With vehicles becoming more connected and their systems relying more on complex networked information, protecting the information is a priority task. Think of information as all the bits and pieces that are gathered about something or someone. In a vehicle, information covers the details of the user, the information exchanged between electronic systems, and, even the software that is stored to make the systems work. Cybersecurity simply means that the information is protected against criminal or unauthorized use and/or that measures are taken to achieve this. When we analyze cybersecurity, the first step is to look into the C-I-A triad, which is a well-known model for cybersecurity development. C-I-A stands for Confidentiality, Integrity and Availability – these security concepts help to guide cybersecurity policies. Automotive systems and related infrastructure must be protected against deliberate or accidental compromise of confidentiality, integrity or availability of the information that they store, process and communicate without hindering safety and functionality. It is important to understand each of these concepts because all risks, threats and vulnerabilities are measured for their potential capability to compromise one or all of these principles.
The C-I-A triad is a very fundamental security model, but as with any model there is room for improvement; other attributes such as non-repudiation and authentication are important and needed to be considered too. But at least, ensuring that the three aspects of the C-I-A triad are covered is an important first step towards designing any secure system. If you want to know more about cybersecurity processes, related standards, and their impact on the automotive industry, come to our two day UL-CCSP training in automotive. The fundamental principles (tenets) of information security are confidentiality, integrity, and availability. Every element of an information security program (and every security control put in place by an entity) should be designed to achieve one or more of these principles. Together, they are called the CIA Triad. Confidentiality measures are designed to protect against unauthorized disclosure of information. The objective of the confidentiality principle is to ensure that private information remains private and that it can only be viewed or accessed by individuals who need that information in order to complete their job duties. What is Integrity?Integrity involves protection from unauthorized modifications (e.g., add, delete, or change) of data. The principle of integrity is designed to ensure that data can be trusted to be accurate and that it has not been inappropriately modified. What is Availability?Availability is protecting the functionality of support systems and ensuring data is fully available at the point in time (or period requirements) when it is needed by its users. The objective of availability is to ensure that data is available to be used when it is needed to make decisions. Effectively executing all three tenets of the Security Triad creates an ideal outcome from an information security perspective. Consider this example: An organization obtains or creates a piece of sensitive data that will be used in the course of its business operations. Because the data is sensitive, that data should only be able to be seen by the people in the organization that need to see it in order to do their jobs. It should be protected from access by unauthorized individuals. This is an example of the principle of confidentiality. When the individual that needs that piece of data to perform a job duty is ready to utilize it, it must be readily accessible (i.e. online) in a timely and reliable manner so the job task can be completed on time and the company can continue its processing. This describes the principle of availability. And finally, the data will be used in calculations that affect business decisions and investments that will be made by the organization. Therefore, the accuracy of the data is critical to ensure the proper calculations and results upon which decisions will be made. The assurance that the data has not been improperly tampered with and therefore can be trusted when making the calculations and resulting decisions is the principle of integrity. LBMC Information Security provides strong foundations for risk-management decisions. We design our security risk assessments to arm your organization with the information it needs to fully understand your risks and compliance obligations. Learn more about our Risk Assessments / Current State Assessments.
Providing Solutions to Cybersecurity Problems
Ensuring timely and reliable access to and use of information. |