What happens when networks break or fail?
A network outage is never just a technical inconvenience. Depending on what was affected, a failure can expose confidential data, corrupt records, deny access to critical services, or endanger lives. The CIA triad — confidentiality, integrity, and availability — gives us a framework for understanding exactly what went wrong and what was at stake.
What this topic covers
- › 4.1.A — The CIA triad and identifying evidence of each type of violation
- › 4.1.B — How unreliable connectivity impacts individuals, organizations, and critical infrastructure
Why the CIA triad matters
Violations of the CIA triad rarely occur in isolation — a single breach often compromises multiple components simultaneously, compounding the overall damage. Understanding the full scope of an incident requires investigating what happened, who was affected, and how data or services were impacted.
The CIA triad (4.1.A)
The CIA triad is the foundation of secure and reliable network communication. Confidentiality, integrity, and availability are three distinct properties that must be protected together.
Confidentiality
Only authorized individuals, systems, or processes can access data.
Signs of a breach:
- › Unauthorized access to files or systems
- › Network traffic showing data exfiltration
- › Exposed credentials
- › Unusual activity on sensitive data
Integrity
Data are accurate, trustworthy, and have not been altered.
Signs of a breach:
- › Unauthorized data changes
- › Inconsistencies in logs
- › Unauthorized software installations
- › Corruption of data
Availability
Data and services are accessible to authorized entities.
Signs of a breach:
- › Inability to access systems, networks, or resources
- › Slow or dropped connections
- › Unexpected high volume of network traffic
- › Frequent error messages
Incident investigation
When a CIA violation occurs, investigating the full scope of the incident requires reviewing multiple evidence sources. Each source helps answer a different part of the question: what happened, who was affected, and how were data or services impacted?
Access logs
Show who accessed what systems and when — an essential trail for identifying unauthorized access
Firewall / monitoring alerts
Triggered when traffic or behavior matched a known threat rule — indicate when and where suspicious activity was detected
Error reports
Abnormal system states, failed processes, or access denials that occurred during the incident window
Missing or corrupted files
Evidence of integrity or availability violations — data deleted, encrypted, or modified without authorization
Network outages or slowdowns
Sudden degradation in network performance or complete loss of connectivity, which may indicate a DoS attack, lateral movement, or infrastructure failure
Impacts of unreliable connectivity (4.1.B)
Network connectivity supports communication, data access, and service delivery. When connectivity is unreliable, the consequences vary depending on when the outage occurs and which systems are affected.
Timing matters
Outages during peak activity cause greater impact than those during low-usage periods. A retail system going down at midnight has a smaller business impact than the same system failing on a peak shopping day. The relationship between timing and impact is something organizations must plan around in their availability strategies.
Critical infrastructure
Emergency response, power, water, healthcare, food supply, and military systems are critical infrastructure where connectivity disruptions can cause serious functional or public safety consequences at any time, regardless of load. The timing threshold that applies to businesses does not apply here.
Long-term consequences of extended outages
Financial loss
Missed transactions, reduced productivity, and recovery costs accumulate during extended outages
Reputational damage
Customers and investors lose confidence, discouraging future business and partnerships
Erosion of public trust
Especially damaging for public institutions, utilities, and services that citizens depend on