Explanation should include the
- definition of the CIA triad as a model designed to guide policies for information security within an organization
- confidentiality–a set of rules that limits access to information
- integrity–the assurance that the information is trustworthy and accurate
- availability–a guarantee of reliable access to the information by authorized people
- effects on CIA of
- cyberattacks
- natural disasters
- terrorist attacks
- equipment breakdowns
- insider threats
- key threats to integrity
- intentional falsification of data to disrupt crop, livestock, or poultry sectors
- introduction of rogue data into a sensor network, which damages a crop, herd, flock, or process
- insufficiently vetted machine learning (ML) modeling
- key threats to availability
- potential for human error (e.g., accidental deletion of data)
- physical access vulnerabilities (e.g., disrupting/damaging data delivery)
- distributed denial-of-service (DDoS)
- timing of equipment availability
- space-based and ground-based disruption to positioning, navigation, and timing (PNT)
- disruption to communication networks
- foreign supply chain access to equipment used in PA
- smart livestock production facility failure.
Process/Skill Questions:
- Why is CIA important in PA?
- Which component of the CIA triad model is affected by a denial-of-service (DoS) attack?
- What does the term integrity mean as it relates to computer security?
- How would a cyberattack (e.g., modification of a computer program/algorithm) on a food–processing critical control point (e.g., fluid milk pasteurization temperature/time) affect food safety and influence consumer perception of the safety of the broader food supply?
- What are man-in-the-middle, data-diddling, trust-relationship, and session-hijacking attacks?
- How could falsified data harm an agriculture business?
- How might a computer criminal attempt to falsely modify digital data?
- How might a farmer/producer be affected if a variable-rate application (VRA) sensor network for fertilizer was secretly programmed to deliver at a rate higher than appropriate?
- What safeguards need to be in place in case of a natural disaster and the destruction of data or resources?
- How can a DDoS attack on equipment affect PA?
- How might an attack on the power grid cause a disruption in data availability?
- What type of non-malicious event might have a negative effect on data availability?
- What is a DoS attack?
- What are the criteria for identifying key personnel who should have access to data?
- How should businesses validate the chain of transfer of data among authorized personnel?
- What would be the appropriate computer, technical, management, and policy/regulatory positions to include in the chain of transfer?