Okay, so it’s probably not the CIA you’re thinking of. This CIA is potentially even more vital to the success of your business or organization than the one with the secret agents and covert operations. CIA is an acronym used in the cyber community to characterize security,* and it serves as a good starting point in exploring the important role ICS can play in protecting your team’s vital network infrastructure.
Give Me a C
Confidentiality. Your business is your business. Your data should be private and accessible only to those who have been authorized to use it. Breaches seem to occur almost daily, and the fallout can be expensive. Recovery cost of about $200 per record adds up quickly, and the toll is even greater in public trust, since 86% of customers say they shun brands following a breach.**
Give Me an I
Integrity. What if your network was being controlled by someone around the world, disabling systems you were building, all while telling you that everything was normal. As you may recall, that’s what Stuxnet did with the Iranian Nuclear Research team. The same is true every time you receive another email from your friend the Nigerian Prince who wants to send you money. In big ways and small, the integrity of your network can be compromised, disabling your operations or, even worse, enabling operations you don’t control.
Give Me an A
Availability. One side effect of our absolute dependence on network connectivity across the spectrum of our lives is the frustration we feel when it slows or, even worse, disappears. When the digital flow of information stops, the wheels of your organization grind to a halt, and those are the wheels that turn the gears that flip the switches that push the levers that print the money and change the world at the other end. If your network is not available to you, the world is a poor and unchanging place.
To the industry acronym CIA, Singer and Friedman add an R, for resilience.* Resilience, they suggest, is the ability to endure security threats without critical failure, to remain operational by prioritizing resources and protecting key assets and systems. And you can’t spell resilience without ICS. Go ahead, try it. See what I mean?
We’re ICS, not the CIA, but we protect your CIA and fortify your R, and that enhances the ROI on your P&L, which tickles the CEO, calms the CFO, and allows the COO to sleep at night. All in a day’s work at ICS.
* Peter W. Singer and Allan Friedman, Cybersecurity and Cyberwar, 2014