Brandon Vuono <\/p>\n\n\n\n
CYSE 200T <\/p>\n\n\n\n
Analytical paper <\/p>\n\n\n\n
03 May 2026 <\/p>\n\n\n\n
Cyber\u00a0Wakeup\u00a0Call: Old Systems New Threats\u00a0\u00a0<\/p>\n\n\n\n
Cybersecurity is something that most people do not even think about on a daily basis. Only if something happened to them personally will it become an imperative part of their lives. Everything that helps society run from banking organizations to power grids depends on a digital infrastructure to work efficiently and securely. Due to the world, we live in today being run digitally. There needs to be ground truth on how to protect these critical systems. The most widely used model is the CIA Triad. This focuses strictly on confidentiality, integrity, and availability. This model provides a strong foundation for cybersecurity. I believe it is not enough on its own to stop all attacks, especially when it comes to outdated systems like Supervisory Control and Data Acquisition systems. These outdated systems run critical infrastructure for everyday society. Even with their precautions of authentication and authorization, these systems can create long term risks to infrastructure if they are not properly hardened. <\/p>\n\n\n\n
The CIA triad is refered to the starting point for having a solid cybersecurity base. The bottom of the cybersecurity pyramid. Each part of the triad focuses on different aspects of protecting critical information. Confidentiality is about making sure the sensitive information or data is only accessible to those with the right authorization to view it. This is also sometimes referred to as the need to know. A crucial part of information security. In most modern systems, confidentiality is protected through encryption and multi factor authentication which adds extra layers of security (Chai, 2022). Without these protections, it would be very easy for an attacker to gain access to critical information. <\/p>\n\n\n\n
Integrity refers to maintaining the accuracy and reliability of data. I think of how trustworthy the information is. Information should not be changed by unauthorized users at any time. Whether the data is in storage or transmission, it should not be altered. For example, if someone is sending a recipient’s money, the amount shall not be changed. Mechanisms such as hashing and digital signatures are commonly used to preserve integrity (National Institute of Standards and Technology, NIST 2013). This helps ensure that information remains the same from the moment it is created to the moment it is being used. <\/p>\n\n\n\n
Availability ensures that the authorized user can access the data or information needed. If data is confidential, the user must be authorized to access the data. This is why availability is as important as the other two components of the CIA Triad. For example, any kind of denial-of-service attacks taking a system offline. Making nothing available can cause rippling effects. Maintaining a balance between the CIA Triad is essential for security of data and information. <\/p>\n\n\n\n
When it comes to authentication and authorization, they are closely related. They do serve different purposes to a cyber security professional. Authentication is the process of verifying the user’s identity. It verifies that the person doing the task is who they say they are. Authorization occurs after authentication and determines what an authenticated user is allowed to do. This will restrict any access or modifications a user’s attempts to conduct. <\/p>\n\n\n\n
This becomes a major issue when looking at critical infrastructure. Systems attached to power grids, water treatment facilities, and transportation networks are essential to everyday life. The biggest vulnerability is the fact that SCADA is an old technology. SCADA was designed and implemented decades ago before cyber-attacks were a concern. With that there was never any major security systems implemented such as encryption or dual authentication, and many of the security measures that are second nature to us today. Systems that were isolated from themselves now connected to larger systems or even the internet. This creates an increase in efficiency for these systems but also creates more entry points for cyber-attacks (SCADA Systems Perusal article). For example, SCADA systems can do tasks such as monitoring the electric grid for stability or monitoring the water treatment plants for flow rates. If these SCADA systems are compromised, an attacker could disrupt operations of these systems, manipulate the data, or cause their systems to malfunction, creating physical damage. <\/p>\n\n\n\n
To prevent these risks from becoming avenues for an attacker SCADA although old can help with its real time awareness. Looking at real time monitoring and controlling the systems that run on SCADA, operators would be able to identify any abnormalities before they escalate. This will help reduce the likelihood of major attacks or disruptions in operations of these critical systems. According to the Cyber security infrastructure security agency, using a layered security approach often called defense in depth is one of the most effective ways to protect industrial control systems (CISA, 2023). This is accomplished by using SCADA and human operators to monitor the system. <\/p>\n\n\n\n
Even with these improvements, I do not think there is a perfect solution. Cybersecurity is constantly evolving as technology improves. Attackers are constantly looking and finding different avenues to attack and exploit a weakness. This means organizations have to consistently adapt and improve defenses. Organizations must constantly verify they’re using the CIA Triad to its fullest giving a solid foundation for defense. <\/p>\n\n\n\n
I believe the CIA Triad plays the most critical role in cybersecurity. Without this foundation, protection and best practices would have nothing to build off. These are foundational blocks, and more protections must build off of them. The simplicity of the Triad is not enough for systems like SCADA and other outdated systems. While defense-in-depth strategies can help reduce risk, they do not solve the problem legacy system vulnerabilities have. There are still many questions that need to be answered. For example, how do organizations decide what is worth replacing critical systems. Can it be done without disrupting the service. If they upgrade it will be backwards compatible, which is the weakness of its own in every technology. For example, downgrade attack on a WPA3 router that is in transition mode. WPA3 is very secure technology but being backwards compatible is its downfall. These types of issues do not have a single point of correcting for that perfect solution. <\/p>\n\n\n\n
One thing that I believe is the most important part to cybersecurity is the human factor. Even with strong base of the CIA Triad and strong systems that SCADA is not, people can and usually are the weakest link. Employees might use weak passwords, fall for phishing attacks, or make simple mistakes that open doors for attackers. In critical infrastructure environments that risk matrix becomes much higher. Single errors can have crippling effects on entire systems and societies. This is why awareness is extremely important. If organizations invest in educating their employees, they can reduce a large number of preventable security issues. This with strengthen their security posture where other areas may not have changed and continue to lack protection <\/p>\n\n\n\n
Overall, I think the key takeaway is that cybersecurity is not just about having the right tools or framework to go off of. IT is about understanding how to apply the tools in real-world systems, especially ones that are not designed for the cyber treats of today. Moving forward, improving security in these critical infrastructure systems is critical. This will not only require better technology but better decision making using the CIA Triad as the core. While risk and attack avenues will never be fully irradicated, they can be managed and monitored. Making any attacker require an unlimited amount of time and money investment to go through with the attack. <\/p>\n\n\n\n
References <\/p>\n\n\n\n
-Chai, W (2022 June 28) What is the CIA Triad? Definition, explanation, examples. https:\/\/drive.google.com\/file\/d\/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l\/view<\/a> <\/p>\n\n\n\n -Cybersecurity and Infrastructure Security Agency. (2023) Cybersecurity best practices for industrial control systems. <\/p>\n\n\n\n -National Institute of Standards and Technology 2013. Security and privacy controls for federal information systems and organizations. https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-53r4.pdf<\/a> <\/p>\n\n\n\n -SCADA Systems Perusal Article <\/p>\n","protected":false},"excerpt":{"rendered":" Brandon Vuono CYSE 200T Analytical paper 03 May 2026 Cyber\u00a0Wakeup\u00a0Call: Old Systems New Threats\u00a0\u00a0 Cybersecurity is something that most people do not even think about on a daily basis. Only if something happened to them personally will it become an imperative part of their lives. Everything that helps society run from banking organizations to power grids depends on a digital… <\/p>\n