November/December 2013
Certification Review

ISA Certified Automation Professional (CAP) program

Certified Automation Professionals (CAPs) are responsible for the direction, design, and deployment of systems and equipment for manufacturing and control systems.

CAP question

If a hacker intercepts and changes set point data traveling over an industrial network, which basic security property is affected?

A. integrity
B. functionality
C. availability
D. defensibility

CAP answer

The correct answer is A, integrity. Data integrity implies that the data received is the same (value, format, quality) as the data sent. If a hacker is successful in changing set point data as that data travels over the network, the hacker has compromised integrity of the data, since it is no longer the same when received as when sent.

Answer B is incorrect, because functionality is not a basic security property.

Answer C is incorrect, because the problem statement did not address the availability of data. It appears that only the value of the set point (data integrity) was affected.

Answer D is incorrect, because defensibility is not a basic security property, but rather a measure of the vulnerability of a system.

 Trevathan, Vernon L., A Guide to the Automation Body of Knowledge, Second Edition, ISA, 2006.