Secure-by-Design Is More Than Just a Cybersecurity Risk Problem

Secure-by-Design Is More Than Just a Cybersecurity Risk Problem

Building trustworthy secure systems has a great deal in common with building a house. It starts with a good architectural plan, input from structural engineers, quality products (e.g., lumber, concrete, plumbing and electrical components, roofing materials, doors and windows), skilled tradespeople to carry out the site grading and construction, building inspections at various stages in the construction process, and a construction supervisor to oversee the work. It’s a well-established construction?process?that is designed to help ensure quality outcomes. The home is, in reality, a “system.” So, after 50 years of trying to develop computing systems that we trust and are resilient in the face of threats from determined adversaries, why is it that we still have significant risk in this area? Why are building codes in home construction and other disciplines far more complete than in cybersecurity?

To be fair, computing systems are highly complex entities composed of trillions of lines of code in software applications and firmware, billions of interconnected devices, and hardware components at the foundation where computer science meets physics. But given those distinct differences, homes and computing systems are both “systems” in their own right. Have we applied the foundational, time-tested?design principles in a life cycle-based systems engineering process to produce?outcomes?that we need to ensure our critical systems (integral to everything we care about including our privacy) are well protected? Do we have sufficient information to understand how system components are designed and built and how those products come together in a system to provide critical capabilities that keep the lights on, purify water systems, keep the planes, trains and automobiles running, ensure ubiquitous communications essential for commerce, and protect the country with reliable, state-of-the-practice weapons systems?

There are many ongoing initiatives to improve the security and transparency of component products developed by industry and to promote a secure-by-design approach to cybersecurity. The fundamental problem, however, cannot be constrained to cybersecurity risk—rather, it is a much broader problem that extends into the world of systems and system complexity. Building trustworthy secure systems and systems that have sufficient?resilience to operate in stressful environments with a myriad of threats requires “systems thinking” and the discipline of a well-defined?systems engineering process?that can reduce and manage complexity.

Having quality component products with security features is a necessary condition for achieving trustworthy secure systems, but it is certainly not sufficient. Why? Because “the adversaries live in the cracks.” Just like you can build a structurally-unsound home with quality products, you can also build an untrustworthy system with individual component products loaded with security features. A lack of?intentional?systems thinking and systems engineering results in systems that are more susceptible to successful cyber-attacks and subject to ongoing, expensive maintenance activities (e.g., remediating a growing list of system vulnerabilities, including zero-days after-the-fact, that require patching). Recognizing the holistic nature of “computing systems” is important for building the types of systems (including cyber-physical systems) we depend on to keep the country safe, secure, and productive.

A special note of thanks to?Victoria PIllitteri and?Brian Barnier, long-time cybersecurity and SSE colleagues, who graciously reviewed and provided sage advice for this article.

Inno Eroraha [NetSecurity]

Founder & CEO, NetSecurity Corp. | Inventor and Architect of ThreatResponder? Platform, a Cyber Resilient Endpoint Innovation | Cybersecurity Visionary, Expert, and Speaker

1 年

Managing cybersecurity risk in isolation is insufficient to address the complex challenges we face in today's digital landscape. To effectively protect our systems and critical capabilities, we must adopt a holistic approach that combines cybersecurity risk management with the principles of systems thinking and systems engineering.

Patrick Simon

President and Manager at Beehive Technology Solutions LLC Service-Disabled Veteran Owned Business (SDVOB) Federal and State Small Certified Business; Microsoft Partner Risk Digital Services

1 年

Thank you, Ron, for another great piece of your experience and wisdom; well done and appreciated by us all. What is often missed because of the cyber marketing hype is the requirement for culture and process and its importance at the conceptual vision stage, as we say in DOD and DOAF, the OV-1 view. The all-powerful array of NIST publications and the NIST support team provides the baseline, and the publications, when used correctly and applied digitally, can be "tailored" from a commercial building to home construction. For example, HVAC commercial may be tailored for homes powered by low voltage (CAD and Blueprints-MBSE) (City Permitting), which may be traced to DHS CISA. We are in the digital convergence of physical-cyber-Digital Twins. So true that adversaries "live in the cracks" I also encountered a few in my federal IT years. Still not sure if they were digital roaches or blind termites. I recently heard that they caught one, but we are sure there are many more (APTs). It's very accurate that they multiply rapidly in certain risk cultures. A prescriptive approach could be proactive extermination at the design foundation level. "Intentional Systems Thinking" points to DevSecOps (IoT-SCADA) CI/CD; well said!

Michael A. Echols MBA CISSP

CEO, Founder @ MAX Cybersecurity | 8a Certified

1 年

For Sure Sir

要查看或添加评论,请登录

Ron Ross的更多文章

  • Systems Security Engineering Framework

    Systems Security Engineering Framework

    An Engineering-Based Approach to Protecting Cyber-Physical Systems Security, like safety, reliability and resilience…

    4 条评论
  • Making Zero Trust “Trustworthy”

    Making Zero Trust “Trustworthy”

    A little over a year ago, I wrote an article about assurance that attempted to make a convincing argument as to why…

    14 条评论
  • New Year’s Resolution: More Assurance, Less Seat of the Pants

    New Year’s Resolution: More Assurance, Less Seat of the Pants

    Using Assurance Cases to Demonstrate Systems Are Trustworthy Secure With today’s cutting-edge computing technologies…

    24 条评论
  • Yet Another Wake Up Call

    Yet Another Wake Up Call

    A Time for Reflection and Change in Our Cyber Protection Strategy We are once again confronted with another serious…

    22 条评论
  • Diving Below the Cyber Waterline

    Diving Below the Cyber Waterline

    The Danger of Existential Cyber-Attacks on Critical Systems and Assets In a previous article entitled “The…

    15 条评论
  • The Cybersecurity "Glass Ceiling"

    The Cybersecurity "Glass Ceiling"

    Adopting a Secure By Design Approach to Protect Critical Systems and Assets There is an emerging and troubling reality…

    11 条评论
  • Engineering Can Make Your Systems More Secure and "Stealthy"

    Engineering Can Make Your Systems More Secure and "Stealthy"

    In Bruce Schneier's recent blog post entitled "The Proliferation of Zero-days," he references the MIT Technology Review…

    9 条评论
  • A Bridge Too Far?

    A Bridge Too Far?

    The Power of Science and Engineering When we drive across a bridge, we have a reasonable expectation that the bridge we…

    13 条评论
  • Security Is Everyone’s Responsibility

    Security Is Everyone’s Responsibility

    Time for Stepping Up to the Plate and Requiring Accountability As the NIST team is entrenched in the 2021 update of SP…

    16 条评论
  • NIST Updates Cyber Resiliency Guidance for Critical Systems

    NIST Updates Cyber Resiliency Guidance for Critical Systems

    Why is cyber resiliency important? It's important because you can’t stop cyber-attacks. Even with “the right”…

    9 条评论

社区洞察

其他会员也浏览了