The Social Meaning and Impact of Cybersecurity-related Technical Systems

Cybersecurity-related technical systems like the CIA Triad, SCADA Systems, and the NIST Framework play a significant role in today’s society because they protect companies, infrastructure, and all kinds of digital systems from potential threats. As a result, in this paper, we will shine a light on supervisory control and data acquisition systems, the National Institute of Standards and Technology, confidentiality, integrity, and availability, and how they impact the social meaning of cybersecurity-related systems.

 

Introduction

In this day and age, where the world is increasingly becoming surrounded by technology and its improvements, the need for cybersecurity-related technical systems is imperative if we want to establish preventative and protective cybersecurity measures. (1) In addition, the systems mentioned above (CIA Triad, Scada Systems, and NIST) are all strictly interconnected with one another because, in their uniqueness, they all provide ways that guarantee the security and reliability of sensitive information. In fact, the term SCADA was initially used in the 20th century to describe the need for mechanical control so that workers wouldn’t have to physically operate the equipment, according to the article “SCADA: Supervisory Control and Data Acquisition.” This allowed for the capability of remote control and supervision of infrastructure processes. In addition, according to the Chai article, the CIA Triad, also referred to as the AIC, to avoid confusion with the Central Intelligence Agency, is a model created to safeguard all data against data breaches, which is essential for the security of a business. Additionally, according to the NIST Cybersecurity Framework, numerous businesses have adopted NIST, or the National Institute of Standards and Technology, since its creation in 2014 in an effort to reduce the risk of cyberattacks and the subsequent exploitation of sensitive data.  Nevertheless, these security systems can present serious implications that might reverberate on things like privacy and trust.

The SCADA System’s competencies and downsides

Supervisory Control and Data Acquisition is referred to by the abbreviation SCADA. This system is made up of a variety of hardware and software applications that are intended to manage industrial, facility-based, and infrastructure processes. The Remote Terminal Units (RTUs) and a program known as Programmable Logic Controllers (PLCs) enable the controlling activities. As a matter of fact, this program allows for the control of plants in a remote and local way, giving birth to automated processes. Real-time data collection, analysis, and processing are all possible with the SCADA system. Microprocessors like the Remote Terminal Units and Programmable Logic Controllers interact with the HMI (Human Machine Interface), and once the data is posted from processors to SCADA Systems, the human operators are able to take control. Members of the industry can view a representation of the plant in question with a schematic and graphic information provided by the HMI. Consequently, if the system has identified any issues, the operator has the ability to intervene remotely. However, SCADA systems have a downside. (2) The accumulation of hardware and software programs is quite complicated, and it demands highly skilled personnel capable of managing such programs. As if that isn’t enough, these systems are more likely to be the subject of cyberattacks since maintaining and improving their effectiveness has high costs and also because they are in close contact with the internet. Also, their vulnerability to cyberattacks compromises the social meaning of cybersecurity-related systems because it questions the ethical responsibilities of personnel. (3) Furthermore, from a political and ethical perspective, to avoid the downside of SCADA systems, we can change some cyber policies by giving priority to individuals and their privacy, improving the company’s transparency, focusing our attention on morals, and mitigating risks. Additionally, the downside of SCADA systems or of any other types of cybersecurity-related systems could be due to the “short arm” of predictive knowledge. Being able to predict new cybertechnologies and, therefore, establish preventative designs isn’t easy. In fact, it is really unlikely. Changes in the cyberworld can have a negative effect in the long run. The progression in technology will surmount predictive knowledge, and there isn’t much we can do. The only way to try and overcome this progression is to promote learning, combat misinformation, improve the efficiency of technologies, etc. Even though all these methods might not be the right solutions, they’ll still diminish the harsh impact of technological progress.

The CIA Triad- how might it reverberate trust and privacy?

The CIA Triad, or Confidentiality, Integrity, and Availability Triad is a device that, thanks to its strict rules, allows the control of information security policies. The first component of the triad is confidentiality. Confidentiality consists of restraining unauthorized people from accessing classified data. The next component of the CIA, or AIC Triad, is integrity. This point makes sure that the data’s coherence is maintained in its initial state for the organization’s safety purposes and credibility. Lastly, we have availability. This last component of the triad ensures that authorized employers have access to all kinds of data they need at all times. To make this possible, authentication mechanisms and systems must work correctly and be frequently updated.  Like the CSO article discusses, the CIA Triad doesn’t have a single creator. Vice president at cybersecurity firm Dragos, Ben Miller, thinks that one of the three concepts of the CIA Triad (confidentiality), was officially intorduced in 1976 in a study done by the US Air Force. The triangle then presents integrity, another key concept of the triad laid out in 1987 on a paper. This paper talked about the importance of data accuracy. Lastly, the final concept that closes the triangle is availability. A concept mentioned in 1988 when the Morris Worm, named after the creator (Robert Tappan Morris), infected many computers, becoming one of the first malaware in history to have caused computers inoperability. Finally, the triad was established in 1998 as the CIA Traid. Despite being so efficient, the CIA Triad might reverberate trust and privacy because trying to maintain the right balance between the destruction of privacy through centralized programs and keeping discrection among people is a very difficult accomplishment.

The NIST Framework principles

The NIST, or National Institute of Standards and Technology Framework, offers a great technique to combat risks in the cybersecurity field by providing different policies that organizations can benefit from. The NIST framework, follows five different functions that contribute to the improvement of security and cybercrime avoidance:

• The first function is Identifying. This helps organizations to have a clearer idea about which processes need to be protected.
• The second function is Protecting. Protection, is fundamental to keep an organization safe.
• The third function is detecting. With this function, we are able to detect a potential cyberattack beforehand and keep it from happening.
• The fourth function is Responding. Once we’ve identified the attack, we need to respond by limiting the damage and informing everyone within the company about the problem.
• Lastly, the fifth and last function is Recovering. This function has the task to restore any capabilities or services that were impaired due to a cybersecurity event. The aim of this last function is to avoid the attack from happening again.

The NIST framework has many benefits. (4) The framework protects all kinds of businesses from threats. The goal with the NIST is to improve cybersecurity efforts and develop a common language to  understanding, describing, and managing cybersecurity risks. Making it easier for employees to defend themselves and the company from any risks. The framework impacts greatly on the social meaning of cybersecurity-related measures because it makes people aware of potential risks and therefore shows the importance of information protection,  allows inclusivity among different organization sizes, and gives a company the possibility to show their commitment and reliability. By doing this, business partners and customers feel safer working with a specific company.

 

Conclusion

(5) To conclude, all the cybersecurity-related technical systems mentioned in the paper, like the SCADA, the CIA Triad, and the NIST framework, play a fundamental role in providing secure data and information systems as well as secure infrastructure. Moreover, the use of such systems helps diminish the likelihood of threats, the protection of privacy, and the credibility of the company.

 

 

 

 

 

 

 

 

 

 

 

 

 

Sources:

What is the NIST Cybersecurity Framework?. IBM. (n.d.). https://www.ibm.com/topics/nist

Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad?: Definition from TechTarget. WhatIs. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA

The CIA triad: Definition, components and examples. CSO Online. (2020, February 10). https://www.csoonline.com/article/568917/the-cia-triad-definition-components-and-examples.html

One flaw too many: Vulnerabilities in SCADA systems. Security News. (n.d.). https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/one-flaw-too-many-vulnerabilities-in-scada-systems

What is SCADA? Supervisory Control and Data Acquisition. Inductive Automation. (n.d.). https://inductiveautomation.com/resources/article/what-is-scada

SCADA systems. SCADA Systems. (n.d.). https://www.scadasystems.net/