This automation industry quiz question comes from the ISA Certified Automation Professional (CAP) certification program. ISA CAP certification provides a non-biased, third-party, objective assessment and confirmation of an automation professional's skills. The CAP exam is focused on direction, definition, design, development/application, deployment, documentation, and support of systems, software, and equipment used in control systems, manufacturing information systems, systems integration, and operational consulting. Click this link for more information about the CAP program.
If a hacker intercepts and changes set point data traveling over an industrial network, which basic security property is affected?
e) none of the above
Click Here to Reveal the Answer
Answer B is incorrect, because functionality is not a basic security property.
Answer C is incorrect, because the problem statement did not address the availability of data. It appears that only the value of the set point (data integrity) was affected.
Answer D is incorrect, because defensibility is not a basic security property, but rather a measure of the vulnerability of a system.
The correct answer is A, integrity. Data integrity implies that the data received is the same (value, format, quality) as the data sent. If a hacker is successful in changing set point data as that data travels over the network, the hacker has compromised integrity of the data, since it is no longer the same when received as when sent.
Reference: Nicholas Sands, P.E., CAP and Ian Verhappen, P.Eng., CAP., A Guide to the Automation Body of Knowledge. To read a brief Q&A with the authors, plus download a free 116-page excerpt from the book, click this link.
ISA Cybersecurity Resources
ISA offers standards-based industrial cybersecurity training, certificate programs, conformity assessment programs, and technical resources. Please visit the following ISA links for more information:
- Cybersecurity Library
- ISA Global Cybersecurity Alliance
- Cybersecurity Resources Portal
- Cybersecurity Training
- Cybersecurity Blog Posts
- IEC 62443 Conformance Certification
- ISA Suite of Security Standards
- ISA Family of Standards
- ISA/IEC 62443 Cybersecurity Certificate Programs
- Industrial Cybersecurity Technical Resources Brochure