This page highlights selected work from my cybersecurity coursework, focusing on real-world issues such as data privacy, critical infrastructure security, and risk management. These pieces reflect my understanding of how technology and security challenges impact society.
DNA & Privacy
BLUF
Advancements in DNA technology and genetic databases bring major benefits for both medicine and research. However, it also introduces serious cybersecurity risks. If a malicious hacker gets access to genetic data, it could be used to compromise one’s personal privacy, enable discrimination, conduct blackmail, or even allow for new forms of cybercrime to come about such as identity theft using certain biometric information. Protecting DNA data is extremely important to ensure that these advancements in technology are not used as tools by malicious hackers.
How Advancements Could Be Manipulated by Bad Actors
Modern methods of DNA sequencing and storage allow people to submit samples to companies to allow for further testing of ancestry, health outcomes, and research. These services hold large amounts of genetic information, making them at high risk of being targeted by attackers. Someone who is determined could misuse this technology by hacking the genetic databases, stealing people’s genetic information, or altering their saved genetic data. Because of the fact that DNA data is permanent and unique to each person, it cannot be simply changed like you would a password. Hackers could also take advantage of vulnerabilities in laboratory systems, sequencing software, or the online genetic services to gain access to sensitive genetic information. In very extreme cases, malicious hackers might even alter the DNA code in an effort to disrupt research processes or cause systemic failures.
The Impact on Personal Privacy
DNA contains large amounts of personal information: ancestry, medical predispositions, and familial relations. If this data is leaked through a cyberattack, it could end up revealing certain health risks or family secrets without the knowledge or consent of this person. Unlike most other forms of personal data, genetic information can have harmful effects that extend beyond the individual whose DNA is exposed. This can expose information about relatives who may share similar genetic markers. This means that a breach involving one person’s DNA data could potentially lead to the compromise of the entire family’s genetic information. This exposure could result in discrimination by insurance companies or misuse of health information.
How DNA Could Be Used Against You
Criminals could potentially use exposed DNA data in several harmful manners. One of which being the possibility for genetic discrimination, where certain employers or insurance companies will misuse information concerning your genetic risk information to deny you from opportunities or increase costs. Another possibility is being subject to blackmail. If your genetic data reveals that you have predispositions to certain diseases or unexpected family relationships, malicious attackers could threaten to expose your information unless you pay a sum of money. In addition, DNA data could be used to create synthetic samples that could falsely incriminate people.
Possibility of Cybercrime
There are several cybercrime scenarios involving genetic information. Malicious criminals could sell your DNA data on the dark web, similar to the way that people’s financial and medical records are sold on the dark web. Identity theft could eventually evolve to where biometrics are used for identity theft, where stolen genetic information is used as an identification method. Another major concern is the use of this genetic information for bio-cyber attacks, where cybercriminals change the sequencing of DNA systems or databases. The malicious hackers could access, leak, or corrupt scientific data, disrupt medical research, or even manipulate some of the genetic results that are used in healthcare decisions. All of these threats show us the importance of having strong cybersecurity protection methods around these systems that hold our genetic data.
Conclusion
While the technology involving genetics brings opportunities for improving our modern medicine, furthering our understanding of our ancestry, and advancing scientific research, it also brings with it many cybersecurity risks. If genetic information is subject to being hacked, manipulated, or misused, it could seriously hurt someone’s sense of personal privacy and allow for new forms of cybercrime to come about. Protecting the databases in which DNA is stored, strengthening the cybersecurity measures set to protect these systems, and enforcing strong privacy protections will all be very important in ensuring that genetic advancements provide the greatest benefits while minimizing the potential risks.
Using SCADA Systems to Protect Critical Infrastructure
BLUF:
Many critical infrastructure systems such as power grids, water treatment facilities, and public transportation systems are very vulnerable to cyberattacks because of the fact that they rely on interconnected industrial control systems. SCADA systems help operators monitor and manage these systems, oftentimes, allowing for early detection of problems and maintaining operations of important infrastructure.
Vulnerabilities in Critical Infrastructure Systems
Critical Infrastructure is composed of the systems that people rely on day to day, such as electricity, water supply, transportation, and manufacturing systems. Many of these systems use industrial control systems (ICS) to manage their equipment and monitor operations. As these systems continue to be further integrated into modern networks and information technology, their risk of being exposed to cyber threats increases. According to Makrakis et al. (2021), the growing connections between operational technology and traditional IT networks is making industrial control systems more attractive targets for hackers. Many of these systems were originally designed to prioritize both reliability and efficiency rather than cybersecurity. Because of this, if the proper security protections are not in place, attackers may be able to find and exploit weaknesses in the system. If a cyberattack is successfully landed on critical infrastructure, essential services could be disrupted such as electricity, water distribution, or transportation systems. Because of the importance of these systems, protecting them from cyber threats has become a major priority for many organizations and governments.
The Role of SCADA Systems in Infrastructure Management
One important technology that helps manage and monitor these systems is Supervisory Control and Data Acquisition (SCADA). These systems help collect data from equipment and sensors and send this information to a central control system where operators can effectively monitor everything. SCADA systems are typically made up of several components such as remote terminal units (RTUs), programmable logic controllers (PLCs), communication networks, and human machine interfaces (HMI). Together these components work to gather information and allow the operators to supervise the system from a control center (SCADA Systems Article). The human machine interface provides the operators with visual displays that allow them to see the status of all of the equipment in real time. This system makes it easy for operators to detect problems or unusual activity within the system promptly.
How SCADA Helps Reduce Risks
Although these systems can sometimes introduce security concerns when connected to networks, they also help to reduce the risks by improving monitoring, system awareness, and reaction times. The operators can use SCADA systems to track how equipment is performing, receive alerts when something is wrong with the equipment, and analyze system data. For example, these systems often have alarms that alert the operator when a certain event occurs, such as equipment failure or abnormal equipment behavior. These alerts allow operators to respond quickly and prevent these problems from scaling (SCADA Systems Article). Organizations can also reinforce SCADA security by using other protective measures such as firewalls, access controls, and network monitoring tools. Together these steps help prevent unauthorized access and protect critical infrastructure systems from cyber attacks.
Conclusion
Critical infrastructure systems serve very important jobs in our modern society, however, their increasing connection to digital networks is leading to new cybersecurity risks. Industrial control systems responsible for managing these infrastructures are becoming more likely targets for cyberattacks if they lack proper protection. SCADA systems help organizations both monitor and manage their systems by collecting data, providing real-time system information, and allowing the operators to respond to any potential problems that may arise. When used alongside proper and strong cybersecurity practices, SCADA systems can help mitigate vulnerabilities and support the safe operation of these critical infrastructure systems.
References
Makrakis, G. M., Kolias, C., Kambourakis, G., Rieger, C., & Benjamin, J. (2021). Vulnerabilities and attacks against industrial control systems and critical infrastructures. arXiv. https://doi.org/10.48550/arXiv.2109.03945
“SCADA Systems Writing.” (2026). Article provided by Prof. Hiser in CYSE 200T
Cybersecurity Budget Priorities
BLUF:
With limited funds for cybersecurity, I would use the majority of my money for cybersecurity technologies all while still investing in employee security awareness training. Technology will provide continuous protection against the majority of cyber threats, while training will help reduce human errors such as phishing and credential compromise that oftentimes lead to security breaches.
Discussion:
Cybersecurity training is an important aspect of an organization’s overall cybersecurity strategy because many attacks are targeted towards employees rather than the organization’s computer systems directly. Phishing emails, credential theft, and social engineering attacks depend on human mistakes to gain access to networks or systems. According to the Verizon Data Breach Investigations Report (Verizon, 2024), about two-thirds of data breaches involve a non-malicious human element. This may be an employee clicking a malicious link or sharing their login information with an attacker. Because of this inherent threat to an organization’s safety, they must provide adequate training that teaches their employees how to recognize phishing attempts, use strong login credentials, and follow safe data-handling practices. Increasing employee awareness can help prevent many attacks before they have a chance to ever reach an organization’s systems. However, cybersecurity technology should still be the largest portion of the budget because it provides continuous automated protection. Things such as firewalls, endpoint detection systems, and intrusion detection technologies help to identify and stop malicious activity in real time. These technologies operate all hours of the day and can detect threats even if one of the organization’s users makes an unconscious mistake. Modern day cybersecurity threats are becoming increasingly more exploitative of software vulnerabilities and technical weaknesses found in systems, which makes it essential that organizations deploy advanced security monitoring and defensive technologies that help to identify and respond to these attacks as quickly as possible. By combining training with advanced technology, organizations can create a strong layered defensive strategy that covers both the human and technical vulnerabilities responsible for cybersecurity attacks.
Conclusion:
In conclusion, organizations must understand that cybersecurity threats can be generated by both technological vulnerabilities and human errors. While employee training can help reduce the likelihood of phishing and social engineering attacks, cybersecurity technologies will provide a more consistent monitoring and protection of systems against threats. Partitioning funds to both areas is important. However, prioritizing the security technology will create an overall stronger, more resilient defense setup that is able to prevent, detect, and respond to modern cyber threats.
References
Help Net Security. (2024). Most breaches involve a non-malicious human element. https://www.helpnetsecurity.com/2024/05/02/verizon-2024-data-breach-investigations-report-dbir/
Security Magazine. (2024). Verizon 2024 Data Breach Report Shows the Risk of the Human Element. https://www.securitymagazine.com/articles/100629-verizon-2024-data-breach-report-shows-the-risk-of-the-human-element
Verizon. (2024). 2024 Data Breach Investigations Report. https://www.verizon.com/about/news/2024-data-breach-investigations-report-vulnerability-exploitation-boom
Overall, these works reflect my growing understanding of cybersecurity challenges and the importance of protecting systems, data, and critical infrastructure in today’s digital world.