Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×

Cybersecurity Is Founded on Simple Principles

Get to know CIA, DiD, PoLP, MFA and other key concepts

This is Part 6 of a series about IT fundamentals. These articles are based on excerpts from the Society of Broadcast Engineers CBNT/CBNE Study Topics webinar series, designed to assist those seeking SBE certification and to provide others a broad overview of IT as used in broadcast engineering. (The series starts here.)

The broadcast station of today relies on information technology and an internet protocol-based infrastructure, whether it’s a small radio station or a state-of-the-art major-market radio or TV outlet. The migration to an IT-based infrastructure brings advantages in capability, flexibility, scalability and cost-effectiveness. However, with thos comes a downside in exposure to cyberattacks. 

Protecting the infrastructure against such threats grows more challenging for the broadcast IT engineer each year. 

Cybersecurity is an essential responsibility and cannot be overlooked. It is often viewed as a complex undertaking. It is a multifaceted discipline that can become confusing and challenging. 

However, cybersecurity is founded on several simpler core principles. These guidelines and best practices seek to reduce cyber risks and protect IT assets in your organization. 

Core principles

The CIA triad is one such principle. It establishes the policies and goals of cybersecurity as ensuring “Confidentiality, Integrity and Availability” of IT systems. (The triad may also be referred to as AIC, for Availability, Integrity and Confidentiality, to avoid confusion with the United States Central Intelligence Agency).

Confidentiality means data within the IT infrastructure is available only to authorized users and systems, whether flowing through networks, stored at rest or used within a workflow process. 

Integrity refers to ensuring that the data has not been unduly modified, tampered with or altered. 

Availability refers to IT assets being accessible to authorized users and systems when required, but not to those who aren’t authorized. While the focus is on malicious acts, this principle can also be applied to avoiding accidental or human error events. 

Another principle is Defense in Depth, or DiD, based on establishing redundant levels or layers of security controls within the IT infrastructure such that there is no single reliance upon a single precaution.

If a security precaution should be breached or fail, another will be in place to prevent any impact. Areas of DiD control include physical infrastructure security, network access, application access and anomality detection systems such as antivirus or artificial intelligence-based malware detection systems. 

The Principle of Least Privilege, or PoLP, is based on limiting access rights to users and applications at the minimum level necessary to perform the defined business function. Limiting access to IT assets reduces the risk of abuse and propagation of a cybersecurity threat via “east-west” movement in an IT system.

The National Institute of Standards and Technology Cybersecurity Framework provides a structured set of guidelines and best practices for protecting IT assets and mitigating cybersecurity risks. The framework is organized into the areas of Identify, Protect, Detect, Respond and Recover; these are divided further into several categories and sub-categories before reaching a specific guideline or best practice to implement.

To-do list

With the background knowledge of fundamental principles and a long list of NIST framework best practices at hand, one can develop a “to-do” checklist of cybersecurity prevention steps. 

Such a list might look like the following:

  • Utilize the DiD approach to provide redundant precaution implemented in a structured and coordinated manner
  • Segment your network as the right architecture is an important first step in cybersecurity precautions (and performance enhancement)
  • Use encryption and multifactor authentication (MFA) for any remote access
  • Apply PoLP to users and applications
  • Limit or control access by packet filtering and/or firewalls
  • Disable (or block) any unused services to minimize the attack plane
  • Keep IT network hardware and operating systems updated and current
  • Ensure default login credentials are changed to strong, unique credentials
  • Maintain system backups following the 3-2-1 rule and know how to restore those systems
  • Utilize network equipment capabilities such as Ethernet switch port security
  • Monitor your infrastructure and know what is normal
  • Educate users regarding the dangers and tactics of social engineering and phishing 

Proof of performance

With cybersecurity precautions in place it is now time to become a hacker — not a malicious or “black hat” hacker, but a “white hat” or ethical hacker, also known as a penetration tester. 

The same tools that a malicious hacker might use are applied to verify that the proper cybersecurity precautions are in place and functioning as intended, and to seek cybersecurity vulnerabilities so that proactive corrective action can be taken. 

The goals of the CIA triad Confidentiality, Integrity and Availability now become the areas to target by the ethical hacker or penetration tester. 

Often referred to as port scanners, open-source tools such as “nmapcan be used to seek and find potential cybersecurity vulnerabilities through simulation of a cyberattack. Scanning tools can be used to identify host devices that are visible on a network, the operating system used, services enabled by active port identification and versions of services being executed. 

Enhanced capabilities include the ability to script or automate the testing process through the nmap scripting engine (NSE). Advanced detection techniques can be utilized such as determining the firewall or packet filtering implemented and firewall evasion and avoidance to avoid prevention system detection.

Penetration or “pen” testing is the last step in your cybersecurity prevention plan and can be viewed as the “proof of performance” of the broadcast IT system to ensure the cybersecurity precautions thought to have been put in place are working as intended. 

[Read Part 7 of this series]

The webinar on which this article is based, and many others, are available to anyone for a modest fee, with members receiving a discounted rate and free to those with the SBE MemberPlus upgrade. Consider joining if you are not a member at sbe.org

Close