Let’s talk about the CIA. The CIA is such an incredibly important part of security, and it should always be talked about. You’re probably thinking to yourself “but wait, I came here to read about NASA!”- and you’re right. While the CIA is a pretty cool organization too, I’ll be talking about the CIA triad – and what it means to NASA.
The CIA triad, not to be confused with the Central Intelligence Agency, is a concept model used for information security. CIA stands for confidentiality, integrity, and availability. It is common practice within any industry to make these three ideas the foundation of security.
When we consider what the future of work looks like, some people will ambitiously say “flying cars” and “robots taking over”. More realistically, this means teleworking, or working from home. When you’re at home, you need access to your data. How can an employer securely share all that data? That’s the million dollar question that, if I had an answer to, security companies globally would be trying to hire me.
How does the workforce ensure it is prepared to shift to this future mindset, and where does the CIA triad come into the picture?
Every company is a technology company. Even NASA. Especially NASA! In fact, NASA relies on technology to complete their vision to “reach for new heights and reveal the unknown for the benefit of humankind”. Imagine doing that without a computer. That would be a little ridiculous, right? Furthering knowledge and humankind requires data!
One of NASA’s technology related missions is “to enable the secure use of data to accomplish NASA’s Mission”. Let’s break that mission down using none other than the CIA triad.
C – Confidentiality. Confidentiality essentially means privacy. Making sure only the people who require access to data have access, while also making sure that everyone who needs the data is able to access it. In a NASA example: we need to make sure software developer Joe can access his important work regarding the International Space Station from home, while janitor Dave is never allowed to access this data.
I – Integrity. Is this data the correct data? That’s what integrity means. Making sure no bits were lost, making sure no web address was changed, and even making sure that unauthorized people cannot change your data. Another NASA example: software developer Joe asked his friend, janitor Dave, to save his code for him. In the process, Dave maliciously saved some other piece of code with the name of what Joe needed. The next time Joe opened his “code”, he was locked out of his computer.
A – Availability. This one seems pretty self-explanatory; making sure your data is available. Remember last week when YouTube went offline and caused mass panic for about an hour? In a perfect iteration of the CIA triad, that wouldn’t happen. Things like having the correct firewall settings, updating your system regularly, backups of your data, documenting changes, and not having a single point of failure in your network are all things that can be done to promote availability. A last NASA example: software developer Joe really wants to eat lunch on his center, but he cannot access the website that tells him what food options there are. He is frustrated by the lack of availability of this data.
NASA (and any other organization) has to ensure that the CIA triad is established within their organization. Whether it’s a small business personally implementing their policies or it is a global network of many IT employees, data is crucial. Without data, humankind would never be the same. Imagine a world without computers. No more gas pumps, cash registers, ATMs, calculators, cell phones, GPS systems… even our entire infrastructure would soon falter. Electricity, plumbing, hospitals, and air travel all rely on a computer- even many cars do! Without data, or with data in the wrong hands, society and culture would change so drastically that you and I would never be able to recognize it.
This is why designing for sharing and security is such a paramount concept. The data needs to exist; there is no question. Data must be shared. But if data falls into the wrong hands, janitor Dave might just steal your data and crash the International Space Station… in your name.
About the Authors
Emma Kanning is an intern at NASA’s Johnson Space Center working in the Avionic Systems Division focused on Wireless Communication; specifically the integration of IoT devices with LTE. Emma attends Kent State University and will graduate in 2021 with a degree in Digital Sciences. Emma is passionate about STEM education and cyber security. She participates in Civil Air Patrol and FIRST Robotics, and loves photography and writing.
Nick Skytland | Nick has pioneered new ways of doing business in both government and industry for nearly two decades. He leads the Future of Work initiative at NASA and is the Agency Talent and Technology Strategist in the Talent Strategy and Engagement Division within the Office of the Chief Human Capital Officer (OCHCO).