Ayomide Adewale-Adebowale

CYSE 200T

December 5, 2025

This paper explores three topics: the CIA triad, the NIST Cybersecurity Framework, and SCADA systems, to understand the relations between these topics. While the CIA triad defines the core goals and NIST CSF provides a structured process for achieving them, SCADA systems reveal the physical consequences when these fail in critical infrastructure.

CIA Triad

The CIA triad, Confidentiality, Integrity, and Availability, represents the three foundational goals of information security. Confidentiality ensures that only authorized parties have access to data, Integrity guarantees data accuracy and trustworthiness, and Availability ensures timely and reliable access to systems and information (The CIA Triad, pp. 44-45).

Example

A pro-Russia hacktivist accessed control systems at two Texas water facilities and tampered with their water pumps and alarms, causing water to run past designed shutoff levels and overfill storage tanks. (Recent Attacks on Critical US Infrastructure reading).

Mitigation Techniques

Confidentiality is secured through encryption and access controls; Integrity is maintained through records; and Availability is ensured through backups.

SCADA Systems

Supervisory Control and Data Acquisition (SCADA) systems are industrial control systems used to monitor and control infrastructure processes (e.g., water treatment, pipelines, power generation). Include Human-Machine Interfaces (HMIs), supervisory stations, Remote Terminal Units (RTUs), and communication methods and infrastructure (SCADA Systems).

NIST Cybersecurity Framework

The NIST Cybersecurity Framework (CSF) consists of six functions: Govern, Identify, Protect, Detect, Respond, and Recover, that provide a repeatable process for managing cybersecurity risk in both IT and OT environments (READING: The NIST Cybersecurity Framework )

Connection to Topics

SCADA systems are vulnerable because they allow the core of the CIA triad: confidentiality, Integrity, and Availability, to be leveraged by cyber attacks. The NIST cybersecurity framework applied to SCADA systems protects them.

Philosophical Discussion: The Short Arm of Predictive Knowledge

At the beginning of the semester, I believed that if an organization effectively applied the NIST Cybersecurity Framework, it could prevent major attacks. Studying SCADA systems and real critical-infrastructure attacks changed my view. The SCADA handout reading showed that even when SCADA systems are offline, ransom groups can still reach SCADA systems that experts previously thought were safe because they were supposedly isolated. “There is an erroneous belief that SCADA networks are safe enough because they are secured physically. It is also wrongly believed that SCADA networks are safe enough because they are disconnected from the Internet.” (SCADA systems).

Joans highlights that modern tools such as SCADA systems have created space where predictive knowledge falls behind technical expertise: “the predictive knowledge falls behind the technical knowledge which nourishes our power to act, itself assumes ethical importance ” (Joans, 14). This philosophical lens has completely reshaped my thinking. I now see cybersecurity as a preventive and predictive mechanism that operates within ethical intelligence.

Conclusion

The CIA triad, NIST Cybersecurity Framework, and SCADA systems are intertwined to protect data: the CIA triad defines what must be protected; SCADA systems control critical infrastructure that requires the most protection; and the NIST Cybersecurity Framework provides the process for securing SCADA systems. Connecting these topics reveals that, while we have the best systems and frameworks to protect data and infrastructure, the limitations of predictive knowledge impose constraints on the systems, which will continue to make it difficult to predict future events. 

References

• READING: SCADA Systems (http://www.scadasystems.net)

• READING: The NIST Cybersecurity Framework (CSF) Version 2.0

• READING: Recent Attacks on Critical Infrastructure 

• JONAS, H. (1973). TECHNOLOGY AND RESPONSIBILITY: REFLECTIONS ON THE NEW TASKS OF ETHICS. Social Research, 40(1), 31–54. http://www.jstor.org/stable/40970125

Appendix A – Reasoning Notes

Initially, I had no thought of SCADA systems and critical infrastructure being vulnerable; the course materials changed my view of their security. I used AI to brainstorm topic combinations. Also, to rephrase. I rejected any AI-generated content that went beyond the scope of the course.