More than likely, anyone with a computer, tablet or smart phone has read and heard about the importance of securing electronic data and personal or business-related information.
This is largely because when individuals and organizations store, manipulate, share and retrieve electronic data, they do so over an increasingly complex and interconnected system of computers, servers and communication pathways.
As this world-wide system of interconnected technologies advanced, so too did opportunities for intercepting and copying data or gaining unauthorized access to systems. And so a new category of crime was born, and cyber-crime, hacking, malware, phishing and virus have taken their place in the lexicon of the computer age.
In last week’s blog on CAP’s use of SCADA technology to monitor and control the assets in our system, we mentioned that our SCADA system does not connect to the Internet and operates on a separate, dedicated communication system.
But SCADA is only one of the many software systems involved in managing and operating the CAP system, connecting its far-flung operations, and allowing staff to conduct their work in an efficient and effective manner. A number of these software system must operate using communication pathways that are susceptible to intrusion.
Thus, CAP takes computer security – also known as Cyber Security – very seriously and is continually assessing the vulnerability of our software and hardware systems and taking steps to strengthen the protection of these assets.
Computer interconnectivity was vastly improved by the advent of the server and networks as a predominant piece of computer architecture for businesses. Servers allowed multiple users to take advantage of shared data and software, and could easily be connected to other servers to increase storage and computing capacity. Networks allowed connectivity to anywhere in the world.
Combined with the growth of the internet, businesses were able to share these resources not only within the same complex as the servers, but with innumerable users around the world. In response to a growing demand for greater connectivity between users and software, vendors began building in functionality to allow users to remotely access the programs and in some cases use a smart phone or tablet.
Many of these new software packages provide new ways to control the assets, view alarms, view status, and make configuration changes. This can improve operational efficiency, reduce unplanned travel, and make it easier to resolve problems.
However, there are many documented data breaches where hackers infiltrate a company’s network through one of these software packages.
The challenge for many companies is to balance the advantages of additional accessibility with the potential impacts on system security.
To balance accessibility and security CAP uses several different layers of security to manage the risks. CAP makes use of email/Internet filtering, antivirus and antimalware software, multiple access controls and firewalls to block “bad” data traffic and allow “good” data traffic to traverse through systems.
It is more than just having the correct software. Everyone at CAP is responsible for maintaining security and protecting information on the systems and data accessible to them. Regular updates and training opportunities help ensure that staff have the knowledge and tools to help secure our information systems and know how to recognize and address electronic threats to the CAP system as well as in their own homes.
In addition, members of CAP’s IT staff regularly receive cyber security training and the latest information on emerging challenges from national experts, both public and private. CAP conducts internal audits and works with other agencies and companies to measure our security against the best practices in the industry.
In the end, securing CAP’s computer system and electronic information is both a science and an art. Selecting the correct hardware and software and setting up best practices is a critical component of our planning and operations. Equally important is maintaining the flexibility to meet the on-going and future security needs of the system while assuring the business of CAP is conducted effectively from multiple locations across western, central and southern Arizona.