For decades, those in cybersecurity were fed the doctrine of CIA: Confidentiality, Integrity, and Availability – the pillars or foundational principles of information security. Advances and changes in information technology have rendered the CIA triad obsolete.
For many years, information technology has been used in numerous applications where life safety is a major concern. Examples include:
- Patient health monitoring
- Patient medication delivery (e.g., IV pumps)
- Robotic surgery
- Autonomous vehicles
- Autopilots
- Domestic robots
You can probably add more examples to the above list.
The former CIA Triad should give way to the CIAS pyramid: confidentiality, integrity, availability, and life safety. I first argued for this in my book, CISSP For Dummies, 5th edition (2016), on page 37, as well as in CISM Certified Information Security Manager All-In-One Exam Guide (2018) on page 382, where I called argued for confidentiality, integrity, availability, and life safety.
As a simple model and a reminder of foundational principles, the CIA triad has served us well. However, as a foundational principle, the CIA triad now falls short, as arguably the most critical aspect, when applicable, is safety and life safety.
Peter H. Gregory 