Cybersecurity, Technology, and Society

In CYSE 200T, we explore how technology is related to cybersecurity from an interdisciplinary orientation. Attention is given to the way that technologically driven cybersecurity issues are connected to cultural, political, legal, ethical, and business domains. The learning outcomes for this course are as follows:

1. Describe how cyber technology creates opportunities for criminal behavior,
2. Identify how cultural beliefs interact with technology to impact cybersecurity strategies,
3. Understand and describe how the components, mechanisms, and functions of cyber systems produce security concerns,
4. Discuss the impact that cyber technology has on individuals’ experiences with crime and victimization,
5. Understand and describe ethical dilemmas, both intended and unintended, that cybersecurity efforts, produce for individuals, nations, societies, and the environment,
6. Describe the costs and benefits of producing secure cyber technologies,
7. Understand and describe the global nature of cybersecurity and the way that cybersecurity efforts have produced and inhibited global changes,
8. Describe the role of cybersecurity in defining definitions of appropriate and inappropriate behavior,
9. Describe how cybersecurity produces ideas of progress and modernism.

Course Material

NIST Cybersecurity Framework Discussion Board Post:

There is plenty of benefits organizations gain from utilizing the National Institute of Standards and Technology Cybersecurity Framework. For one, the NIST Framework provides guidance for better management of cybersecurity risks. It offers a set of different processes that can be specifically catered to a specific organization for their risk management systems and identify steps to strengthen them. The NIST CSF includes three components which is the core, implementation tiers, and profiles. The framework profile aligns the functions, categories, and subcategories within the organization’s business requirements, risk tolerance, and resources of the organization. A Profile allows organizations to create a roadmap for reducing cybersecurity risk that also aligns with their organizational and sector goals, considers legal/regulatory requirements and industry best practices, and reflects risk management priorities. Overall the framework functions in identifying, protecting, detecting, responding, and recovering. Within the Framework core, it aids an organization in expressing its management of cybersecurity risk by organizing information, enabling risk management decisions, addressing threats, and improving by learning from previous activities. The implementation tiers describe the maturity level of an organization’s risk management practices that measure progress in reducing cybersecurity risks. I personally would utilize the NIST Cybersecurity framework at my future workplace to strengthen our cybersecurity program and improve our risk management and compliance processes. This would help my future workplace in implementing processes for identifying and mitigating risks, and detecting, responding to, and recovering from cyberattacks.

Cybersecurity in the Biological Sciences Industry Discussion Board Post:

The mitigation strategies and techniques I would implement to safeguard my lab are to conduct a risk assessment, build an incident response plan, and have an installation of security solutions. I would perform a risk assessment to determine vulnerabilities and uncover breaches in security controls. This insight would then determine what security measures need to be placed to safeguard my lab. This is when an incident response plan comes into play. This critical component helps an organization in having resources in place in the event of an attack. Furthermore, I would also have strategies I would use involving the installation of security solutions. These mitigation strategy solutions involve firewalls and antivirus software. Having these as defenses provide a barrier of protection for my lab. Since firewalls act as a buffer between my network and hackers I would get a better sense of control over traffic and overall security. As for having antivirus software, it would be searching through the network for the purpose of identifying any potentially malicious threats. All in all, having risk assessment, building an incident response plan, and having an installation of security solutions reduces risk by limiting weaknesses that attackers use to gain access to systems, networks, and software. 

The CIA Triad Write Up:

The CIA Triad is an information security model which helps guide an organization’s policies in keeping its data secure. It is not a distinct doctrine and there is no one author. The three core principles within the CIA Triad are confidentiality, integrity, and availability. Confidentiality is when only authorized users and processes should be able to access or modify data. An example would be when you log in and you’re asked for a password. If it has been a while since your last log-in, you would most likely be requested for a code that’s been sent to you or some other form of two-factor authentication. Integrity describes how data should be maintained in a correct state and nobody should be able to improperly modify it, either accidentally or maliciously. An example of when data integrity is supplied is by making sure your assets are reflected in your account and entitling you to contact a representative if there’s a discrepancy. Availability enlists that authorized users should be able to access data whenever they need to do so. For this reason, you can log into your account whenever you want, and you may even be able to contact customer support at any time of the day. Authentication is the process of verifying who someone is, whereas authorization is the process of verifying what specific applications, files, and data a user has access to. Authentication encloses procedures that allow systems to decide if a user is who they say they are. These confine passwords and an array of techniques obtainable for verifying identity: biometrics, security tokens, cryptographic keys, etc. Authorization decides who has the claim to access which data. One of the most important ways to enforce confidentiality is by establishing need-to-know mechanisms for data access. According to Josh Fruhlinger with CSO, “Users whose accounts have been hacked or who have gone rogue can’t compromise sensitive data. Most operating systems enforce confidentiality in this sense by having many files only accessible by their creators or an admin, for instance.” 

SCADA Systems Write Up:

SCADA systems stand for supervisory control and data acquisition. These systems go hand to hand with ICS or industrial control systems which control infrastructure processes. Examples of some infrastructure processes include water treatment, wastewater treatment, gas pipelines, wind farms, etc), facility-based processes (airports, space stations, ships, etc,) or industrial processes (production, manufacturing, refining, power generation, etc). SCADA has to do a lot with the centralized systems that manage and observe the entire site. Due to the remote terminal units (RTUs) and programmable logic controllers (PLCs), almost all control actions are automatically executed. Although, there is a human operator with Human Machine Interface or HMI where an apparatus gives the processed data to the human operator. The human operator uses HMI to control processes and provide diagnostic data, management information, and trending information. There are many vulnerabilities associated with critical infrastructure systems. These include unsophisticated bugs like stack and buffer overflows as well as information disclosure and many others. For this reason, these vulnerabilities allow attackers to execute arbitrary code (RCE), perform denial of service (DoS), or steal information. The casualties resulting from control system failures are very harmful to where even lives can be lost. The role SCADA applications would play in mitigating the risks should include preventive measures like permitting only authorized users, avoiding unauthorized changes, and packet access to the network. Also, organizations should create a private network (VPN), security checks, firewall solutions, report monitoring, and standard protocols that should be handled on an ongoing basis to address vulnerabilities more rapidly. All in all, critical infrastructure systems must be monitored for any vulnerabilities and threats that may arise. For the purpose of minimizing the threats associated with critical infrastructure systems and being aware of the vulnerabilities that may emerge, a preventative measure plan should be implemented with standard operating procedures for security issue protocols.