IT/CYSE 200T

Cybersecurity, Technology, and Society

As a student in IT/CYSE 200T I explored how technology is related to cybersecurity from an interdisciplinary orientation.  Attention was given to the way that technologically-driven cybersecurity issues are connected to cultural, political, legal, ethical, and business domains. The learning outcomes for this course were:

  1. Describe how cyber technology creates opportunities for criminal behavior,
  2. Identify how cultural beliefs interact with technology to impact cybersecurity strategies,
  3. Understand and describe how the components, mechanisms, and functions of cyber systems produce security concerns,
  4. Discuss the impact that cyber technology has on individuals’ experiences with crime and victimization,
  5. Understand and describe ethical dilemmas, both intended and unintended, that cybersecurity efforts, produce for individuals, nations, societies, and the environment,
  6. Describe the costs and benefits of producing secure cyber technologies,
  7. Understand and describe the global nature of cybersecurity and the way that cybersecurity efforts have produced and inhibited global changes,
  8. Describe the role of cybersecurity in defining definitions of appropriate an inappropriate behavior,
  9. Describe how cybersecurity produces ideas of progress and modernism.

Course Material : Write Ups

SCADA Systems

SCADA (Supervisory Control And Data Acquisition) systems are used by the energy industry, water treatment facilities, and industrial complexes to collect information about operational devices, allow for operator command of those devices, and provide the operator real time views into how all of the devices on the system are operating. As a result, failure within a SCADA system represents a high level of risk to the operation of the systems they support.

As outlined in the ISA article, there are nine identified areas of vulnerability for SCADA systems. The first area of concern is weak authentication. Many SCADA systems are using the same password for all users. Some are using outdated methods of logging onto their systems, which provides a way for unauthorized individuals to gain access to the SCADA system.

Another area of concern is the older protocols used by many SCADA systems. Older protocols do not encrypt data as it travels through the system. If an individual were to intercept this unencrypted data, they would be able to read the data sent or alter the commands being issued by the SCADA system.

Segmentation of the network is another issue. Many companies have one large network for both their business operations and their SCADA systems. This makes it easy for an unauthorized individual to move laterally once they have gained access to the business side of the network, and ultimately gain access to the SCADA devices.

Legacy hardware has also increased the potential for attack on SCADA systems. Much legacy hardware does not receive the latest security patches due to its age. Limited monitoring capabilities also contribute to the problem. Finally, poor physical security can provide an opportunity for unauthorized individuals to access field devices directly.

Monitoring in real time plays a significant role. Real time monitoring allows operators to view alarms and sensor readings at the moment they occur, allowing them to react quickly to anomalies. A quick response to alerts can significantly decrease downtime in water systems, electrical grids, and industrial operations.

While SCADA systems do introduce new levels of risk to a company’s infrastructure, they also greatly enhance a company’s ability to defend against threats. By implementing strong authentication mechanisms, encrypting communications between devices, segmenting the network, having continuous monitoring in place to alert operators to unusual behaviors, having strong physical access controls in place to prevent unauthorized individuals from gaining access to equipment, and providing employees with adequate training on safe practices, companies can significantly reduce their exposure to potential threats.

Source

http://www.scadasystems.net

https://gca.isa.org/blog/9-scada-system-vulnerabilities-and-how-to-secure-them?hs_amp=true

 

CIA Triad

The CIA Triad is the fundamental model used in cybersecurity that represents the three main concepts used to protect information systems and shape security policies. CIA stands for Confidentiality, Integrity, and Availability.

Confidentiality concerns information only being accessible only to the people that should have access. An example is encrypting files. It is also a good way to protect your data when sending files over the internet. It is good to keep files encrypted in case internal files fall into the wrong hands. This is very important because personally identifiable information like names, addresses, and social security numbers need to stay private to prevent fraud. Financial data also needs to be confidential to protect banking information.

Integrity involves ensuring that the information remains accurate and unaltered. An example is digital signatures. When using information it is very important that the information is accurate. Inaccurate information could lead to business operation errors causing the company to lose money. If it is medical records it could lead to the death of a patient if the information is not correct.

Availability ensures that the information and systems are able to be accessed by the authorized people when needed. An example would be having backups if the main server is compromised. Systems need to always be up and ready for staff to do their job or for customers to access. Prolonged outages can cost the company a lot of money. Many companies do software backups just in case they need to do a wipe if there is malware. Without a backup they would have to start the system from scratch causing the outage to be longer. Backups can be done once every week, month, and year but the interval is specific to company policy. Power generators are also used in case of power outages.

Authentication is verifying someone’s identity. An example would be a username and password

Authorization is giving access. An example is user1 being able to view a file but not edit it

Exploring Attacks On Availability

The CIA triad consists of Confidentiality, Integrity, and Availability. Availability is one of the three major backbones of cybersecurity. It is important because data, services, and systems have no value if they aren’t available. An attack on availability is an attack specifically made to stop legitimate users from accessing data, services, and systems.

One example of an attack on availability is a Distributed Denial of Service attack, also known as DDOS. This is when an attacker uses a large network of compromised devices to flood a system or network with traffic. This system of compromised devices working together is called a botnet. The objective is to overwhelm servers making it so that the normal traffic cannot access it. This gives the attackers the ability to affect organizations without having access to their data or systems. Sometimes it is used as a distraction to gain access to those systems during the DDOS attack.

Loss of availability can shut down virtual services and stall business operations. For real users access to products, services and information is cut off. Meaning anything that’s online from gaming, banking, and healthcare can possibly not be available. This can lead to loss of money for customers and organizations. A loss of certain services can also affect the public’s safety. The loss of hospital, emergency response systems, and power grids could be very dangerous. If a hospital loses access to patient files or critical equipment it can have very negative impacts. Another important one that can affect public safety is power grids. Attackers and cyber security specialists know this, which is why they have very advanced systems in place to protect them.