The CIA triad is one of the most important concepts in information security. I'm not referring to the well-known American intelligence agency. I'm talking about a model which explains the aims of cybersecurity implementation:
Confidentiality, Integrity, and Availability.
Ideally, you want your data to be confidential, have integrity, and be available whether you're working in your home office as I am, or you're running a massive datacenter. I'll explain the components and some of the information security measures which are designed to assure each component.
Confidentiality is all about making sure that data is accessible only to its intended parties. Attacks on confidentiality can include:
- Cracking encrypted data
- Man-in-the-middle attacks on plaintext data which is intended to be private (Why isn't it encrypted then?)
- An employee putting sensitive data on removable media such as SD cards or optical discs and giving it to unauthorized parties
- Installing spyware malware on a data server which has private information, in order to transmit its data to attackers
- Doxxing, which is leaking private information (such as social security numbers or phone numbers) about an individual or organization in order to do harm
The advent of cryptography is mainly about protecting confidentiality, but it also protects integrity. File and folder permissions, authentication vectors, and access control lists can also protect confidentiality. Confidentiality can also pertain to information which isn't digital. If your office has a paper shredder, using it on paper documents with private information is also an information security measure which protects confidentiality.
Integrity is all about making sure that data is kept properly intact without it being meddled with in an unauthorized way. Attacks on integrity can include:
- Penetrating a webserver in order to embed malware into webpages and web server-side scripting
- Maliciously accessing a financial server in order to falsify financial records
- Turning a machine into a “zombie computer” in order to control it through a botnet
Bruce Schneier sees cyber attacks to integrity as a growing problem in cybersecurity as the Internet of Things (IoT) becomes increasingly widespread. He wrote:
“We're heading toward a world where driverless cars will automatically communicate with each other and the roads, automatically taking us where we need to go safely and efficiently. The confidentiality threats are real: Someone who can eavesdrop on those communications can learn where the cars are going and maybe who is inside them. But the integrity threats are much worse.
Someone who can feed the cars false information can potentially cause them to crash into each other or nearby walls. Someone could also disable your car so it can't start. Or worse, disable the entire system so that no one's car can start.”
Cryptographic hashing is a useful security measure for protecting data integrity. MD5 and SHA1 are two widely implemented hashing algorithms. You may see those algorithms referenced when you're looking for an installer or source code for an application. When the developer posts the hash they used, you can make sure that the files you're receiving haven't been tampered with. Integrity can also be protected by preventing unauthorized access to data assets and computer targets, as with protecting confidentiality. Firewalls and authentication vectors are two ways to prevent unauthorized access.
Availability is all about making sure that data and computers are available as needed by authorized parties. Attacks on availability can include:
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks on servers
- Ransomware attacks, which encrypt data on targeted computers so that the authorized parties cannot use it, in order to compel the victim to pay a ransom to an attacker
- Deliberately disrupting a server room's power supply in order to take those servers offline
Some security measures to assure availability include backing up data to external drives, implementing IPS systems and firewalls in order to prevent DDoS attacks, having backup power supplies, and having redundant computers in a datacenter.
All cyber attacks have the potential to threaten one or more of the three parts of the CIA triad. I think the model is very important, because it can help security practitioners with risk assessment, asset management, and designing security measures. They can ask themselves, “What's the most important quality to protect for this data asset? Is it more important to protect this server's availability so that its downtime is kept to a minimum, or is confidentiality and integrity more important because its data is highly sensitive?”
Working in cybersecurity can mean juggling a lot of complex concepts and priorities in your head, and models like the CIA triad can offer clarity.