In today’s world, warfare has evolved far beyond the conventional battlefield. The tampering of pagers, walkie-talkies, and other communication tools in political warfare is merely the tip of the iceberg. What lies beneath is a complex, long-term strategy designed to control and manipulate systems in ways most of us cannot even begin to fathom. This post delves into the intricacies of modern warfare and mass surveillance, examining how state actors use technology as a covert tool for geopolitical dominance.
The story of mass surveillance burst into the public consciousness in 2013 when Edward Snowden, a former National Security Agency (NSA) contractor, revealed the extent to which the NSA had been monitoring not only foreign governments but also its own citizens. Snowden’s leaks exposed the NSA’s mass data collection programs, which included PRISM, a surveillance system that gathered data from tech giants such as Google and Facebook . What was once the stuff of dystopian fiction became a reality, raising concerns about privacy, state power, and the ethical boundaries of technology.
These revelations serve as a chilling reminder that modern warfare is not just about real-time action on the battlefield. It involves pre-emptive strikes, often executed silently and invisibly through technological manipulation. The NSA’s use of mass surveillance is just one part of a broader strategy where data is the new weapon, and control over communication systems becomes a pivotal force in global dominance.
When we examine the relationship between surveillance and warfare, Israel’s intelligence and technological prowess come into focus. Israeli cybersecurity firms like NSO Group, the creators of Pegasus spyware, exemplify how technology can be weaponized. Pegasus, which gained global attention for its ability to infiltrate smartphones undetected, is known to have been used against activists, journalists, and even heads of state . However, Pegasus is just the visible surface. The deeper reality involves long-term efforts to introduce vulnerabilities into systems that can be exploited at the right moment.
Israel’s geopolitical positioning makes it a key player in mass surveillance across the Middle East. Many governments in the region, including Egypt, Syria, and Lebanon, use electronic equipment supplied by global tech giants. Yet, the potential for tampering in these devices during the manufacturing process remains a significant concern. As the transcript points out, with thousands of Internet of Things (IoT) devices, Wi-Fi routers, and other electronics in use, it’s impossible to check each for tampering.
This is not merely a case of social engineering—it’s a sophisticated form of advanced layered social engineering, where vulnerabilities are introduced during production and activated at the appropriate moment.
The incident involving pagers acting as bombs and walkie-talkies malfunctioning in real-time highlights the gravity of supply chain attacks. These attacks target the production and distribution networks of technology, allowing malicious actors to introduce vulnerabilities that can later be exploited . Supply chain attacks require years of planning and precise execution. They are not reactive measures but rather proactive strategies designed to create long-lasting control over communication systems.
While hardware tampering is undoubtedly complex and requires high levels of engineering expertise, software-based supply chain attacks are comparatively easier to execute. Once a sophisticated actor has access to a hardware system, compromising its software becomes significantly simpler. Given that software can be modified remotely and often invisibly, malicious actors can inject malware or spyware into a device without physical access. The SolarWinds breach in 2020 is a prime example of this; attackers managed to insert malicious code into a widely used IT management software, compromising thousands of government and corporate networks globally .
As complex as hardware tampering is, software manipulation presents even greater risks because of its ease, scale, and ability to be executed without detection. Unlike hardware tampering, where sophisticated techniques are needed to embed malicious components during the manufacturing process, software supply chain attacks can be deployed by compromising a single update. With global reliance on digital infrastructure, the risks posed by such software tampering are immense. Once a powerful entity gains control over software updates, they can introduce backdoors or vulnerabilities that may remain unnoticed for years.
In the broader geopolitical context, Israel has demonstrated a mastery of this covert warfare. By influencing or controlling the technology infrastructure in surrounding countries, Israel ensures that it can carry out its strategic objectives without direct confrontation. This form of warfare, which blends surveillance, espionage, and sabotage, represents a new era where control over information and communication technology becomes the primary objective.
In modern warfare, state actors often collaborate with corporations and big tech companies. As noted, Israel may not always be the producer of the technologies it uses, but it has the power to influence those who are. In recent years, companies like IBM, Cisco, and Huawei have faced allegations of either willingly or unwittingly providing backdoors into their products . The inherent vulnerabilities in these systems can be used by state actors to gain intelligence, disrupt operations, or even engage in acts of sabotage.
For instance, Apple’s decision to withdraw its case against NSO Group highlights the delicate balance between cybersecurity, privacy, and geopolitics. While the details behind this move may not be fully known, it undoubtedly signals the challenges tech companies face when dealing with powerful state-aligned entities that wield sophisticated surveillance tools like Pegasus. As the battle for control over digital privacy intensifies, Apple’s withdrawal raises more questions than it answers—particularly about the extent to which global tech companies can safeguard their users from the prying eyes of governments with vast technological reach.
Moreover, the widespread use of consumer electronics, from smartphones to routers, means that no one is immune to surveillance. Even with regulatory certifications and quality assurance in place, it’s almost impossible to detect hidden hardware or software designed to act as a backdoor for espionage. For instance, China’s alleged tampering with Supermicro hardware, leading to concerns about espionage, is a testament to the difficulty of detecting supply chain manipulations .
The future of warfare is already here, and it doesn’t look like what we might have expected. It is not about tanks and troops, but about data, surveillance, and control over communication networks. What is most concerning is the invisible nature of this warfare. As noted in the transcript, “the exact depth to which it is happening is something in the imagination.” Yet, we know that powerful nations and corporations are quietly shaping the geopolitical landscape through these covert means.
The pagers and walkie-talkies that malfunctioned are more than just isolated incidents—they are warnings of what is to come. As long as states continue to use technology as a weapon in the geopolitical arena, the boundaries between civil liberties and national security will remain blurred. Our challenge is to recognize these invisible threats and find ways to protect ourselves in a world where mass surveillance and supply chain attacks have become the new norm.
In an increasingly digital world, the question of phone spying has become a significant concern. With the rise of sophisticated hacking tools like Pegasus, malicious actors can gain unauthorized access to personal data, communications, and even control over devices. This raises a critical issue: Is phone spying preventable? The answer is both yes and no. While certain security measures can significantly reduce the risks, no device is entirely immune to spying in today’s interconnected environment.
The Reality of Phone Spying
Phone spying refers to the unauthorized surveillance of a person’s phone activities, often through malware, unauthorized apps, or vulnerabilities in the phone’s operating system. Notably, spyware like Pegasus, developed by NSO Group, has demonstrated the capacity to infect smartphones without user interaction, collecting data, recording calls, and even turning on cameras and microphones remotely. According to a report by Amnesty International, this spyware has been used against journalists, human rights activists, and political figures, heightening concerns about privacy and security in the digital age .
Can It Be Prevented?
1. Awareness and Responsible Usage The first line of defense is being aware of the risks and responsible device usage. Users should be cautious about the apps they download, avoid clicking suspicious links, and regularly update their devices. According to Edward Snowden, a whistleblower who revealed large-scale government surveillance, many people unwittingly compromise their own privacy by neglecting these basic security measures . He also points out that governments and corporations may exploit weak security settings to conduct mass surveillance .
2. Encryption and Secure Communication End-to-end encryption (E2EE) is one of the most effective ways to protect phone communications. Encryption ensures that only the sender and the intended recipient can read messages, reducing the risk of interception. Apps like Signal and WhatsApp employ E2EE, making it difficult for third parties to access messages in transit. However, these measures are not foolproof, as attackers can still exploit vulnerabilities within devices themselves .
3. Software Updates and Patches One of the leading causes of phone spying is outdated software. Phone manufacturers and software developers regularly release patches that fix known vulnerabilities, and failing to install these updates can leave devices exposed to malware attacks. In 2021, Apple issued a critical patch after Pegasus was found to exploit a zero-day vulnerability in iPhones, allowing attackers to install spyware without user interaction .
4. Trusted Sources for Apps and Services Another preventive step is downloading apps only from trusted sources like the Apple App Store or Google Play Store. Sideloading apps from third-party websites or dubious sources increases the likelihood of installing spyware or malicious software. According to research from cybersecurity firm Kaspersky, nearly 30% of mobile malware infections result from apps downloaded outside of official app stores .
Limitations of Preventive Measures
1. Advanced Persistent Threats (APTs) For well-funded and technically sophisticated adversaries, such as nation-states, standard security measures may not be enough. Advanced Persistent Threats (APTs) are tailored attacks that exploit zero-day vulnerabilities—previously unknown flaws in software that manufacturers have not yet patched. These attacks often bypass regular security measures, making them challenging to prevent .
2. Backdoor Access Phone manufacturers and governments sometimes have backdoor access to devices for surveillance purposes. This is done under the guise of national security, as seen in the U.S. National Security Agency’s (NSA) mass surveillance programs, which were exposed by Edward Snowden in 2013 . The use of such backdoors means that, in certain cases, privacy cannot be guaranteed, as these vulnerabilities are deliberately placed within systems.
3. Supply Chain Attacks An often-overlooked vulnerability is in the supply chain. As highlighted in the 2020 SolarWinds hack, attackers can target software or hardware during the manufacturing or shipping process, inserting spyware before the product even reaches the consumer. Supply chain attacks are notoriously difficult to detect and prevent, especially for end users .
Can We Secure the Future?
While perfect prevention might be unrealistic, constant vigilance, better encryption, and timely software updates can minimize the risks. Governments, too, have a role to play by enforcing stronger privacy laws and pressuring tech companies to prioritize security over convenience.
Conclusion Phone spying is a serious threat in today’s world, but it can be mitigated through a combination of user awareness, robust encryption, timely updates, and cautious app usage. However, the ever-evolving nature of cyber threats means no one is entirely safe. Staying informed and vigilant is critical for anyone seeking to protect their digital privacy. While complete prevention may be impossible, reducing the risk to a manageable level is achievable with the right steps.
Introduction: Welcome back, friends, to the ongoing series titled “Concepts of CISSP.” Today, we’re diving into Domain 3, which focuses on Security Architecture and Engineering. Before we explore this domain, let’s recap the foundational concepts covered in Domains 1 and 2.
Recap of Domain 1 and 2: In Domain 1, we laid the groundwork by discussing the principles of information security, including confidentiality, integrity, availability, non-repudiation, and authenticity. These principles are fundamental in shaping a security framework, which organizations use to design effective security policies. We also examined various governance strategies to ensure that security policies align with organizational goals.
Moving on to Domain 2, we delved into asset security, focusing on the lifecycle of data within an organization. We explored the security controls necessary to maintain the desired level of confidentiality, integrity, and availability (CIA).
Security Architecture and Engineering: Domain 3 takes us deeper into the realm of security by exploring the architecture and engineering aspects. These concepts might seem straightforward, but within the context of CISSP, they carry significant weight.
What is Security Architecture?
Security architecture is essentially the design and organization of components, processes, and services that form the backbone of a secure system. Think of it as creating a high-level blueprint or structural organization that outlines how security measures are integrated into a system.
What is Security Engineering?
While architecture involves the design phase, engineering is about implementation. It’s the process of putting the architectural blueprint into action using standard methodologies to achieve the desired security outcomes.
Key Principles in Security Architecture and Engineering: Understanding the principles of security architecture and engineering is crucial. Much like the principles of information security, these principles guide the design and implementation of secure systems.
Architectural Principles
Two major bodies of knowledge provide the foundation for security architecture principles:
Saltzer and Schroeder’s Principles:
Economy of Mechanism: Simplify design to reduce the likelihood of errors.
Fail-Safe Defaults: Default settings should deny access unless explicitly granted.
Complete Mediation: Ensure every access to every resource is checked.
Open Design: The security of a system should not depend on secrecy of design.
Separation of Privilege: Multiple conditions should be required for access.
Least Privilege: Grant the minimal level of access necessary for tasks.
Least Common Mechanism: Minimize the sharing of mechanisms between users.
Psychological Acceptability: User interfaces should be designed for ease of use.
ISO/IEC 19249:2017 Principles:
Domain Separation: Separate different areas of functionality.
Layering: Structure the system in layers to mitigate threats.
Encapsulation: Restrict access to specific information.
Redundancy: Implement backup components to ensure reliability.
Virtualization: Create virtual versions of physical resources for better security.
Trusted Systems and Reference Monitors
A trusted system is a computer system that can enforce a specified security policy to a defined extent. This system includes a crucial component called a Reference Monitor—a logical part of the system responsible for making access control decisions.
To be considered a trusted system, certain criteria must be met:
Tamper-Proof: The system should resist unauthorized alterations.
Always Invoked: The security controls must always be active.
Testable: The system should be small enough to allow for independent verification.
Conclusion: In Domain 3, we focus on dissecting and understanding security architectures rather than creating them from scratch. This approach allows CISSP professionals to evaluate and enhance existing systems, ensuring they meet the highest security standards. By understanding the principles of security architecture and engineering, you can design and implement robust security measures that align with organizational goals.
References:
Saltzer, Jerome H., and Michael D. Schroeder. “The Protection of Information in Computer Systems.” Proceedings of the IEEE, vol. 63, no. 9, 1975, pp. 1278-1308.
ISO/IEC 19249:2017. Information technology – Security techniques – Design principles for secure systems. International Organization for Standardization, 2017.
National Security Agency (NSA). “Trusted Computer System Evaluation Criteria (Orange Book).” Department of Defense, 1983.
This foundational knowledge will prepare you for the upcoming discussions on the principles of security engineering and how to apply them effectively in real-world scenarios. Stay tuned for more in-depth exploration!
Detailed Video discussion:
Hello friends, welcome back. Welcome to this series, which I named as Concepts of CISSP. This is Domain 3, and in Domain 3, we will be dealing with security architecture and engineering. Architecture and engineering sound interesting, but before we dive into Domain 3, I will just give you a very high-level, quick recap of Domain 1 and Domain 2.
So, what we studied in Domain 1 was the foundation that is going to be followed in the rest of the domains, right? We discussed the principles of information security and how these principles take shape in a security framework, and how the framework can be used to design the security policy of a specific company or organization. With that in mind, we then looked into different governance strategies and how these security policies can be set into action to achieve organizational business goals. That was the crux of Domain 1.
There are different security principles like confidentiality, integrity, availability, non-repudiation, and authenticity—these are what we studied in Domain 1. In Domain 2, we looked into asset security. In asset security, we specifically examined the lifecycle of data or information, how it flows in an organization, and the different security controls we put in place to ensure that we achieve the organization’s desired CIA levels.
Now, in Domain 3, we are going to study more about the different architectures and frameworks, and the security models we use to achieve the desired security outcomes of an organization. We’ll be dealing with two key terms here: architecture and engineering. We all have a rough idea of what architecture and engineering are, but if we look into the perspective of CISSP, we will see that security architecture and engineering—if we look into what is architecture—architecture is basically the design and organization of components, processes, and services, right? This is what security architecture is: we are designing and organizing it into some sort of structural organization, a high-level block diagram, and that gives rise to security architecture. So, when we talk about security architecture, we will be talking about components, processes, and services.
What is engineering? Engineering is basically the implementation part of security architecture. Implementation is not in the architecture; it’s the next phase of the overall security solution design. So first, we design, making a blueprint which is the architecture. What do we do in architecture? We design and organize components, processes, and services, and then we implement those using some standard methodology—that is the engineering methodology. This is what we are going to do in the coming discussions in Domain 3. There are more interesting things to come: we’ll be discussing the principles of engineering and architecture.
As we’ve seen with the principles of information security and how these principles give rise to a security framework or policy, similarly, we have to look into the different principles of security architecture and engineering, and how these can give rise to a secure system. The term architecture and engineering might give the impression that we are going to design some product, but when it comes to CISSP, and the CISSP exam specifically, we are not dealing with designing a security product. Our approach is a bit backward; we are dissecting the product or service to see how the security is engineered and implemented.
We should not have the idea that we are going to design a secure product. Designing a secure product also needs information or knowledge, which is part of the CISSP curriculum, but in the world where CISSP professionals operate, in the majority of the domains, it is basically the implementation. When we talk of the architecture, we are not architecting a semiconductor chip or a computer. That also requires a foundational understanding of how we architect something securely or how we implement something securely, but here we are using those blocks, those components, to achieve an organization’s security objectives.
Our understanding of architecture and implementation is like the way we architect a cloud service in Azure and AWS. We take different services and design in a Lego-like manner on Visio or a drawing board, then we see what security objectives we are going to achieve. This is the way we will approach it. We’ll discuss the principles, then how these principles are modeled using industry models, and how they are implemented.
If we go to my drawing board now, I have explained that security architecture and engineering are basically the design and organization of components, processes, and services. This is something you should keep in mind as a definition. When it comes to engineering, engineering is basically the implementation of the design and organization. Any creation we conceive and produce is a two-step process: first, we think of it and make some sort of blueprint, which is the architecture, and then we implement it. There’s a famous saying, “measure twice and hammer once.” So, a great deal of attention has to be given to the architecture phase of the process, and then we implement it. If we have given enough consideration, enough security concentration, in architecting a service, our implementation will be easy, with no rework. But if the architecture is rushed to achieve business objectives and security is sidelined, there will be many problems.
The process of security architecture in an organization or company follows three steps: first, we do a risk assessment, then we identify and agree on the identified risks, and then we address the risks using secure design. We go with standard security mitigation processes like accepting the risk, avoiding the risk, mitigating the risk, or transferring the risk. All these can be addressed with a secure design. The secure design addresses how we actually deal with the identified risks of a system or organization.
Now, secure design principles, as I already explained, go hand-in-hand with what we studied in Domain 1, where we have information security principles that take the form of a framework and give rise to a policy, which is used to govern the organization. Similarly, we have design principles here. When we talk about design principles, there are two major bodies of knowledge that produce these principles, which we should be aware of: one is Saltzer and Schroeder’s principles, and another is ISO/IEC 19249:2017’s set of design principles. We will look briefly into these principles and what they entail.
When it comes to Saltzer and Schroeder’s principles, there are eight architectural principles plus two more architectural principles borrowed from physical security. These eight architectural principles are: economy of mechanism, fail-safety, complete mediation, open design, separation of privilege, least privilege, least common mechanism, and psychological acceptability. The two additional principles, work factor and compromise recording, come from traditional physical security.
When it comes to ISO/IEC 19249 design principles, they differentiate between architectural principles and design principles. In architectural principles, they have five distinct principles: domain separation, layering, encapsulation, redundancy, and virtualization. For design principles, they have least privilege, attack surface minimization, centralized parameter validation, centralized general security services, and preparation for error and exception handling.
I explained that there are two major bodies of knowledge: ISO/IEC 19249 and Saltzer and Schroeder’s principles. You can refer to the official CBK book for more details on this, and we will be going into each principle to better understand how CISSP questions are framed around these principles.
Another major topic related to understanding design principles and design models is something called a trusted system. So, what is a trusted system? A trusted system is a computer system that can be trusted to a specified extent to enforce a specified security policy. It’s a theoretical concept. If you are creating any computer system or architecture that provides a service, a trusted system is one that can be trusted to a certain extent, as mentioned in the definition, to enforce a specified security policy. We can’t have a situation of 100% or 0% policy; we have to agree on a baseline, and that baseline will tell us what the specified security policy is. The level of trust we can have in the system is an attribute of the trusted system.
Now, the trusted system makes use of a term called reference monitor, which we should also know. So, what is a reference monitor? A reference monitor is basically an entity or a component of a trusted system. It is the logical part of the computer system and is responsible for all decisions related to access control. So, whenever you hear the term reference monitor, you should know that it is a component primarily dealing with access control to the trusted system. A reference monitor is a module, entity, or component of a trusted system that makes decisions regarding access control, such as who can access what resource, for how long, and with what privilege or authorization levels. This will be the topic of reference monitors.
Now, a trusted system has a reference monitor, and with that, there are certain expectations. The trusted system should be tamper-proof, always be invoked, which we will discuss more in Saltzer and Schroeder’s principle of complete mediation, and be small enough to be tested independently. If the trusted system is too large to test its firmware separately, it defies its purpose.
In 1983, the United States Department of Defense published the Orange Book, also called TCSEC (Trusted Computer System Evaluation Criteria). It describes the features and assurances that users can expect from a trusted system. It gives a sort of scale or benchmark to measure how trusted a system is or to what level a user can trust a system.
A trusted system, as I already explained, includes the concept of a trusted system, reference monitor, and the expectations from a trusted system. Now, with this trusted system, when it comes to TCSEC, they introduced the term trusted computing base (TCB). A trusted computing base is a combination of hardware, software, and firmware responsible for the security policy of an information system. You may have a system with functional parts, input/output, memory, CPU, and everything, but a portion of the system is responsible for its security. That portion is called the trusted computing base. The trusted computing base is a logical structure, and it has a lot to do with hardware, software, and firmware.
We need to know that any system can be divided into functional blocks and security blocks. The trusted computing base deals with the security block of the system. It enforces the security policy, and we can trust it to a certain level.
Now, as we saw in Domain 1, security controls can be administrative, physical, or technical. The administrative control comes from a trusted computing base, which is logical. The trusted computing base is where technical security controls reside, right? So, administrative controls are the administrative part of an organization; the trusted computing base gives technical controls. These technical controls are in the form of access controls, encryption, etc. They are found in the trusted computing base, which is logically part of the system.
The trusted computing base consists of a reference monitor, which we discussed earlier. The reference monitor must have a security kernel, which is a core component of the reference monitor. The security kernel is responsible for enforcing the security policy and should meet three essential conditions: isolation, verifiability, and mediation. Isolation means the security kernel must be isolated from the rest of the system, verifiability means it must be verifiable through independent testing, and mediation means it should mediate or control access to resources.
The security kernel is at the heart of the reference monitor, and the reference monitor is at the heart of the trusted computing base. This gives rise to a secure system, which is a combination of the trusted computing base, the security kernel, and the reference monitor. We need to understand this because questions in CISSP might test our understanding of how the trusted computing base, security kernel, and reference monitor work together.
One final thing we need to touch on is the different security models we use in security architecture and engineering. There are several models, but the main ones are the Bell-LaPadula model, the Biba model, the Clark-Wilson model, the Brewer-Nash model, and the Harrison-Ruzzo-Ullman model.
The Bell-LaPadula model focuses on maintaining data confidentiality and controls access to information based on security classifications. The Biba model is concerned with data integrity and prevents unauthorized users from modifying data. The Clark-Wilson model ensures that transactions are performed correctly, enforcing integrity through well-formed transactions and separation of duties. The Brewer-Nash model, also known as the Chinese Wall model, prevents conflicts of interest by restricting access to information based on the user’s previous interactions. The Harrison-Ruzzo-Ullman model focuses on access control and the management of user permissions.
We’ll discuss these models in more detail in future sessions, but it’s important to understand the basics of each model and how they contribute to security architecture and engineering. Each model has its strengths and weaknesses, and they are used in different contexts to achieve specific security objectives.
That concludes our overview of security architecture and engineering. In the next session, we’ll dive deeper into the principles of design and architecture, and we’ll explore how these principles are applied in real-world scenarios. Thank you for watching, and I look forward to continuing our journey through Domain 3 of the CISSP curriculum.
08:00 AM A group of sophisticated cybercriminals identifies a vulnerability in the CrowdStrike Falcon software, based on the incident from July 2024. They exploit an unpatched version running on the IT systems of a major metropolitan hospital and an international airline.
09:30 AM The attackers breach the hospital’s network through a compromised endpoint, gaining access to the internal systems. Simultaneously, they infiltrate the airline’s network, targeting critical operational systems.
11:00 AM Malware is quietly installed on both networks. The ransomware is set to initiate a coordinated attack designed to maximize disruption. The attackers spend the next few hours exploring the networks, identifying key systems, and ensuring they have control over backups and critical infrastructure.
Day 2: Attack Initiation
07:00 AM The ransomware is activated across the hospital’s network, encrypting patient records, diagnostic equipment, and critical medical databases. Simultaneously, the airline’s systems are attacked, with operational software and booking systems being encrypted.
07:15 AM Hospital staff discover that their systems are inaccessible. Alarms and diagnostic tools start malfunctioning, creating confusion and panic among medical personnel.
07:30 AM At the airline’s main hub, boarding systems, check-in kiosks, and flight scheduling systems fail. Flights are delayed, and passengers are left stranded, unaware of the unfolding cyberattack.
Day 3: Escalation and National Impact
08:00 AM News of the hospital’s IT outage spreads quickly. Emergency procedures are activated, and patients in critical care are transferred to other hospitals, causing strain on neighboring medical facilities.
09:00 AM The airline cancels all flights from major airports due to the ransomware attack. Passengers are stuck in terminals, causing massive delays and overcrowding. The airline’s customer service lines are overwhelmed with calls.
10:00 AM The attackers demand a ransom of $50 million in cryptocurrency to decrypt the hospital and airline systems. They threaten to release sensitive patient data and airline customer information if the ransom is not paid within 48 hours.
Day 4: Government and Public Response
08:00 AM The government issues a national emergency declaration. Cybersecurity experts from federal agencies are dispatched to assist in resolving the situation.
09:30 AM News outlets report on the ransomware attack, causing widespread public panic. The stock market reacts negatively, with shares in healthcare and airline industries plummeting.
11:00 AM Hospitals nationwide are put on high alert. The Department of Health and Human Services coordinates with other hospitals to manage the overflow of patients.
01:00 PM The airline’s CEO holds a press conference, apologizing for the disruptions and assuring the public that they are working to resolve the issue. The Federal Aviation Administration (FAA) is involved in managing the air traffic chaos.
Day 5: Crisis Management and Mitigation
08:00 AM Federal cybersecurity teams begin working with the hospital and airline to contain the ransomware spread and assess the damage. Efforts are made to restore critical systems using backup data.
10:00 AM The attackers release a sample of stolen data to demonstrate their seriousness. The hospital’s and airline’s reputations take a severe hit as the public fears for their personal information.
12:00 PM Negotiations with the attackers are initiated, but progress is slow. Alternative plans are developed to restore systems without paying the ransom.
04:00 PM A temporary workaround is implemented for the hospital to access basic patient care systems. The airline begins manually processing flight schedules to resume limited operations.
Day 6: Resolution Efforts and Aftermath
08:00 AM Federal agencies successfully decrypt parts of the ransomware. The hospital’s critical systems are gradually restored, although many patient records remain encrypted.
09:00 AM The airline resumes more flights, but a full recovery is still weeks away. Thousands of passengers are still affected, and compensations are being arranged.
12:00 PM Public health advisories are issued to mitigate the spread of misinformation and panic. Government officials hold briefings to reassure the public and outline steps being taken.
Day 7: Recovery and Reflection
08:00 AM Both the hospital and airline begin a thorough review of their cybersecurity measures. Plans for stronger defenses and better incident response strategies are developed.
10:00 AM The government announces a new cybersecurity initiative aimed at critical infrastructure protection, emphasizing the need for advanced threat detection and response systems.
02:00 PM The attack becomes a case study for cybersecurity experts worldwide, highlighting the importance of robust security protocols and the dangers of an expanded attack surface.
This fictional scenario, while hypothetical, demonstrates how vulnerabilities exposed in a significant incident like the CrowdStrike breach can lead to catastrophic consequences. The ripple effect of such an attack can disrupt essential services, create national chaos, and prompt a reevaluation of cybersecurity strategies across industries. It underscores the critical need for constant vigilance, advanced security measures, and comprehensive response plans to protect against the ever-evolving landscape of cyber threats.
The CrowdStrike incident in July 2024, which resulted in the blue screen of death (BSOD) affecting millions of Windows computers globally, not only highlighted vulnerabilities within IT infrastructure but also potentially handed malicious actors new clues about weak points to exploit. This incident underscores the increased attack surface area and the heightened risk of future attacks targeting critical infrastructures such as shopping malls, airports, hospitals, and other essential services.
An attack surface refers to the various points within a system or network that could be vulnerable to exploitation by attackers. The CrowdStrike incident has inadvertently revealed new attack vectors, potentially increasing the attack surface in several ways:
Critical Infrastructure Vulnerabilities
Airports and Airlines: The disruption caused flight delays and cancellations, exposing the vulnerabilities in the IT systems of airlines and airports. Attackers now see these systems as potential targets for future attacks, aiming to cause widespread chaos and economic damage.
Hospitals and Healthcare Services: The incident highlighted the susceptibility of hospital IT systems, where even minor disruptions can have life-threatening consequences. Attackers could exploit these vulnerabilities to launch ransomware attacks or disrupt critical medical services.
Shopping Malls and Retail Services: Retail services were also affected, indicating vulnerabilities in the digital payment systems and supply chain management. Future attacks could aim to steal customer data, disrupt sales, or manipulate inventory systems.
Increased Interconnectivity
The interconnected nature of modern IT systems means that an attack on one system can ripple out to affect many others. The CrowdStrike incident demonstrated how interconnected services, from cloud providers to local networks, can be impacted, making the entire ecosystem more vulnerable.
Remote Work and Digital Transformation
The rise of remote work and the accelerated digital transformation in various sectors have expanded the attack surface. Remote work setups often rely on less secure home networks, which can be exploited by attackers to gain access to corporate networks.
Supply Chain Attacks
The incident showed how updates and third-party software can be vectors for attacks. Attackers might focus more on supply chain attacks, targeting software vendors and service providers to infiltrate their customers’ systems.
Potential Future Attacks
Given the expanded attack surface, several types of attacks could become more prevalent in the future:
Ransomware Attacks
Ransomware attacks on critical infrastructure like hospitals, airports, and retail networks can cause significant disruption and compel organizations to pay hefty ransoms to restore their operations. The heightened awareness of these vulnerabilities may lead attackers to increasingly target these sectors.
DDoS Attacks
Distributed Denial of Service (DDoS) attacks can overwhelm the systems of airports, airlines, and large retail chains, causing outages and service disruptions. These attacks could be timed to coincide with peak periods, such as holiday travel seasons or major sales events, to maximize impact.
Data Breaches and Theft
Attackers may focus on stealing sensitive data from hospitals and retail networks, such as patient records and customer payment information. This data can be sold on the dark web or used for identity theft and financial fraud.
Advanced Persistent Threats (APTs)
APTs involve attackers infiltrating networks and remaining undetected for extended periods, gathering intelligence, and causing damage. Critical infrastructure and large corporations could be prime targets for such sophisticated attacks.
Mitigating the Risks
To combat these potential threats, organizations must adopt robust security measures:
Enhanced Security Protocols
Organizations must implement comprehensive security protocols, including regular updates and patches, multi-factor authentication, and advanced threat detection systems.
Employee Training and Awareness
Employees should be trained to recognize phishing attempts and other common attack vectors. Regular security awareness training can significantly reduce the risk of successful attacks.
Network Segmentation
Segmenting networks can limit the spread of an attack and protect critical systems. By isolating sensitive areas of the network, organizations can contain breaches and minimize damage.
Incident Response Planning
Having a well-defined incident response plan is crucial. Organizations must be prepared to respond swiftly and effectively to minimize the impact of any security breaches.
Collaboration and Information Sharing
Collaboration between organizations and government agencies can enhance overall security. Sharing information about threats and vulnerabilities can help organizations stay ahead of potential attacks.
Conclusion
The CrowdStrike incident of July 2024 has not only exposed critical vulnerabilities in our digital infrastructure but also expanded the potential attack surface for malicious actors. By understanding these vulnerabilities and adopting proactive security measures, organizations can better protect themselves against future threats. It is imperative to recognize that as our digital world evolves, so too must our strategies to safeguard it, ensuring resilience against the ever-growing landscape of cyber threats.
Important References
“Security Engineering: A Guide to Building Dependable Distributed Systems” by Ross Anderson
“Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems” by Heather Adkins, et al.
“Zero Trust Networks: Building Secure Systems in Untrusted Networks” by Evan Gilman and Doug Barth
Research Paper: “Network Segmentation: Architecture and Use Cases” by the SANS Institute
In July 2024, the digital world was rocked by a significant event: the CrowdStrike incident. In this blog post, we’ll delve into what happened, why it happened, and how the issue is being resolved. This incident, involving CrowdStrike’s Falcon software, caused disruptions to over 8 million Windows computers globally, impacting critical services and daily operations for millions. Let’s explore these aspects in detail.
What Happened?
On July 19, 2024, millions of Windows computers experienced the infamous “Blue Screen of Death” (BSOD). This event didn’t just affect individual users but had widespread ramifications, disrupting businesses, airlines, hospitals, and other critical services worldwide. As a result, many missed flights, appointments, and other important engagements, illustrating the extensive reach of this disruption.
The BSOD is a common indicator of severe system failure in Windows computers, often caused by critical errors at the kernel level, which is the core part of the operating system responsible for managing hardware and system resources.
Why Did It Happen?
To understand why this happened, we can use the analogy of a castle. Imagine a castle with multiple security layers: the outer perimeter (area one) and the innermost secure area (area zero). In a computer system, these areas are analogous to ring levels, with ring zero representing the most secure part of the system (kernel mode), where the operating system and critical drivers run, and ring one representing user mode, where applications operate.
CrowdStrike’s Falcon software, an advanced anti-malware solution, operates at ring zero. This high-level access allows it to effectively monitor and prevent malware but also means that any issue with Falcon can directly impact the core functions of the operating system.
On July 19th, a dynamic update to Falcon included an incorrect or corrupted file. Despite the Falcon software being certified by Microsoft’s Windows Hardware Quality Labs (WHQL), the update led to a critical failure. The incorrect file caused the Falcon driver, running in kernel mode, to malfunction, leading to the widespread BSOD incidents. This highlights a critical issue in software quality assurance (QA) processes, especially for updates that affect core system components.
How Is It Being Resolved?
Resolving this issue involves multiple steps. Initially, CrowdStrike pushed out a corrected update. However, systems that had already experienced the BSOD required more direct intervention. The recommended approach for affected computers is to reboot into safe mode, manually locate and delete the problematic files associated with the Falcon update, and then reboot the system.
For large-scale deployments, such as servers in data centers that may not have direct user interfaces, additional steps and possibly scripting are necessary to manage the recovery process. Furthermore, systems using security features like BitLocker require even more intricate procedures to recover.
Microsoft has also updated its recovery tools to assist IT administrators in expediting the repair process. These tools offer options like booting from a Windows Preinstallation Environment (WinPE) or recovering from safe mode to facilitate the removal of the faulty update.
Avoiding Future Incidents
To prevent such incidents in the future, enhanced QA processes for updates are crucial. This includes thorough testing of all components, not just the core software but also any dynamic updates. Additionally, reconsidering the operational mode of critical security software like Falcon might be necessary. Running such software in user mode rather than kernel mode could mitigate the risk of entire system failures, albeit potentially at the cost of some efficiency in malware detection.
The CrowdStrike incident of July 2024 serves as a stark reminder of the vulnerabilities inherent in our interconnected digital world. While the immediate causes of the incident have been addressed, it raises important questions about how to prevent similar occurrences in the future. Two critical strategies that can enhance overall security and resilience are the adoption of Secure by Design principles and the implementation of network segmentation. Let’s explore how these approaches can mitigate risks and potentially prevent incidents like the CrowdStrike disruption.
Secure by Design Principles
Secure by Design (SbD) is an approach that integrates security from the very beginning of the software development lifecycle. This principle ensures that security considerations are embedded into every stage of development, from initial design to deployment and maintenance. Here’s how SbD could have impacted the CrowdStrike incident:
Early Threat Modeling
Incorporating threat modeling at the design phase helps identify potential vulnerabilities and attack vectors. If CrowdStrike had implemented a thorough threat modeling process, it might have identified the risks associated with running their software in kernel mode (ring zero), where any failure could lead to a system-wide crash.
Code Review and Static Analysis
Regular code reviews and static analysis can catch bugs and vulnerabilities early in the development process. Comprehensive testing, including stress testing and failure mode analysis, could have identified the problematic update before it was released, preventing the blue screen of death (BSOD) incidents.
Continuous Integration and Continuous Deployment (CI/CD) with Security Checks
Integrating automated security checks into the CI/CD pipeline ensures that every code change is tested for security issues before deployment. This approach can significantly reduce the risk of deploying updates with critical vulnerabilities.
Network Segmentation
Network segmentation involves dividing a network into smaller, isolated segments to limit the spread of potential threats and contain breaches. This strategy can significantly enhance the security posture of an organization by minimizing the impact of security incidents. Here’s how network segmentation could have mitigated the effects of the CrowdStrike incident:
Isolation of Critical Systems
By isolating critical systems and services into separate network segments, organizations can prevent the spread of issues from less critical areas. For instance, if critical systems in hospitals or airlines had been segmented away from general-purpose user systems, the BSOD incidents might have been contained, reducing the overall impact.
Minimizing Attack Surfaces
Segmentation reduces the attack surface by limiting access to sensitive systems. If the CrowdStrike Falcon software had been deployed in a segmented manner, with its updates and communications restricted to a controlled environment, the faulty update might have been identified and contained before reaching all systems.
Improved Monitoring and Incident Response
Segmentation allows for more granular monitoring and quicker incident response. Security teams can focus their efforts on specific segments, making it easier to detect anomalies and take corrective actions. This could have sped up the identification and resolution of the faulty Falcon update.
By understanding these key aspects of the CrowdStrike incident, we can appreciate the complexity of maintaining secure and reliable systems in an increasingly interconnected world. Stay vigilant and informed to navigate these challenges effectively.
Hello friends, welcome back! In this blog post, we will delve into the March 1976 research paper by Elliott Bell and Leonard LaPadula, commonly referred to as the Bell-LaPadula model. This landmark research paper, titled “Secure Computer System Unified Exposition and Multics Interpretation,” is foundational in the field of computer security. It provides a unified framework for understanding secure computing systems, building upon prior works that established mathematical foundations for security.
Background on Multics
Multics, which stands for Multiplexed Information and Computing Service, was an influential early time-sharing operating system. It began as a research project at MIT in 1965 and remained in use until 2000. Multics was a mainframe time-sharing operating system based on the concept of single-level memory, which played a critical role in the development of secure computing systems.
Structure of the Research Paper
The Bell-LaPadula research paper is divided into four sections:
Introduction: Provides an overview of the paper’s objectives and significance.
Narrative Description of the Security Model: Explains the security model in a manner accessible without deep mathematical knowledge.
Mathematical Description: Details the mathematical foundations of the model.
Security Kernel Design: Discusses the design and technical aspects of the security kernel.
For the purposes of this blog post, we will focus on Section 2, the narrative description, which is particularly relevant for understanding the Bell-LaPadula model and its application in CISSP exams.
The Bell-LaPadula Model: Key Concepts
The Bell-LaPadula model describes a secure computing system with three main facets: elements, limiting theorems, and rules. These facets are crucial for understanding how secure systems are designed and operated.
Descriptive Capability (Elements): These are the fundamental components of the security model, similar to how a model of a car includes wheels, a body, and a steering wheel. In a secure computing system, elements include subjects (users or processes) and objects (files, databases).
Limiting Theorems (General Mechanism): These theorems describe how the security system operates, governing the interactions between subjects and objects. They ensure that access control policies are enforced, maintaining the security of the system.
Rules (Specific Solutions): These are the specific rules that apply in certain situations, ensuring that the security policies are upheld in various contexts.
Elements and Access Attributes
In the Bell-LaPadula model, elements are any components relevant to the security of classified information stored in a computer system. The model distinguishes between subjects (active entities) and objects (passive entities).
Access between subjects and objects can occur in different modes, known as access attributes. These include:
Execute [ E ]: No observation or alteration.
Read [ R ]: Observation but no alteration.
Append [ A ]: Alteration but no observation.
Write [ W ]: Both observation and alteration.
These access attributes are critical for defining the interactions within a secure system.
System State and Security Levels
The system state in the Bell-LaPadula model is defined by four values:
Current Access Set (B): Indicates the current interactions between subjects and objects, including their access attributes.
Hierarchy Function (H): Represents the object structure.
Access Permission (M): The access matrix, detailing which subjects can access which objects and in what mode.
Level Function (F): Defines the classification levels and categories of data.
Security levels are a combination of classifications (e.g., top secret, secret) and categories (e.g., finance, HR). The model ensures that subjects can only access objects if their security level dominates the object’s security level.
Key Security Properties
The Bell-LaPadula model is based on three key security properties:
Simple Security Property (No Read Up): A subject cannot read data at a higher security level than their own.
Star Property (No Write Down): A subject cannot write data to a lower security level.
Discretionary Security Property: Access control is enforced through an access matrix, allowing for discretionary access control.
These properties ensure that the confidentiality of information is maintained within the system.
Limitations of the Bell-LaPadula Model
While the Bell-LaPadula model is foundational for understanding secure computing systems, it has certain limitations. It does not support file sharing and networking, and it does not address covert channels.
Conclusion
The Bell-LaPadula model provides a structured framework for understanding and implementing secure computing systems, focusing on maintaining the confidentiality of information. Its principles are foundational for CISSP exams and for the broader field of information security.
For further reading, consider the following references:
“Security Engineering: A Guide to Building Dependable Distributed Systems” by Ross Anderson
“Computer Security: Art and Science” by Matt Bishop
“Operating System Concepts” by Abraham Silberschatz, Peter Baer Galvin, and Greg Gagne
Understanding these concepts and their applications will provide a strong foundation for anyone pursuing a career in information security.
Hope you enjoyed this blog post. Best of luck with your CISSP exam, and stay tuned for more discussions on models like Biba and Clark-Wilson in our upcoming posts!
Cryptography might seem uninteresting or daunting if not properly introduced. For those not involved in networking, network security, or security engineering, this topic can be quite challenging. However, understanding cryptography is crucial in today’s digital world. Drawing from my own experience as an electronics and communication engineering graduate, I know that even with a technical background, grasping this topic takes time and effort.
In this blog post, I will decode cryptography and provide a comprehensive overview. This post will serve as a one-stop guide to understanding the fundamentals of cryptography, including symmetric and asymmetric cryptography, key wrapping, digital signatures, digital envelopes, and public key infrastructure (PKI). Due to the complexity and depth of the topic, I will cover these aspects across multiple posts.
Introduction to Cryptography
Cryptography is the art and science of securing information by transforming it into an unreadable format. The primary goal is to protect data confidentiality, integrity, and availability (CIA triad). To understand these concepts, let’s consider a simple scenario.
Imagine two users, A and B, who want to communicate securely over an insecure public network, such as the Internet. If an adversary, C, intercepts their communication, the confidentiality of the message is compromised. This is where encryption comes in. By encrypting the message, even if C intercepts it, they cannot read its contents without the decryption key.
Encryption: Ensuring Confidentiality
Encryption is a fundamental tool in cryptography used to maintain data confidentiality. It transforms plaintext (readable data) into ciphertext (unreadable data) using an encryption key. Only those with the corresponding decryption key can revert the ciphertext back to plaintext.
Example Scenario:
Plaintext (M): The original message.
Encryption: M is encrypted using an encryption key, resulting in ciphertext.
Transmission: The ciphertext is sent over the insecure network.
Decryption: The intended recipient uses the decryption key to convert the ciphertext back to plaintext.
In this scenario, encryption ensures that even if the message is intercepted by an unauthorized party, the confidentiality remains intact.
Key Concepts in Cryptography
Symmetric Cryptography: Uses the same key for both encryption and decryption. Examples include AES (Advanced Encryption Standard) and DES (Data Encryption Standard).
Asymmetric Cryptography: Uses a pair of keys—a public key for encryption and a private key for decryption. Examples include RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography).
Key Wrapping: A technique to securely encrypt encryption keys.
Digital Signatures: Provide authenticity and integrity by allowing the recipient to verify the sender’s identity and ensure the message has not been altered.
Digital Envelopes: Combine symmetric and asymmetric encryption to provide efficient and secure message transmission.
Public Key Infrastructure (PKI): A framework that manages digital certificates and public-key encryption to secure communications.
Practical Applications and Future Posts
In the next posts, we will dive deeper into these concepts and explore their practical applications. Understanding cryptography is essential for securing digital communications and protecting sensitive information from unauthorized access.
Stay tuned as we continue to unravel the complexities of cryptography. Best of luck with your CSSP exams. If you have any questions, comments, feedback, or suggestions, feel free to leave them below.
References
Books:
“Cryptography and Network Security: Principles and Practice” by William Stallings. This book provides a comprehensive introduction to the principles and practice of cryptography and network security.
“Applied Cryptography: Protocols, Algorithms, and Source Code in C” by Bruce Schneier. This book is a practical guide to modern cryptography and covers a wide range of cryptographic techniques and applications.
Research Papers:
Diffie, W., & Hellman, M. (1976). “New Directions in Cryptography.” This seminal paper introduced the concept of public-key cryptography.
Rivest, R. L., Shamir, A., & Adleman, L. (1978). “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems.” This paper introduced the RSA algorithm, a widely used asymmetric encryption technique.
Articles:
“The History of Cryptography” by Paul M. Garrett. This article provides an overview of the historical development of cryptographic techniques.
“Understanding the CIA Triad” by Jonathan S. Weissman. This article explains the importance of confidentiality, integrity, and availability in information security.
By leveraging these resources, you can gain a deeper understanding of cryptography and its essential role in securing modern communications.
Hello friends, today we’ll delve into the concepts of AAA in security. AAA stands for Authentication, Authorization, and Accounting. In this post, we’ll discuss what it means to implement AAA in a system or security policy, define these terms precisely, and provide examples of how AAA is achieved in various systems. We’ll also explore some related concepts to provide a comprehensive understanding.
Introduction to AAA
Authentication
Authentication is the process of verifying the identity of a subject attempting to access a system. It involves proving that the claimed identity of a subject, which can be a user or a service, is genuine. This process can involve various methods, including password verification, biometric checks, or database lookups. For a more detailed understanding, refer to Security Engineering by Ross Anderson (3rd Edition) .
Authorization
Authorization is the subsequent process that defines what an authenticated subject is allowed to do. Once the identity is verified, a set of rights or privileges is assigned to the user or service. These permissions dictate the actions that the subject can perform on certain resources or objects. To explore this further, see Computer Security: Art and Science by Matt Bishop .
Accounting
Accounting involves recording the actions performed by the subject and reviewing these records to ensure compliance and to hold subjects accountable for their actions. This process is crucial for tracking the use of resources and detecting any anomalies. For an in-depth look, refer to Security in Computing by Charles P. Pfleeger and Shari Lawrence Pfleeger (5th Edition) .
Detailed Breakdown of AAA
Identification
Identification is the claim made by a subject to be a specific identity. This could be a user claiming to be a particular individual or a service claiming to represent a specific function. The system responds to this claim by performing checks to validate the identity.
Authentication Process
During authentication, the system verifies the claimed identity by posing questions, checking credentials against a database, or using biometric methods. This ensures that the subject is who they claim to be. Authentication methods and their effectiveness are extensively covered in Applied Cryptography by Bruce Schneier .
Authorization Process
Authorization occurs after successful authentication. It involves assigning permissions to the subject, which dictate the resources and actions they are allowed to access or perform. This step is critical for maintaining security and ensuring that users have appropriate access levels. The principles of authorization are detailed in Access Control Systems: Security, Identity Management and Trust Models by Messaoud Benantar .
Auditing and Accounting
Auditing involves recording the actions performed by subjects within the system. This log of activities is crucial for later review. Accounting is the process of reviewing these logs to ensure compliance and detect any unauthorized activities. This distinction between auditing and accounting is highlighted in the CISSP Official (ISC)2 Practice Tests by Mike Chapple and David Seidl .
Monitoring
Monitoring involves actively looking into the audit logs, understanding them, and executing the process of accounting. It is possible to monitor a system without active auditing, but auditing cannot occur without some form of monitoring. This distinction is essential for effective security management. For further reading, consider The Practice of Network Security Monitoring: Understanding Incident Detection and Response by Richard Bejtlich .
Example Scenario
To illustrate these concepts, consider a user needing access to a computer terminal:
Identification: The user claims their identity, such as by entering a username (e.g., RS123).
Authentication: The system verifies this claim by checking the username against a database and requesting a password.
Authorization: Once authenticated, the system assigns specific permissions to the user, such as access to certain drives or files.
Auditing: The system records the user’s actions in a log file.
Accounting: These logs are reviewed periodically to ensure compliance and detect any violations.
This example aligns with the best practices described in Network Security Essentials: Applications and Standards by William Stallings .
Conclusion
Understanding AAA—Authentication, Authorization, and Accounting—is fundamental for implementing robust security policies in any system. By correctly applying these concepts, organizations can ensure that users are properly identified, authenticated, and authorized, and that their actions are recorded and reviewed for compliance.
If you have any comments or suggestions to improve this content, please let me know. This is my first experiment with online tutoring, and I appreciate any feedback. Thank you very much for reading!
References
Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons.
Bishop, M. (2003). Computer Security: Art and Science. Addison-Wesley.
Pfleeger, C. P., & Pfleeger, S. L. (2015). Security in Computing. Pearson.
Schneier, B. (1996). Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley.
Benantar, M. (2006). Access Control Systems: Security, Identity Management and Trust Models. Springer.
Chapple, M., & Seidl, D. (2018). CISSP Official (ISC)2 Practice Tests. Sybex.
Bejtlich, R. (2013). The Practice of Network Security Monitoring: Understanding Incident Detection and Response. No Starch Press.
Stallings, W. (2017). Network Security Essentials: Applications and Standards. Pearson.
Hello friends. In this blog post, we will be doing a quick recap, a sort of revision, of what we have discussed so far about the security framework, information security policy, and the CIA triad—confidentiality, integrity, and availability. This recap is based on Visio drawings I developed while preparing for CISSP some time back. These drawings serve as a memory map to consolidate all the concepts in one place. Let’s dive in, and hopefully, this will be more interesting than previous discussions, thanks to its pictorial representation.
Security Framework and Policy Development
Firstly, we select a security framework and then develop an information security policy around this framework. Our policy will focus on a framework or a set of frameworks, depending on the business requirement. This decision is explained in a three-step process:
Security Initiation: We choose a framework based on the type of business we have, whether it is telco, healthcare, financial institution, or government organization. This is a crucial step.
Security Fine-Tuning: Security is refined using security evaluation, which could include risk assessment, vulnerability assessment, or penetration testing. We tailor the initial security framework to suit the specific needs of the organization.
Policy Conception: As a result of the first two steps, the organization’s security policy is conceived.
A security framework provides a starting point for implementing security. When designing security, we need to ensure:
Security is treated as an element of business management.
It supports the organization’s objectives, mission, and goals.
Security is a continuous journey, evolving with business requirements.
It is legally defensible and cost-effective.
The CIA Triad: Confidentiality, Integrity, and Availability
The CIA triad is the essence of the information security policy. It consists of three critical components:
Confidentiality: Prevents unauthorized access and protects the secrecy of data.
Integrity: Ensures the authenticity and genuineness of data.
Availability: Ensures that services, resources, or data are accessible to authorized users.
Each component is crucial, and their importance may vary depending on the specific business context.
Confidentiality
Confidentiality aims to prevent or minimize unauthorized access, protecting the secrecy of data or resources. Key terms related to confidentiality include:
Sensitivity: The quality of data, often used in government organizations.
Discretion: The act of deciding on the disclosure of documents.
Criticality: Signifies the importance to business.
Concealment: Preventing disclosure, sometimes through security by obscurity.
Secrecy: Keeping data secret.
Privacy: Pertains to personally identifiable information.
Seclusion and Isolation: Storing data off-site (seclusion) or keeping it separate (isolation).
Integrity
Integrity is about maintaining the authenticity and genuineness of data. Terms associated with integrity include:
Accuracy: Having precise and correct values.
Truthfulness: The true reflection of reality.
Validity: Data should be factually correct and logically sound.
Accountability: Responsibility for the integrity of the data.
Responsibility: Having control.
Completeness: Providing a complete and truthful picture.
Comprehensiveness: Covering the entire scope of the intended objective.
The goal of integrity is to facilitate authorized changes while preventing unauthorized alterations, protecting the reliability and correctness of data.
Availability
Availability ensures that services, resources, or data are accessible to authorized users. Key terms related to availability include usability, accessibility, and timeliness. The goal of availability is timely and uninterrupted access to objects for authorized subjects.
Reverse of CIA: Disclosure, Alteration, and Destruction
The inverse of the CIA triad is DAD: Disclosure, Alteration, and Destruction. Disclosure involves unauthorized access, alteration involves unauthorized changes, and destruction makes data unavailable.
Additional Concepts: Non-repudiation and Authentication
Non-repudiation and authentication are also crucial concepts:
Authentication: Verifies the source, ensuring that the person claiming to be someone is actually that person.
Non-repudiation: Ensures that the sender cannot deny their participation in the communication.
References for Further Reading
Books:
Whitman, M. E., & Mattord, H. J. (2018). Principles of Information Security. Cengage Learning.
Stallings, W. (2019). Network Security Essentials: Applications and Standards. Pearson.
Research Papers:
Schneier, B. (1999). Attack Trees. Dr. Dobb’s Journal of Software Tools.
Bishop, M. (2003). What is Computer Security?. IEEE Security & Privacy, 1(1), 67-69.
Articles:
“Understanding the CIA Triad” (2020). Infosec Institute. Link
“The Importance of Confidentiality, Integrity, and Availability in Information Security” (2021). CSO Online. Link
News:
“Data Breaches and the CIA Triad: Lessons from Major Incidents” (2022). Security Magazine. Link
By understanding and applying these principles, organizations can create a robust information security policy that supports their business objectives and adapts to changing requirements.
Thanks for reading. If you have feedback or comments, please put them in the comment section so I can improve further.
CISSP Made Easy 