and networks that are connected to the system as it’s the biggest problem that the system has. The organization should use protocols, firewalls, credentials, encryption etc. to limit attacks and this leads back to the CIA Triad with the defense methods.
Conclusion:
The SCADA Systems uses multiple processes to make it run. This includes RTUs, PLCs, and HMIs to make the process of data from machine to human operator faster and easier. However, the biggest problem is the vulnerability of the SCADA defense which overall can be infiltrated through networks, system software, etc. Using protocols, firewalls, credentials, encryption etc. will help mitigate the risks and strengthen the SCADA system work better.
Work Cited
Urooj, Beenish, et al. “Risk Assessment of SCADA cyber-attack methods: a technical review on securing automated real-time SCADA systems.” 2022 27th International Conference on Automation and Computing (ICAC). IEEE, 2022.
SCADA Systems, http://www.scadasystems.net
Discussion Board: Protecting Availability
As a CISO for a publicly traded company I believe that there are three major protections to implement right away. This would be advanced threat detection which should include scanning for vulnerabilities, regular employee cybersecurity training, and focusing on ensuring that my investors are onboard with the cybersecurity training and risks. I personally did these three because it hits the main points that you want for your company which is the main infrastructure, the employees, and the people investing which a lot of people forget that they can give away valuable information.
After you establish the main three barriers you look around for the holes in your security and fill them as quickly as possible to avoid problems arising. These can include little things such as two-step authorization and limiting what certain people can and can’t do. Establishing the baselines for the entirety of the company will allow for everyone to know their jobs while limiting the amount of information going out to certain employees. This makes the risk of critical information leaking out less likely as there is only a certain number of people getting access to it. Now I know there are various other ways to protect your company, but this is a little roadmap on how I would start and then branch out to create a secure company.
The Human Factor in Cybersecurity
Overview:
In this essay I talk about the steps of what I would take as a CISO which are developing a risk assessment and allocating the budget according to our needs. Starting with training I will allocate 70% and will work with increasing the employees’ knowledge. After training the rest of the budget goes to technology which will get firewalls, two factor authentication and a basic threat detection system. With the increase of training and technology in our organization we will be able to combat anything that shows up.
Risk Assessment:
The first step I would take as CISO is to take a risk assessment of our company and see where the organization is lacking. This step is very important as we will find out where to allocate the limited funds and resources to fit our dire problems. For this hypothetical we will say that training is a needed improvement because we are often attacked by phishing and scams. The allocation of the budget will be 70% training and 30% technology with the ability to move the budget around a bit.
Training:
Since the attacks are often on our employees, I would set up training that tests the knowledge of our employees with the main company sending out scams and phishing emails. Focusing on three types of trainings “Attack-oriented training: Provides the experience of recreating vulnerability exploitation techniques, and includes activities such as penetration testing, which make use of the same tools and methodologies that attackers employ. Defense-oriented training: Focuses on the design and implementation of vulnerability protection mechanisms, so as to prevent similar future attacks. Analysis/forensics-oriented training: Aims to cultivate a deeper understanding of the phenomena related to vulnerability exploitation and patching, including the identification of targeted attack campaigns, and so on” (Razvan et al. 2016). This is to get an idea of our employees’ knowledge and set guidelines for our weekly training and means we can work on our weaknesses rather than our strengths. Overall, with constant training and real-life problems the threat will cease to exist allowing us to be a safer organization overall.
Technology:
Since we only have 30% of the budget towards the technology side of protection I would look to add firewalls, two-factor authentication, and a basic threat detection system if the budget allows. This would give our organization the solid framework to deal with problems that arise while also allowing us to upgrade when we get the necessary funds in place. Since we didn’t have much of a problem in this hypothetical with technology it is still important to maintain a certain level of protection. The bad actors in the world will not miss an opportunity to act on your shortcomings so being able to protect everywhere is very important.
Summary:
As stated before, with the increased protection of technology and the increase of knowledge with our employees this becomes a stronger organization overall. However, this isn’t the end of the road to improving as you constantly must keep an eye on what’s lacking and build a plan off the changing system. If at some point the reallocation of a budget makes sense, then make it happen as the problem will always be changing and will never become stagnant. This is a never-ending cycle and you as a CISO have to be one step ahead always.
Works Cited
Beuran, Razvan, et al. “Towards effective cybersecurity education and training.” (2016).
CONCLUSION:
As you can see I learned a lot about the framework of how technology and Cybersecurity go together and the terms and ideas that create it. IT/CYSE 200T was a very informative class that I would recommend to my peers as the teacher was very professional and got us through the course material in a timely manner while also making it educational and easy to follow.