The Importance of CIA in Cybersecurity
What is the CIA triad?
The CIA triad is a model designed to guide policies for information security inside an organization (Chai, 2022). The acronym CIA stands for Confidentiality, Integrity, and Availability.
Confidentiality refers to privacy, or the protection of data from unauthorized access. Integrity is ensuring that data remains unchanged by unauthorized users, and that data remains the same moving from point A to point B. Finally, availability is the ability of authorized users to easily access the data whenever desired. (Chai, 2022).
What are some ways the CIA triad is applied?
Confidentiality can be enforced with techniques meant to ensure only authorized users gain access to their data. This can include tools such as two-factor authentication, biometric authentication, and even passkeys. (Chai, 2022).
Integrity can be maintained by changing the editing permissions on information so that only authorized users can make changes, as well as data backups to prevent data loss in the case of an emergency. (Chai, 2022).
Availability can be protected by ensuring that operating systems run smoothly and are up to date, keeping up with regular updates and maintenance on software systems, and by maintaining hardware. (Chai, 2022).
The difference between authentication and authorization
Authentication is the act of verifying the identity of a user, while authorization refers to the resources a user is allowed to access, and what permissions they have to perform on or in the resource. (GeeksforGeeks. (2025, August 28). Authentication vs authorization. https://www.geeksforgeeks.org/computer-networks/difference-between-authentication-and-authorization/).
Conclusion
In conclusion, the CIA triad is an essential model used to guide organizations regarding their information security. The model is composed of three parts: Confidentiality, Integrity, and accessibility. Each pillar of the model provides important information on how, and what to protect when it comes to securing data.
Authorization and authentication are two terms that might be commonly confused. Authorization comes after authentication, and deals with the access users have to certain tools, and what users are permitted to do in those tools. Authentication is the process of ensuring a user is who they say they are by using a variety of security measures. (GeeksforGeeks. (2025, August 28). Authentication vs authorization. https://www.geeksforgeeks.org/computer-networks/difference-between-authentication-and-authorization/)
Critical Infrastructure Systems and Their Vulnerabilities
What is a critical infrastructure system?
According to CISA.gov, a critical infrastructure system is an infrastructure system that is vital to the security, economy, public health, and or public safety of a country. These infrastructure systems are made up of individual assets that work together as an integrated system (CISA.gov, n.d.). Some examples of these systems may include water processing plants, energy plants, and public transportation systems. SCADA (supervisory control and data acquisition) refers to the systems used to control infrastructure processes (scadasystems.net, n.d.).
Vulnerabilities in Critical Infrastructure Systems
Because the majority of critical infrastructure systems are interconnected and rely heavily on the functionality of other systems to work properly, if one system is compromised then the rest are at risk, which can have devastating effects on the health, safety and functioning of society.
For example, in 2008 the Stuxnet worm compromised industrial control systems and caused centrifuges to fail at an Iranian nuclear material enrichment facility, causing physical damage and costing Iran a considerable amount of money. The worm was developed to cause the centrifuges to fail, while the SCADA systems continued to show that they were operating normally. (cfr.org, n.d.)
Modern technology increasing convenience and vulnerability
With the advent of modern technology more and more critical infrastructure systems management have adopted PLC’s (programmable logic controllers) that have embedded websites and are accessed on site through a web browser (Stewart, 2024). While having control systems accessed via devices such as computers and tablets adds a layer of convenience, the connection of the systems to the web is an obvious vulnerability that could be exploited.
The role of SCADA in decreasing vulnerability and risk
As the centralized system that maintains control and monitors the entire infrastructure site, the SCADA system holds an important role in decreasing vulnerability and risk. The SCADA systems provide an overview of the entire infrastructure site, and as such act as an integral tool in pinpointing vulnerabilities and issues. The entire system must be hardened to ensure that bad actors are unable to infiltrate the system, or manipulate the system into showing false readings. In addition, SCADA systems must be able to detect when an anomaly occurs, even one caused by a cyber-threat.
Conclusion
Critical infrastructure systems are systems which are essential to the everyday functioning of our society, and as such, are high priority for security. If a critical infrastructure system were successfully targeted and attacked, the effects could be devastating. Health, transportation, energy, and even the environment could see negative impacts from an attack.
Because of this, it is incredibly important that these critical infrastructure systems are hardened and protected. One key factor in the security of these systems is SCADA, which provides detailed information on the functionality of a system to system operators. The SCADA system itself must remain secure so that vulnerabilities cannot be exploited.
Sources:
Council on Foreign Relations. (n.d.). Connect the dots on state-sponsored cyber incidents – stuxnet. Council on Foreign Relations. https://www.cfr.org/cyber-operations/stuxnet
Critical Infrastructure Systems are vulnerable to a new kind of cyberattack. College of Engineering. (n.d.). https://coe.gatech.edu/news/2024/02/critical-infrastructure-systems-are-vulnerable-new-kind-cyberattack
Critical Infrastructure Systems: CISA. Cybersecurity and Infrastructure Security Agency CISA. (n.d.). https://www-cisa-gov.translate.goog/topics/critical-infrastructure-security-and-resilience/resilience-services/infrastructure-dependency-primer/learn/critical-infrastructure-systems?_x_tr_sl=en&_x_tr_tl=id&_x_tr_hl=id&_x_tr_pto=tc
SCADA systems. SCADA Systems. (n.d.). https://www.scadasystems.net/