Cybersecurity, Technology, and Society

NIST Framework

This framework provides a common language for managing and expressing cybersecurity for external and internal stakeholders. It can be used to supervise cybersecurity risk and it can also be used to focus on delivering critical services within an organization. The framework’s core is made up of a few key concepts that include; identifying, protecting, detecting, responding, and recovering. These concepts are not a checklist but actually, key cybersecurity outcomes recognized by stakeholders as helpful in managing cybersecurity risk.

At my workplace, I could use this for a framework profile. framework profiles can be used to report the current state or desired target state of current cybersecurity activities. Depending on how sophisticated the organization is they could choose to have multiple profiles. The current profile tells the cybersecurity outcomes that are already being achieved and the target profile indicates the outcomes that need to be achieved for desired cybersecurity risk. I could also use this framework as a risk management tool. I could overlay this new framework on the current one and it can determine gaps in their security. Lastly, I could also use this framework as a foundation for a new program.

Write Up: SCADA Systems

SCADA stands for Supervisory Control and Data Acquisition. This system controls, monitors, and analyzes industrial devices and processes worldwide. The information from goes from remote plants to headquarters, the elements of SCADA include sensors and actuators, PLCs, remote terminal units, telecommunications, and SCADA clients and servers.

When it comes to cyber vulnerabilities in engineering systems there are quite a few. Every device is a potential entry point for a cyber attack and the number of devices is always increasing. While an insecure device may not be the target it could be a pivot point for an attack elsewhere.

Engineering cyber systems are often distributed over large areas, making physical security a challenge. When dealing with physical aspects there could be weak physical protection, some could be antique, and remote devices are hard to upgrade.

SCADA has been put in play to help risk management for critical infrastructures. SCADA can help because let’s say there has been a breach at a remote site SCADA can automatically perform a safe shutdown of the assets. This system can also be used as an advanced warning system against threats.

In conclusion, SCADA seems to be a great solution to risk management for critical infrastructures and should be used at any remote site that has important assets.

Works Cited

Role of SCADA in Securing Critical Infrastructure | Waterworld. 1 Apr. 2005, https://www.waterworld.com/home/article/16190328/role-of-scada-in-securing-critical-infrastructure.

Write Up: CIA Triad

Confidentiality, integrity, and availability in cybersecurity represent the CIA triad. This is a model designed to direct policies for security within an organization.
The C in the acronym stands for confidentially, basically meaning privacy. Confidential measures are made to stop delicate information from unauthorized access attempts. Examples of keeping confidentiality are encryption. Two-factor authentication is starting to become the new norm. Other examples include security tokens and key fobs. Users can also minimize the number of places information appears and the number of times it’s passed to complete a required transaction.
Integrity is the next word in the triad. This means keeping data accurate, consistent, and trustworthy throughout its entire lifespan. Data should not be changed in transit, and steps must be taken to ensure data can not be changed by unauthorized people. Examples include file permissions and user access controls. Companies should use electromagnetic pules (EMTs) or server crashers to detect any non-human changes. Data could include checksums for verification of integrity. Redundancies and backups also must be available to restore the affected data to its original state, if tampered with.
Lastly is Availability, meaning information should always be available to be accessed by authorized users. This requires appropriately maintaining infrastructure and systems that hold and show the information. Examples include performing repairs as soon as needed, You have to have your system as upgraded as possible. Fast and adaptive disaster recovery is needed for worst-case scenarios. The best way to prevent data loss in worst-case scenarios is to have a backup copy stored in geographically isolated locations, even in a fire and waterproof safe. In the event of a natural disaster or fire safeguards.
Authorization and authentication are both important information security processes that companies and organizations use. Authentication is verifying who a user is, and authorization is verifying what they have access to. You can find examples when trying to catch a flight. When you go through security in an airport, you have to show your ID to “authenticate” your identity. After that when you arrive at the gate, you display your boarding pass to the flight attendant, so they can “authorize” you to board your flight to allow access to the plane.
Works Cited
Auth0. “Authentication vs. Authorization.” Auth0 Docs, https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization.
Chai, Wesley. “What Is the CIA triad_ Definition, Explanation, Examples – Techtarget.pdf.” Google Drive, Google, 26 June 2020, https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view.