IT/CYSE 200T

Discussion Posts

CRISPR Gene Editing, Opinion

The ethical dangers of CRISPR gene editing boil down to two main problems: the possibility that it could be used to further eugenics, and the inherent danger that comes with such a cutting edge new technology interfering with something as mysterious as the building blocks of human life. We as humans, in many ways, are our genes. Our genes determine not only how we will be physically due to our healthiness and our ability to thrive, but also our mental health and what we will in turn pass down to our children. To presume to edit that, is to irrevocably change the progression of someone’s life, before that individual can ever consent to such a change. The accusation of parents one day desiring “designer babies”, that they have picked every detail of down to their eye color, is not an unfounded one.

The other main concern that many have with this technology concerns that slippery slope towards eugenics that the CRISPR gene editing theoretically can lead to. We do not live in a perfect society, where humans would be content with simply aiming to prevent their children from inheriting the worst of inherited diseases. There are many couples that would use this kind of technology for far darker reasons than such that, and the concern is that if those individuals are rich enough there would be very little standing in their way. It is a technology that offers immense potential to alleviate suffering, however more laws and restrictions are needed in order prevent great harm from also occurring. 

NIST Cybersecurity Framework: Opinion

It seems to me that when it comes to cybersecurity, having a basic universal agreement on what is best practice is crucial in practically any work environment that I can think of. Though staying flexible, and being able to respond creatively to issues as they happen is important as well, there needs to be a solid guideline, a checklist of items that everyone in the industry has agreed need to be followed under most circumstances. The framework that NIST has developed (and continues to constantly update and keep relevant) is a particularly good example of a solid framework that organizations can depend on as it was developed to defend critical American infrastructure. This inherently means that the utmost diligence was taken to make the framework thorough and usable, as the American government has every reason to want its critical infrastructure to be defended. For private companies, this framework seems to be the golden standard. If I ever work for the private sector in an already established company, I would certainly be willing to use this framework, as in that circumstance it really cannot be beat.

Write-Ups

The Architectural Network of SCADA Systems: Vulnerabilities and Security Issues

Supervisory control and data acquisition, or SCADA, is a term used for complicated networks composed of both hardware and software components that are frequently found in industrial settings. Though these industrial processes are generally meticulously planned out by their creators, there are nevertheless always vulnerabilities that come with such a complex endeavor. SCADA systems help to streamline these needs by utilizing a layered approach to automation.

SCADA Systems: Their Manifestation and Uses

Supervisory control and data acquisition systems, denoted by the singular acronym SCADA, are complex systems that are usually found in industrial settings such as in water or waste control systems. (Loshin) Though there are many different industrial control systems, SCADA are one of the most common kinds found across a variety of industries. They can be purchased “ready to go” from vendors such as Emerson Electric in the United States or Schneider Electric in France. (Mehra) SCADA systems work by using sensors and actuators to both control the automatic needs of the industrial system and to log these instances of control. Then, different kinds of SCADA field controllers interface with the sensors and actuators to log telemetry data and to control slightly higher-level processes, as needed. Next, supervisory computers and HMI software streamline the process on an even higher level, by controlling all SCADA processes as whole, sending commands or modifying data as needed. There is also a communication infrastructure layered on top as well, communicating in real time with the industrial field’s devices. (Loshin) This means that SCADA can respond immediately to issues that may arise in both a prompt and cohesive manner. 

How SCADA Systems Mitigate Vulnerabilities

Complicated industrial processes have long become far too involved for a human network to be able to handle, thus automation is essential in industries such as waste and water management or telecommunications. The main way that SCADA systems work towards decreasing issues with industrial control systems is streamlining the automation process in an effective way. Furthermore, their very popularity helps to mitigate vulnerabilities: the hardware and software used in SCADA systems are widely supported and have strong availability. SCADA vendors, knowing the widespread use of their product, also have strong support systems in operation, as well as strict adherence to industry standards. (Overview, Enterprise Automation) Though there are certain threats to the omnipresence and security of SCADA systems, such as “unauthorized access to software” as well as a troubling gap in security protocol, the efficiency and scalability of SCADA systems remain unparalleled in the industrial industries. (SCADA Systems)

Conclusion

There are many reasons to appreciate the layered and scalable approach that SCADA systems in today’s world have, however the main benefit that they seem to give is the adaptability that they grant. There have been SCADA systems around since the 1960s, however as the technological world has changed with each great step forward, they have adapted every step of the way. The common modern use of cloud computing, as well as the constantly updated protocols that ensure streamlined automation show that despite some threats to their security, SCADA systems are still an advantageous approach to automation in the industrial sector.

References

Mehra, A. (2023). SCADA market. Market Research Firm. Retrieved March 15, 2023, from https://www.marketsandmarkets.com/ResearchInsight/scada-market.asp

Loshin, P. (2021, December 16). What is SCADA (supervisory control and data acquisition)?

WhatIs.com. Retrieved March 15, 2023, from

https://www.techtarget.com/whatis/definition/SCADA-supervisory-control-and-data-acquisition

Overview. Enterprise Automation. (2023, February 24). Retrieved March 16, 2023, from

Overview

SCADA systems. SCADA Systems. (2023). Retrieved March 19, 2023, from

http://www.scadasystems.net/

Balancing Human Training with Technological Advantage

Preventing Cybersecurity Weakness to the Human Factor

When fulfilling the role of a Chief Security Information Officer (CISO), the prevention of cyberattacks is of utmost importance to the completion of the job’s duties. Though the actual steps that need to be taken in pursuit of this prevention and protection may vary, the approach that all CISOs need to take when allocating funds is virtually identical. As the goal -preventing cyberattacks- is the same, best practice when approaching this issue is also the same. Balancing the risk of the human factor in businesses with purely digital risks is critical, whether the CISO in question works in a federal or private position.

Assessing Goals and Risks

The first step when deciding on allocation of funds towards cybersecurity threats as a Chief Security Information Officer (CISO) is assessing the existing state of the company or business from a security perspective. This assessment should include security from all angles: though cybersecurity is the primary concern, physical or infrastructure weaknesses could impact the security of the business as a whole. After a full examination of the business has been conducted, the goals of the business will become clear, and the pertinent risks that the business has before the new allocation of funds will be revealed. (Goodchild, 2018) Using a framework such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework to assess the strength of the current safeguards of the CISOs’ business will ensure that best practice is used. If the CISO is working for the local government or critical infrastructure sectors, they could “…also look at the baseline cybersecurity guidelines set in the Federal Acquisition Regulation (FAR) for public procurement or the Cybersecurity Maturity Model Certification (CMMC)…”, in order to fully assess the needs of their business or organization. (Fiscutean, 2022)

Balancing Human Error and Negligence with Digital Safeguards

Once the current situation of the business becomes clear, seeing where to shore up the guards against cyberattacks is possible. One of the key ways that every business, no matter the safeguards, can become more secure is by hiring more knowledgeable personnel initially, eliminating the need for extensive training later in the budget. Of course, “…due to a skills gap in the industry…”, there is little chance of having a full team of fully qualified security personnel, which means that at least part of the budget needs to be allocated to training. (Sutarwala, 2021) In fact, all personnel who handle security issues of any kind need to be fully trained, and the budget should reflect that.

Human error has been shown through extensive studies to be a main reason for cyber breaches, in fact a study by IBM showed that human error was a major contributing factor in over 90% of cyber breaches. (The Hacker News, 2021) It does not matter how technologically advanced the security systems are within the business, if the personnel are not qualified to handle them there will be unacceptable risk from a cybersecurity perspective. Only after the training budget has been allocated should the remainder be reserved for additional cybersecurity technology.

Conclusion

Allocating funds correctly towards cybersecurity needs will have strong repercussions later in the future for the business, and a CISO needs to be aware of the ramifications. Investing in the people within the company and ensuring that they are correctly trained should be the main focus of allocating a cybersecurity budget. After a fully trained professional security team is solidly operating within the company’s framework, then the budget should be allocated towards additional advanced technological advancements in cybersecurity.

References

 Goodchild, J. (2018, November 18). 4 tips to make the most of your security budget. Security Intelligence. Retrieved April 2, 2023, from https://securityintelligence.com/4-tips-to-make-the-most-of-your-security-budget/

Fiscutean, A. (2022, January 3). Cisos plan what to buy with funds from the infrastructure bill. Dark Reading. Retrieved April 2, 2023, from https://www.darkreading.com/dr-tech/cisos-plan-what-to-buy-with-funds-from-the-infrastructure-bill

Sutarwala, U. (2021, July 15). Top strategies on how to budget as a Ciso. ITSecurityWire. Retrieved April 3, 2023, from https://itsecuritywire.com/featured/top-strategies-on-how-to-budget-as-a-ciso/

The Hacker News. (2021, February 4). Why human error is #1 cyber security threat to businesses in 2021. Retrieved April 3, 2023, from https://thehackernews.com/2021/02/why-human-error-is-1-cyber-security.html