Prioritizing CIA components

The triad components of information security are confidentiality, integrity, and availability. Confidentiality specifies that only authorized users can access the system. Integrity implies that the information accessed is trustworthy and accurate. Availability requires that information can always be accessed when needed. While these three components are equal from a purely technical perspective, different industries may assign varying importance to any of these components at any given time as evident in the examples that follow.

Firstly, consider confidentiality. In the manufacturing industry, it is common to have trade secrets. These secrets are so important to businesses as they help them thrive by providing a competitive advantage. However, manufacturers must source raw materials from suppliers and would need to share information with them to ensure transparency, which is foundational to an effective supply chain, as it prevents scandals. To provide a balance and resolve this conundrum, blockchain technology, that is, digital information in a shared database is used. Through a distributed ledger, all participants can have a copy of transactions. However, this ability to view and submit transactions on the chain can be limited to only authorized parties with the necessary permissions in a private blockchain. Consequently, manufacturers can maintain transparency with all suppliers in their supply chain without divulging trade secrets or recipes to their competitors even if these competitors are serviced by the same supplier.

Secondly, consider integrity. The maritime industry requires that for any ship to sail, it must have a fully functioning Voyage Data Recorder (VDR), also known as the “black boxes” of the shipping industry. VDRs collect and record information about the ship such as date and time, ship position, speed heading, and rudder and engine orders so as to provide crucial information required for investigations in the event of an accident to prevent a recurrence. If the integrity of the recorded data is tampered with, even in the slightest manner, it can result in loss of money and even worse, future loss of lives. In one research, attackers were able to compromise the integrity of a test VDR running on a Windows Embedded Standard 7 OS by using Kali Linux, Metasploit, Nmap, and a USB rubber ducky without leaving a single trace of tampering. One possible solution to mitigate this risk is to use a more recent operating system that receives support for security updates.

Finally, consider availability. Internet of Things (IoT) devices are increasingly being used in electricity production, transmission, and distribution. Higher priority is placed on availability in this industry because foremost, power disruptions can cause chaos and ginormous financial losses in locations like data centers and nuclear plants, and generally, nobody likes the feeling that comes with being without light. However, IoT devices have limited energy and computational resources. To remain available, practices such as the adoption of lightweight cryptography techniques, edge computing, and cloud computing are harnessed all in a bid to ensure that these devices have the computational support required to keep them highly available.