The world with “everything” having access to the internet appears inevitable, and with it, the potential to do a lot of good. However, our not paying attention to warnings from the past can quickly negate any benefit derived from the Internet of Things (IoT).
Not many remember The Ware Report, a warning, now considered prophetic, from the 1970 Defense Science Board Task Force on Computer Security:
“Providing satisfactory security controls in a computer system is in itself a system design problem. A combination of hardware, software, communications, physical, personnel and administrative-procedural safeguards is required for comprehensive security. In particular, software safeguards alone are not sufficient.”
With all the high-profile data breaches and malicious attacks discussed by tech media outlets each day, one might conclude that considering cybersecurity a system design problem has been largely ignored.
One then has to wonder about all the IoT devices invading our lives. Since they are empowered with similar computing technology, shouldn’t the same lack of security be expected? It appears the answer to that question is yes, as evidenced by Alexandra Ossola’s Popular Science article Hacked Medical Devices May Be the Biggest Cybersecurity Threat in 2016.
Cybersecurity as a system design problem
The May 2016 National Institute of Science and Technology (NIST) special publication Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (PDF), authored by Ron Ross, Michael McEvilley, and Janet Carrier Oren, reiterates the need to consider cybersecurity a system design problem. One reason is the complexity of the systems needing to be secured. The following are some of the complicating factors suggested by the report:
- Ever-evolving growth in the geographical size of the system, along with number and types of components that comprise the system
- Complexity in the interactions, behavior, and outcomes of system elements
- Increased dependence results in consequences–minor inconveniences to catastrophic loss–due to disruptions, hazards, and threats within the global operating environment
The authors go on to say, “Today’s systems with their inherent complexity require a disciplined and structured engineering approach to achieve any expectation that the inherent complexity can be effectively managed.”
As to what Ross, McEvilley, and Oren consider adequate security, they mention, “Freedom from conditions that cause loss of assets with unacceptable consequences.”
The authors also suggest it is imperative the scope of security be clearly defined by stakeholders with regard to the assets to which security applies and the consequences against which security is assessed.
SEE: Internet of Things: The Security Challenges (ZDNet/TechRepublic)
A systems approach to security
The report then discusses how to approach an IoT system design problem. That, according to Ross, McEvilley, and Oren, requires systems security engineering, a well-established discipline:
“Systems security engineering provides considerations for activities and tasks that produce security-oriented outcomes as part of every systems engineering process with focus given to the appropriate level of fidelity and rigor in analyses to achieve assurance and trustworthiness objectives.”
Rather than being an afterthought, systems security engineering ( Figure A) considers security to be a holistic approach to the design and engineering portion of a project. “This ensures that stakeholder protection needs and security concerns associated with the system are properly identified and addressed in all systems engineering tasks throughout the system life cycle,” explains the report.
At the project’s beginning, systems security engineering will define the stakeholder’s security objectives, protection needs, and associated validation methods.
Once a project is in the design phase, the authors describe the role of systems security engineering as:
- Informing systems engineering of security considerations to reduce errors, flaws, and weaknesses that may constitute security vulnerabilities
- Identifying, quantifying, and evaluating the costs and benefits of protective measures to assist in making decisions about alternatives solutions, engineering trade-offs, and risk treatment
Once a system has been designed, the next step required by systems security engineering is performing a security analysis to determine if all the requirements have been met. The analysis includes the following:
- Building an assurance case to demonstrate that security claims for the system have been satisfied
- Providing evidence to support the assurance case and to substantiate the trustworthiness of the system
Why systems security engineering works
“Systems security engineering activities draw upon the combination of well-established systems engineering and security principles, concepts, and techniques to leverage, adapt, and supplement the relevant principles and practices of systems engineering,” conclude Ross, McEvilley, and Oren. “Such engineering activities are performed systematically and consistently to achieve a set of outcomes within every stage of the system life cycle, including concept, development, production, utilization, support, and retirement.”