Here are some readings and research writings I have accomplished.

Posted by nbang004 on

View on CRISPR Gene Editing:

The article by Devin Coldewey outlines potential future risks that could harm technological integrity and security. Among the many risks posed by advances in bioscience technology, the author highlights 5 issues. The first issue mentions how DNA can carry malware that infects sequencing computers. In a study to understand and identify this weakness, researchers at the University of Washington intentionally encoded a malicious payload into a DNA strand, and once the payload was read, it triggered an overflow in software. That said, if information like this were publicized, a simple biological sample could be used as a cyberattack vector. This creates an entirely new “playing” field for cyber criminals who intend on attacking businesses for ransom. Another issue mentioned describes the unreliability of Bioinformatics Software. Coldewey emphasizes that the majority of these analysis tools use outdated data, lack modern security protection, and are designed obliviously to cyber threats in the software.
Attackers can exploit this vulnerability, and as I’ve mentioned before, this can evolve into threats in high demand for ransom, eventually controlling the business market virtually.

A third Risk identified within the study conducted by students at the University of Washington was the information accessible once hacked into the genetic database. Within seconds, they could access genetic databases, patient information, research data, and lab networks, which should be encrypted and inaccessible. A malware infection such as this could lead to theft or manipulation of extremely sensitive genetic information, harming the overall goal and integrity of the patient’s information security. Without encrypted patient data, Hackers could hold said data for ransom, or even lead to our fourth discovery, this data could be manipulated. Cyber criminals could alter
virtually anything from sequencing outputs, data, medical, and forensic results, further damaging the integrity and security of patient information. The last overall identifiable risk was that biology and cybersecurity are now intertwined, meaning that now is the time to begin integrating cybersecurity and biology to advance technology and human advancement.


To mitigate these issues, companies should adopt strong, structured sequencing software, sanitize and validate Data, isolate sequencing machines, encrypt genetic databases, secure software supply chain, train lab personnel in cybersecurity ethics, and perform penetration testing. By strengthening sequencing software with practices such as secure coding, vulnerability
scanning, and staying up to date on software/firmware, businesses can prevent buffer overflows that were used in the attack by the students. Validating and sanitizing data ensures the integrity of patient data. By integrating actions like rejecting malformed data patterns or avoiding the use of custom parsing code, patient data is sure to be reliable and accurate.

Isolating the machines prevents the lateral movement of malware and ensures that a virus stays on whichever system it came from. Actions that convey this include network segmentation, running analysis pipelines in containers or VMs, and limiting privileges. Encrypted data and lab training further ensure
patient data integrity and enforce data security. Penetration testing prevents future unknown risks that could potentially evolve, and it represents professional business technology ethics. The second article by Heidi Ledford highlights the risks around privacy, consent, and potential misuse of genetic data. Heidi questions equity and fairness, mentioning that access to
these technologies may deepen existing social inequalities. This article warns that without strong oversight, genetic technologies could enable discrimination or unintended societal harm. Taken together, the two articles show that modern DNA technologies carry both unprecedented power
and unknown risk. On one hand, the article by Coldewey reveals how DNA itself can be a vector in a cyberattack, exposing countless vulnerabilities in sequencing software, genetic databases, and the bio-cyber ecosystem. Yet on the other hand, the article by Heidi Ledford examines the ethical stakes of data once it is hacked, from privacy and consent to potential misuse. Both articles have taught me the importance of patient/client data integrity, from a business owner’s or a
consumer’s perspective.

SCADA Systems and How to Protect Them
Nassir Bangs
CYSE 200T
Dr. Kinoon
4/12/26

ICS are used to control infrastructure, facility-based, and industrial processes, meaning ICS is essentially a way of supervising and controlling these processes. ICSs are everywhere, from water treatment facilities to airports or power generation, serving as a coordinator to safely monitor, control, and analyze processes in real time. All control actions are automatically performed by the RTUs (remote terminal units) or by PLCs (programmable logic controllers). Critical infrastructure systems such as water, energy,
transportation, and healthcare become vulnerable due to the reliance on ICS that are often outdated. Weak passwords, Direct internet exposure of control interfaces, Limited resources for cybersecurity, and connections between ICS and corporate IT networks are not foreign identifiable risks that could lead to infiltration, manipulation, or operational disruptions. ICs components are constantly and increasingly connected to the internet; however, this is where SCADA comes into play.

SCADA Applications help mitigate risks by providing centralized control, monitoring, access management, and network segmentation. SCADA provides real-time visibility into industrial processes, allowing operators to detect anomalies before they escalate. This prevents attacks like odd sensor readings or unexpected valve changes, and without SCADA’s centralized visibility, these bugs or glitches go unnoticed until physical processes are affected. In all, you can’t defend what you can’t see, and SCADA offers operators situational awareness that is critical in identifying cyberattacks early on. To complement this, SCADA systems can enforce authentication and authorization before anyone interacts with PLCs or RTUs. The most common ICS compromises begin with unauthorized access, and SCADA reduces that risk by controlling
who can issue commands. Modern SCADA supports segmented networks, firewalls, and DMZ. Without it, many cyber attackers could infiltrate because IT and OT networks are flat and interconnected. Segmentation prevents attackers from infiltrating a network and provides one of the strongest defenses against ransomware.

SCADA systems generate logs of operator actions, configuration changes, and system events. These logs help identify what happened, when, and how during a cyber-attack. Logs essentially blind a cyber attacker during and after the incident, which in turn strengthens security. In summary, the security of critical infrastructure depends heavily on the resilience of the ICS environments that operate it. As these systems continue to develop and become increasingly intertwined, their vulnerabilities grow more pronounced, creating
opportunities for cyber actors to disrupt essential services. SCADA applications serve as a crucial safeguard in this landscape by strengthening visibility, enforcing access control, segmenting networks, and preserving detailed records. We must defend the upcoming ICSs’ development and guide it towards a safer, connected, and protective goal. Together, these capabilities transform SCADA from a single supervisory tool into a foundational layer of defense. While no system is entirely immune to cyber threats, integrating SCADA-Driven security practices significantly reduces the likelihood that
vulnerabilities within ICS will translate into real-world consequences

The CIA Triad

Nassir Bangs
2/6/26
CYSE200T
28058

Cybersecurity and Information Technology, or IT, are generally identified in the same
department since they share tools, databases, responsibilities, and infrastructure. The
responsibilities they share encompass three important concepts: confidentiality, integrity, and
availability, otherwise known as the CIA Triad. The CIA triad has roots beginning in Vietnam
War, spanning to the early 2000s. This evolutionary concept has been reviewed and revised many times, acting as a guidebook rather than a single concept. To understand the CIA Triad, we must first dissect the acronym into its three parts and acknowledge that one concept meshes with the rest; therefore, you cannot have integrity without confidentiality or availability. Each is interchangeable but provides great significance by itself. (Perusall, 2026)

Confidentiality refers to Security; this concept makes sure that only authorized personnel
are given access to everything from passwords to data. This component is crucial because data leaks can lead to loss of sensitive information, which can harm a business, leading to your
resignation. To ensure confidentiality, encrypting or enabling 2-factor authentication can provide layers of security, making sure data stays private and in control. Integrity encompasses maintaining accurate and unaltered data to ensure it cannot be tampered with by unauthorized users. Integrity and confidentiality mesh together, meaning that without one, you cannot have the other. If your job is to protect information, ensuring that you have the correct information, unaltered, and accessible always means you have full control over the information and a job well done. The last component of the triad is availability, often overlooked. Availability refers to authorized users having access to data at any time. Availability has a significant role in the triad because a system that can’t be accessed when needed is just as insecure as one that leaks data or produces bad results, rendering a system useless. Using each concept and component of the CIA triad, defending systems becomes less challenging and strengthens a database.

Two words stand out the most in the CIA Triad, and they are Authentication and
authorization, and although they sound similar, they each contain distinct differences that set
them apart. Authentication answers the question “who are you?’ meaning it’s the process of
verifying the identity of a user using credentials such as passwords or biometrics. Authorization refers to granting or denying access to resources after identity has been authenticated. For example, when you log into Canvas or anything ODU-related, the website requires you to log in using your ODU domain and password to authenticate or check to see if you are who you say you are. Once logged in, the system grants you permissions, and you can view grades, access a restricted document, etc. (Stallings, W. 2018)

References:
Persuall,2026 unknown, unknown. (n.d.). Cybersecurity, Technology, & Society. Perusall.
https://app.perusall.com/courses/202520_cyse200t_28058-cybersecurity-technolsociety/cybersecurity-technology-and-society-first-edition2025?assignmentId=wFxo9uggepdHHH7sF&part=1&studentId=&filter=all
Stallings, W. (2018). Cryptography and Network Security: Principles and Practice. Pearson

Leave a Reply

Your email address will not be published. Required fields are marked *