Automated Security Check Software: Streamlining Security Checks on Textron Systems’ Universal Ground Control Station; A Virtue Ethics Analysis of the 2017 Equifax Data Breach
Thomas, Jalon, School of Engineering and Applied Science, University of Virginia
Vrugtman, Rosanne, EN-Comp Science Dept, University of Virginia
Laugelli, Benjamin, EN-Engineering and Society, University of Virginia
My technical work and my STS research are primarily connected through the idea of promoting robust cybersecurity practices. For the technical project, I developed a security application for Textron Systems that streamlined security checks on their Universal Ground Control Station (UGCS). For my STS research, I analyzed Equifax’s ethical failings that led to their data breach in 2017. Thus, both my technical work and STS research center on emphasizing positive cybersecurity practices and the potential detrimental effects of neglecting them.
My technical project was to develop a security application that automated and streamlined security checks on Textron Systems’ UGCS. UGCS is used to control unmanned air vehicles manufactured by the company and has a set of mandatory security checks that need to be run each time the system is booted. The three checks are virus scan, compliance check, and firewall check, and these checks need to be run on each of UGCS’s five virtual machines. Prior to the creation of my application, the process needed to be tediously completed by the operator for each use of UGCS, and the results manually recorded. My application centralized and simplified this process by allowing for operators to press a single button to run, analyze, and record the results of security checks across all the system’s machines.
My STS research focuses on the 2017 Equifax data breach and the ethical failings of the company that led to the compromise of records containing the personally identifiable information (PII) of at least 143 million Americans. To frame my argument, I use the virtue ethics framework developed by Aristotle in conjunction with Michael Pritchard’s list of virtues for morally responsible engineers to show the ethical shortcomings within the company. I contend that Equifax failed to adhere to two of the key virtues necessary for responsible engineers – the ability to communicate clearly and informatively as well as commitment to quality – and this failure was the root cause of the poor cybersecurity practices that led to the data breach.
Since I completed my technical project before my STS research, it was largely my experience with developing my application that informed my research argument. Through the application development process, programming comprised a relatively small amount of time. Most of my work was spent meeting with clients, defining requirements, and writing documentation. The technical work gave me a look into what developing robust and scalable cybersecurity should be. Thus, when analyzing the Equifax data breach case, the failings of the organization were abundantly clear because they operated in stark contrast to the work that I had done. The company had poor communication, documentation, and infrastructure that would not have existed if they had been truly dedicated to strong cybersecurity practices. The culmination of my technical work and STS research is a greater understanding of the importance of each step in developing cybersecurity infrastructure. While my technical project showed me how much work needs to be done to implement a strong cybersecurity system, the Equifax case demonstrated the potential pitfalls of taking shortcuts and being disorganized in the process.
BS (Bachelor of Science)
Equifax, Data breach, Security, Automated test
School of Engineering and Applied Science
Bachelor of Science in Computer Science
Technical Advisor: Rosanne Vrugtman
STS Advisor: Benjamin Laugelli
Technical Team Members: Jalon Thomas
English
All rights reserved (no additional license for public reuse)
2024/05/10