A cybersecurity framework is a collection of international cybersecurity and state-authorized policies and processes to protect crucial infrastructure. It incorporates specific instructions for companies to handle the information stored in systems to ensure resilience towards security-related risks. In this cybersecurity tutorial article, we bring to you everything that you need to about a cybersecurity framework in general.
History of Cybersecurity
In the 1970s, Robert Thomas created the first computer virus, which can roam across a network, leaving a tiny part of the program wherever it travels. It was named “Creeper.” This was the birth of cybercrime.
Ray Tomlinson used the idea of “Creeper.” He started working with Creeper’s source code and prepared it with self-replicating capabilities, which incidentally created the first computer virus. Having realized this, he wrote another program, the first antivirus program called the Reaper. It had the potential to detect the Creeper and remove it from the system.
In the 1980s, the first computer worm was created, which corrupted the system and blocked the networks causing the internet to crash. Prior to this, the security of computers and other technologies has slowly become a business, and this gave birth to the industry of antivirus software and many more programs that can protect the systems from malicious programs.
As of today, a single corrupted file can damage cyber infrastructure related to individuals and an entire organization within no time. This has made the protection of cyber infrastructure more important than before.
The CIA triad short form for Confidentiality, Integrity, and Availability is a model designed to provide companies and organizations guidelines to help them create their security policies.
Cybersecurity involves protecting data and information from unauthorized access, deletion, or modification to provide confidentiality, integrity, and availability. We will now discuss these components and some of the information security measures designed to assure each component’s safety.
Confidentiality involves preventing any access of data to unauthorized individuals. It ascertains the identity of authorized personnel involved in sharing and holding data secure, private, and anonymous. Confidentiality can be compromised by hackers who crack poorly encrypted data, incorporate various types of cyber-attacks, and disclose sensitive data.
Integrity is usually protecting the information from being altered by unauthorized individuals. It denotes that data and programs can be changed by authorized personnel. Integrity can be compromised, especially by cyber-crimes when malware is embedded into web pages or when a machine is turned into a “zombie computer”.
Availability is ensuring that authorized personnel has access to the data or information when needed. Any data is of high value if the concerned individuals have access to it at the required time. Unavailability of information usually occurs when security incidents such as human error, programming errors, DDoS attacks, or hardware failures.
No matter how small it might be, any cyber-attack can threaten one or more of the three components of the CIA triad. Confidentiality, Integrity, and Availability all have to be incorporated together to keep data and information secure. It is essential to know what the CIA Triad is and how it can be implemented for a quality security policy while understanding the various principles.
Why do we need a Cybersecurity Framework?
Given the risks of cyber-attacks, there was a need to develop a voluntary framework – based on existing guidelines, standards, and practices – for reducing cyber risks to critical infrastructure.
Frameworks are created through a collaboration between industry and government. The cybersecurity framework typically consists of standards, guidelines, and practices to promote critical infrastructure protection. The flexible, repeatable, prioritized, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk. The cybersecurity framework gives an organized way to become secure and then constantly evaluate the effectiveness of the cybersecurity established by the framework.
Cybersecurity Framework Components
There are three components in a cybersecurity framework, which we will discuss now.
The Framework Core consists of a set of desired objectives and outcomes in layman terms that is easy to understand. The core provides guidelines to organizations in managing and reducing their cybersecurity risks that work in sync with the organization’s existing cybersecurity infrastructure.
The Framework Implementation Tiers helps organizations by providing information on how an organization views cybersecurity risks. The Tiers suggests organizations consider the appropriate level of vigilance for their cybersecurity program. It is also used to forecast risk tolerance and IT budget.
The Framework Profiles show us how organizational requirements and objectives are aligned with the desired outcomes of the Core. Profiles help to improve cybersecurity at an organization.
Cybersecurity Framework Strategies
There are five major strategies that are involved in the development of any cybersecurity framework.
This helps the organizations to establish the existing client IT touchpoints within the environment. This includes IT resources, infrastructure, and all the entities that IT has to offer to the organization.
This is responsible for data and information access control, security, and maintenance to provide cybersecurity in the business environment. This is a preemptive measure taken towards cybersecurity and data protection.
This is where an organization detects potential loopholes in IT security by continuous monitoring and analysis of the data logs and engaging with any unauthorized intrusion through industry-standard cybersecurity procedures at the network level.
Once the loophole is detected, the IT department needs to take care of the response by following standard procedures. This involves understanding the cyberattack, fixing the security weakness, and proceeding with the network and data recovery.
Network and data recovery include various planning procedures, like backup plans and disaster recovery systems.
Types of Cybersecurity Frameworks
There are different types of cybersecurity frameworks based on implementation and organizational requirements.
NIST Cybersecurity Framework
NIST abbreviated as the National Institute of Standards and Technology cybersecurity framework is a predesigned framework to guide organizations in analyzing and enhancing their capabilities to avoid, detect, and respond to cyberattacks and cybercrime. This cybersecurity framework can be tailored for other organizations as well based on their requirements, organization size, and structure.
PCI DSS Cybersecurity Framework
PCI DSS or Payment Card Industry Data Security Standard cybersecurity framework is majorly used in strengthening the security of online payment accounts by creating strong security for all types of online card payments which include credit cards, debit cards, and other card transactions.
CIS Cybersecurity Framework
CIS known as the Center for Internet Security cybersecurity framework delivers necessary guidelines to organizations to establish critical security controls that need to be adhered to by the organization to practice safe cybersecurity practices.
CIS includes three sets of critical security controls- namely basic, foundational and organizational controls which account for a total of 20 controls.
These 20 controls have to be strictly abided by any organization to attain a maximum secured IT environment.
ISO Cybersecurity Framework
International Standards Organizations or ISO cybersecurity frameworks are set of different industry cybersecurity standards that ascertain the needs of different environments and industries. A few of them include
ISO 9000 handles the cybersecurity framework for manufacturing industries to provide the best cybersecurity within their business environment.
ISO 27799 takes care of the cybersecurity framework for organizations in the healthcare industry.
ISO 27000 is a family of cybersecurity framework standards that are documented to provide complete security guidelines from end to end in an organization where ISO 27001 is the mainstay in this family series that determines the specifications for cybersecurity frameworks.
With increased complexity and electronics involved, today’s modern vehicles run on millions of lines of code, and are equipped with hundreds of different technologies, and can have up to hundreds of electronic control units using various operating systems.
Jeep Cherokee is a famous SUV with off-roading capabilities. There was a Jeep Cherokee cyberattack in 2015, which turned out to be a turning point for the automobile industry.
Charlie Miller and Chris Valasek – two security researchers remotely hacked the Jeep Cherokee vehicle and took over control of its functions, including the air conditioner, radio, wipers, brakes, steering wheel, and accelerator due to a loophole in the car’s infotainment system.
This was the first time a remote cyberattack was done on a vehicle. Jeep Cherokee was selected because of its simple architecture. After this attack, Fiat Chrysler recalled more than 1 million hackable vehicles for security patch updates.
How they did it?
They first targeted the multimedia system by hacking the Wi-Fi and compromising the automatic password generation that occurs each time the car starts
They used hacking techniques to break into the system remotely. The main vulnerability they found out was that the Wi-Fi password is created before the actual date and time are set and is based on a default system time, during which the infotainment system starts. This gives approximately 7 million combinations of passwords, which for hackers is a doable task in almost an hour using brute force methods.
They then took over the infotainment system by exploiting the software. By controlling the infotainment system remotely, various cyberattacks such as changing the air conditioner settings or increasing the fan speed, a sudden change in the volume of the radio, or turning off GPS were launched. Since the car infotainment system uses a cellular connection to provide access to the internet and other services, they exploited this vulnerability to deliver the attack.
The infotainment system that was used as a portal for conducting this cyberattack was developed by Harman. After this cyberattack, they decided to develop their own cybersecurity product and bought TowerSec, an Israel-based cybersecurity company, to help it revamp its manufacturing processes and scrutinize third-party supplier software.
Harman appointed security professionals and changed its organizational structure to oversee cybersecurity efforts. These changes helped Harman tackle cybersecurity issues at every stage of the production process by creating a checklist that involves scanning third-party software for errors and bugs, thereby improving Harman’s cybersecurity protection and creating a risk analysis of potential loopholes for every involved component
If any new feature or component is added to a vehicle, designers now first have to demonstrate how they would secure the operation from potential cyberattacks.
Till now, only security patch updates were released for any such issues, but since automobiles are something that is being used over a longer period of time, sustaining the protection by over-the-air updates is a challenge. Tesla is the only automobile manufacturer that releases these over-the-air updates on a regular basis, thus sustaining the cybersecurity for its products.
Cybersecurity frameworks help to achieve a strong security structure and avoid any potential cyber threats. They also help to become compliant with various regulations that are to be adhered to by an organization. Implementing a cybersecurity framework involves a lot of time and resources with complete commitment. The framework helps design an organized way to have a secure environment and then continually monitor its effectiveness in maintaining a robust cybersecurity control. Given the recent development in cybercrimes, there is still a lot of scope for improving the selection, design, and implementation of cybersecurity frameworks.
If you want to learn about various cybersecurity methods and how to adopt them, you should consider pursuing an IT security and governance course from Invensis Learning. Some of the popular IT Security and Governance certification courses that individuals and enterprise teams can take up are: