Category: Uncategorized

Critical Infrastructure systems are systems that “are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security”, according to the Cybersecurity and Infrastructure Security Agency. They consist of systems that control important resources like water, oil, and gas or processes like transportation, manufacturing, or power production. Due to these systems being required to keep the US functioning, they should be some of the most secure running systems within the US. However, they have their fair share of vulnerabilities that could cause numerous problems should they be exploited. SCADA systems are designed to control these critical infrastructure systems and protect them against possible vulnerabilities. One such vulnerability would be possible harm or even death done by the failure of control systems, as dangers like high voltage can result in the loss of life. SCADA systems help prevent this by ruggedizing hardware to withstand natural conditions that could harm humans, as well as identifying the failing part and taking over it through backup hardware automatically. This allows the system to continue working without being interrupted while still allowing the part to be identified and eventually replaced, according to the article by scadasystems.net. However, security risks to critical infrastructure typically come in two different varieties, the first being unauthorized access to the software. The second is the fact that there is very little security relating to packet control, meaning those with physical access to network switches can possibly control SCADA systems, according to the same article mentioned before by scadasystems.net. While these vulnerabilities are dangerous, there are a few ways to defend against their possible exploitation, such as VPNs or firewalls that are designed specifically for SCADA networks based on TCP/IP. Another solution would be to implement whitelisting to ensure that only approved users are allowed access to sensitive software, eliminating most of the possibility of bad actors taking advantage of critical infrastructure systems.

Sources

“Critical Infrastructure Sectors.” Cybersecurity and Infrastructure Security Agency CISA, https://www.cisa.gov/critical-infrastructure-sectors.

“SCADA Systems.” SCADA Systems, http://www.scadasystems.net/.

The work conducted by humans and the work conducted by technology within the cybersecurity field are not separate categories. They go together and there is a tradeoff between the two, with some funds allocated to training human workers and others allocated to the technology used to assist humans. However, there are weaknesses within the ability of humans to ensure the safety of the assets they are tasked with protecting. According to the Psych-Technological Matrix of Cybersecurity Threats, of which there are nine different areas, “… only three do not involve human psychology while six either may to some extent rely on human psychology or have human psychology as a key factor” (Pogrebna-Taratine, 2020). This means that most threats exploit some element of human behavior to achieve their end goal. Some elements of your security measures must not be managed directly by humans and some sort of technology should be tasked with managing the measures. This includes automating areas like data logging or virus protection to take out the element of human hesitation or confusion. Human data loggers would have to either decide what data is important before logging or work constantly to ensure the data is up to date. However, an automated system can simply log and keep track of all data constantly while also monitoring it for anomalous activities and taking the appropriate actions to combat possible threats (Capone, 2018). With these factors in mind, I think I would focus on mostly automating jobs that can be done by technology much more efficiently while training human workers to recognize possible social engineering methods. The main job of the workers would be ensuring the systems are working properly as well as looking for possible intrusions that the machines missed. By partially removing the human factor, many social engineering loopholes used by hackers could be removed while still ensuring security with the automated systems. Professionals would still be used but would be there to defend against detected intrusions and maintain the automated systems rather than being the first line of defense against possible attacks. The systems could also be constantly updated to account for new methods to ensure they do not allow new methods of attack to go unnoticed.

Works Cited

Pogrebna, Ganna, and Boris Taratine. “Cybersecurity as a Behavioural Science: Part 1.” CyberBitsEtc, 14 Feb. 2020, https://www.cyberbitsetc.org/post/cybersecurity-as-a-behavioural-science-part-1#:~:text=The%20main%20advantage%20of%20looking,new%20risks%20and%20vulnerabilities%20by.

Capone, Jeff. “The Impact of Human Behavior on Security.” CSO Online, 25 May 2018, https://www.csoonline.com/article/3275930/the-impact-of-human-behavior-on-security.html.

The CIA triad is an information security model that serves as a guideline and rests on three core principles. These principles are Confidentiality, Integrity, and Availability and each represents a different aspect of information security. Its purpose is to provide a sort of guideline for information security professionals to design systems around balancing the three principles and ensuring all of them are considered. Confidentiality is the principle of ensuring that only those who should have access to certain information are the ones who have access. Some information is sensitive and there are varying degrees of confidentiality, with more defenses needed for more confidential information. This principle is protected by measures like passwords, face-scanning technology, or two-factor authentication as these measures ask for information that only the correct users should have. Integrity is the principle of ensuring data remains in the correct form and is not altered in any way that would harm those who utilize it. The information must be in the correct form to be properly utilized and integrity is concerned with keeping data safe from unwanted alteration. Notifying users when changes are made and having certain information exempt from editing unless a password is provided are some possible ways to defend against dangers to integrity. Availability is the principle of information always being available to those who are given permission to access it. It differs from confidentiality because confidentiality seeks to ensure those who do not have access to the information do not gain access, while availability seeks to ensure the data stays accessible to those who do have access. Some of the best defenses would be firewalls, stronger servers, and using practices like penetration testing to find vulnerabilities in your defenses. Authentication and Authorization may sound similar, but they ultimately serve two different purposes in information security. Authentication is simply the verification of your identity, ensuring that you’re who you say you are, while authorization ensures that you have access to the information or resources you are trying to access. For instance, a system may ask for a password, security question, or facial recognition technology to authenticate your identity while the system may check your admin status or ask for admin-specific commands.

Sources

Fruhlinger, J. (n.d.). The CIA triad.pdf. Google Drive. Retrieved March 15, 2022, from https://drive.google.com/file/d/1Mn3icTLG5X3W7tJjuDaohW8OscHdLOQI/view