- Prompt: Hacking humans
In the article “Hacking Humans: Protecting Our DNA From Cybercriminals,” Juliette Rizkallah argues that while the digitization of DNA offers incredible potential for medical research and solving cold cases, it introduces a security risk unlike any other. Unlike a Social Security number or credit card, which can be cancelled and replaced, your DNA is permanent and unchangeable. Once this “ultimate personally identifying information (PII)” is compromised, the breach is effectively forever.
Task: Write a response of approximately 250 words addressing the following:
- The Ethics of Curiosity: The author questions if satisfying our curiosity through direct-to-consumer DNA testing is worth the risk of a permanent data breach. Do you believe the personal and medical benefits of DNA digitization outweigh the lifelong security risks?
- Corporate and Employment Privacy: Rizkallah raises the concern of where to “draw the line” regarding privacy, such as whether it is acceptable for an employer to request your DNA to see if your genetic makeup makes you a “fit” for a role. Discuss the potential for “genetic discrimination” in the workplace if these databases are accessed by unauthorized parties or used for purposes beyond their original intent.
- The “Hacking Humans” Concept: The text notes that humans remain the easiest “inroad” for hackers to break into corporate networks. How does the permanent nature of biological data change the way we should think about “human factor” security compared to traditional digital passwords?
Response:
DNA being digitalized has quite a few benefits, especially for medical research and criminal investigations specifically. DNA databases are helpful for researchers who are looking to understand and research more about diseases, and have helped out law enforcement in solving cold cases that were originally believed to be unsolvable. But i think that there should be a heavy balance of these benefits and the security risks that can come with it. Because compared to how easy it is to change a password or get a new credit card number, your DNA cannot be changed. Once genetic information is accessed by a malicious person, the consequences may last for an persons entire life. Because of this, organizations that collect DNA data should be held to extremely high security standards.
One of the bigger concerns that are talked about in the article is the chances of genetic discrimination during a hiring process, since employers or insurance companies, or really just any organization, could gain access to genetic information and could make a decision based on a persons genetic history and their chances of gaining a medical condition of sorts. Legal protections should definitely be implemented the more DNA digitalization is normalized.
The concept of “Hacking Humans” becomes drastically more important when someone’s biological data is in the mix. Usually, all cybersecurity aims to protect is passwords or just any login info, which as mentioned before, can be changed pretty easily after a hacker gains access to it despite its importance. But genetic information is very different, since it is what someone is, and is permanent and unique to each and every person. because of this, any organization looking to use DNA databases need to make that one of the most important things that they protect.
2. SCADA SYSTEMS:
In this write-up you will use the SCADA Systems Perusall article, along with your own research, to explain the vulnerabilities associated with critical infrastructure systems, and the role SCADA applications play in mitigating these risks.
Response:
SCADA Systems and Vulnerabilities in Critical Infrastructure
SCADA systems are very necessary for monitoring and controlling any kind of critical
infrastructure, but they also bring in significant cybersecurity risks because of increased
connectivity and weak authentication practices. While SCADA applications can assist and help
mitigate operational risks through centralized monitoring and automation, they also widen the
attack surface, making strong cybersecurity controls necessary to protect essential services.
Supervisory Control and Data Acquisition (SCADA) systems are used in many known
critical infrastructures, like for example, water treatment, powerplants, or even manufacturing
warehouses. These systems make it much easier to monitor and have much more admin control
of industrial processes, leaving the other lower-level devices to handle all the real-time things
that go on. As all these systems are more relied on by corporations and linked to their networks
and internet, they also become much valuable targets to cyber threats.
A lot of modern SCADA systems were made to be in isolated environments, but with
modern technology requiring them to go online, it also creates new vulnerable entry points for
attackers. One of the biggest vulnerabilities in critical infrastructure is the increased connectivity
between operational technology and information technology networks. More common
weaknesses are things such as old hardware, outdated software, and very limited patches.
These are a few of several possible issues that make industrial environments more dangerous,
since downtime is aimed to be as avoided as much as possible, which then delays any patches
or possible security improvements. Attackers will use this to exploit known vulnerabilities and
gain unauthorized access or disrupt operations. Another big concern is humans. Operators and
engineers often focus on system availability and physical operations over cybersecurity
practices. This can lead to weak password policies, poor segmentation, or insufficient
monitoring, all of which increase the risk of compromise.
Even though SCADA has a lot of vulnerabilities, they also play an important role in
reducing operational risk. SCADA gives a lot of supervisory control and real time monitoring to
those who are authorized, making it much easier for operators to detect any type of issue and
take action, like super high temperatures or equipment failures.
Because SCADA systems are usually connected to external networks, cybersecurity
controls are very important and need to be prioritized. Best practices include enforcing
multi-factor authentication and conducting regular risk assessments. These controls help reduce
exposure to external threats while maintaining system availability.
SCADA systems are very necessary for monitoring and controlling any kind of critical
infrastructure, but they also bring in significant cybersecurity risks because of increased
connectivity and weak authentication practices. While they improve monitoring, automation, and
operational control, they must be protected through strong security practices to prevent
disruption of essential services. To get the most out of SCADA, you must have a balanced
approach between operation reliability and cybersecurity to make sure the infrastructure is as
safe as possible.
3. Components of a Business
Identifying components to a business.
Q’s
- Identify other components of a business
- Where do they “fit” in the organization
- Where does IT “fit” in an organization?
- What are the Roles & Responsibilities within IT?
- How should IT itself be organized?
A business usually has many sections that work together and focus on putting their efforts towards a mutual objective or goal. On top of the components that were mentioned in the reading, there are many others that could be added to a business, like Procurement, Facilities Management, Public Relations (PR), Risk Management, and Cybersecurity. Procurement is responsible for what needs to be purchased by the company, known as goods and services. Management looks over equipment and buildings of the business to ensure its proper for their procedures to take place. Public Relations looks over the company’s public image and their communication efforts. Risk Management discovers and counters threats that could negatively impact business operations.
All of these departments cooperate within an organization based on what they do and how they can support a business in achieving its objectives. For example, procurement and facilities management can support operations by making sure that the company has everything they need and a proper working space for the to function as effectively as possible.
Information Technology (IT) plays a critical role across the entire organization because nearly every department relies on technology. IT is typically led by a Chief Information Officer (CIO) and may report directly to executive leadership. IT supports business operations by maintaining hardware, software, networks, cloud services, and communication systems while ensuring technology aligns with business goals.
But IT also has its own key roles and responsibilities. For example, a network administrator has to look over network infrastructure, system admins have to make sure servers stay up and manage operating systems, software developers have to make applications and make patches to already existing things. All of these positions are under the IT component of a business, and is usually led by IT managers that make sure all of their projects are completed promptly.
I believe IT should be organized into teams based on what everyone is good at or specializes in, like help desk, cybersecurity, database administration, infrastructure, etc. By having it setup this way, employees can be efficient, held more accountable for their tasks, and collab with their likeminded peers. But while they are divided into their own teams, it should go without saying that all teams should work together to focus on their organizations mission and make sure that their technology stays secure and dependable.