SCADA Systems

SCADA systems are systems used to used to control infrastructure processes, facility-based processes, and industrial processes (SCADA). SCADA stands for supervisory control and data acquisition. In every SCADA system there is: a human operator, a supervisory system that contains all the required data about the process, Remote Terminal Units, Programmable Logic Controller, and Communication infrastructure that connects the Remote Terminal Units to supervisory system. There are many vulnerabilities that are associated with the critical infrastructure system. One of the most controversial incidents that affected critical infrastructure systems, both physically and cyber, over that past few decades was the 9/11 attacks. The ability to track, identify, or defend against many different threats to critical infrastructure have improved (Tal, 2018). A wide amount of surveillance equipment and cameras are usually connected to software and human operators surround almost every critical infrastructure site or facility. Although technologies have advanced to protect systems against vulnerabilities, so have the attackers and their abilities. SCADA has many ways of mitigating their risks. SCADA refers to centralized systems that manage and track the whole system, or complex systems that are dispersed over large areas(SCADA). Human Machine Interface is an apparatus that gives the processed data to the human operator (SCADA). For example, SCADA systems are constantly used in alarms. if your phone alarm is activated, messages and texts are sent straight to SCADA operators and managers. Remote terminal unit’s (RCU) are used to convert all electrical signals coming from the equipment into digital values so that they can be controlled. There are certain threats that cannot be prevented by SCADA. These threats include earthquakes, tsunamis, land shifting, volcanic eruptions, extreme weather (hurricanes, floods, draught), fires (Tal, 2018).  Although these threats cannot be prevented, the systems set up by SCADA are made to alert operators of threats and disasters before they occur.

SCADA Systems. (n.d.). Retrieved January 08, 2021, from http://www.scadasystems.net/

Tal, J. (2018, September 29). America’s Critical Infrastructure: Threats, Vulnerabilities and Solutions. Retrieved January 08, 2021, from https://www.securityinfowatch.com/access-identity/access-control/article/12427447/americas-critical-infrastructure-threats-vulnerabilities-and-solutions

How should markets, businesses, groups, and individuals be regulated or limited differently in the face of diminishing state power and the intelligification and networking of the material world?

I believe that technology is advancing in a very rapid way. In most ways it is beneficial improves many peoples way of life, but Verbeek discusses how this technology could be dangerous to society as well. I believe hat markets, businesses, groups, and individuals should be all held to an equal standard when it comes to diminishing state power. No one market or business should be held to a higher standard then the other. Verbeek also discusses how people should stop viewing technology as just technology and should try getting a more complete understanding of technology and the material world as we incoprate it into our lives. Two questions that Verbeek discussed whether a given technology is morally acceptable or not, but that is directed at improving the quality of our lives, as lived with technology, and how we could impose ‘limits’ to technological developments, but rather how we can deal in responsible ways with the ongoing of humans and technologies (Floridi, 2015). I believe the developing technology is morally acceptable, but these new devices can be used for unethical reasons. An example he uses is the google glass. The glasses contain small, transparent monitors and cameras that can produce information and complete tasks instantaneously. One issue with this is that it could be an invasion of privacy and used to commit harm to a person or an organization. Another issue is that it could be unfair for many wealthier people to have access to these technology while people who cannot afford are without. This can heighten tensions and create many issues.

Floridi, L. (Ed.). (2015). The Onlife Manifesto. Springer Open, 217-220. doi:10.1007/978-3-319-04093-6

The NIST Cybersecurity Framework

Data breaches are a significant cyber threat that can impact a company’s bottom line extremely rapidly in more ways than one, which is why it is important to find comprehensive cyber protection solutions to ensure that your company is safe. Organizations can gain many benefits from the NIST Framework. The content of this framework protects the United States from many cybersecurity threats. These threats can drive up costs and affect revenue and harm an organization’s ability to innovate and to gain and maintain customers (2018). The Framework should not be viewed as a checklist, but rather an overall information risk management program. The framework is made up of three parts: The Framework Core, The Framework Implementation Tiers, and the Framework Profiles (2018). The Framework can also assist organizations in identifying cybersecurity as it affects the privacy of customers, employees, and other related people. I would defiantly implement many of these strategies into my future workplace. Mainly the Framework Core because I believe it is the most effective way of solving a threat. The framework core consists of five high level functions: Identify, Protect, Detect, Respond, and Recover (RSI Security, 2018). I would use the Framework to provide a common language and structured approach for managing cybersecurity threats.

References:

Framework for Improving Critical Infrastructure Cybersecurity. (2018). National Institute of Standards and Technology, 1.1. doi:10.6028/nist.cswp.04162018

RSI Security. (2018, October 26). Why You Should Adopt the Cybersecurity NIST Framework. Retrieved January 08, 2021, from https://blog.rsisecurity.com/why-you-should-adopt-the-cybersecurity-nist-framework/

The CIA Triad

The CIA triad is what information security professionals refer to when developing an organizations security infrastructure. Although this model shares the same acronym, it has no relation to the Central Intelligence Agency (Fruhlinger, 2020). These three letters stand for confidentiality, integrity, and availability. This model is used by organizations to keep data secure in many ways. According to Ben Miller, a vice president at a cyber-security firm named Dragos, found that the CIA triad was not created by one specific person (Fruhlinger, 2020). Since this concept was not created by any one person, it has left space for many researchers to elaborate and on the concept and create their own meanings. The CIA triad is so fundamental to apply to infosec applications so that you can be assured that one or more of these concepts have been breached if data is leaked, a system is breached, or any number of other security incidents occur (Walkowski, 2019).

The first part of the CIA triad is confidentiality. This term means that infosec professionals aim to keep their data private or secret. This also means that only authorized users should be able to access and change data. Anything that relates to data access lies under the confidentiality concept. There are 2 subdivisions in confidentiality that are very important in keeping data secure, authentication and authorization. Authentication is a process used to determine if a user is who they say they are (Fruhlinger, 2020). There are many ways for a program to authenticate a user including face scanning, voice recognition, and fingerprint scanning. For example, the iPhone gives an option instead of just typing a password to unlock your phone you can set up a face scan of your face or a fingerprint scan of up to five fingers. This means if the apple software does not recognize your face, or your fingerprint your phone will not unlock because your information was not authenticated. Authorization deals with determining who has access to what data (Fruhlinger, 2020). A program can use authentication to see if you are who you say you are, but you still may not have access to all of the data on whatever program you are running. For example, when you are logging into blackboard to see what grade your teacher gave you, instead of seeing all of the grades the teacher loaded into the blackboard program, you would only be able to see your specific grade because you are authorized to do so.

The second part of the CIA triad is integrity. Integrity in infosec means that data should be left in its original form and nobody should be able to change it whether by accident or maliciously (Fruhlinger, 2020). In other words, making sure data has not been tampered with and is correct and authentic. For example, when a teacher inputs grades into the grade book, nobody can come in and change the grades or add or remove information from the gradebook. The last part of the CIA triad is availability. This means that authorized users should be able to access data whenever they need to do so (Fruhlinger, 2020). For an organization to ensure availability this means that network systems and applications should be fully functioning 24/7 so that users can have reliable access at any time. For example, if a student wants to view their grades and available assignments, they should be able to do so at any time.

References:

Fruhlinger, J. (2020). The CIA Triad. IDG Communications Inc.

Walkowski, D. (2019, July 09). What Is The CIA Triad? Retrieved December 29, 2020, from https://www.f5.com/labs/articles/education/what-is-the-cia-triad