Cybersecurity is the persistent, multi-disciplined practice required to ensure confidence and trust in complex information systems.

Humans depend upon operational technology (OT) systems for their livelihood, safety, and security. Maintaining the chain of security is fundamental across every stage of system design, engineering, configuration, operation, maintenance, and disposition.

A single weak link has the potential to break the security chain. In order to prevent weak links and provide high levels of assurance, secure design principles and security best practices must be applied throughout the system lifecycle – from requirements definition through operations and maintenance.

The Academic Triad of Security Foundations

The academic triad of security foundations are Confidentiality, Integrity, and Availability. Confidentiality is typically thought of in the context of sensitive data (protect data from unauthorized access – at rest, in transit, during use), but can also include sensitive/proprietary algorithms or derived security-relevant items such as encryption keys. Availability is often considered at the system level, but also includes subsystem-level critical functions, especially system security functions. But of the three, Integrity is the foundation most often overlooked.

While Confidentiality and Availability are fairly easy to understand, System Integrity states that an information system will continue to operate as originally designed and intended – even if it is being actively attacked by a thinking (and adapting) adversary. Without thoughtful application of security principles and practices at every level of system design, implementation, and operation, the attacker has an asymmetric advantage over the defender – often only having to identify and exploit a single vulnerability to undermine system services, while the defender has to build and maintain a perfect security posture.

The Threat Classes of Cybersecurity

Cybersecurity (over-the-wire) exploitation can be captured in several threat classes, with the most common being (in order):

1)    Stolen and/or mis-appropriated credentials

2)    System misconfiguration or under-configuration

3)    Unmitigated (but known) software vulnerabilities

4)    Zero-day (novel) software vulnerabilities

5)    Insufficient control within the Trusted Computing Base (hardware and software)

Each of these threat classes disrupt the confidentiality, integrity, or availability of the system by allowing an attacker to either gain excessive levels of user-level or process-level access to capture sensitive data and algorithms, or maliciously compromise the system to disrupt the normal functionality of the system and force the system to act in unintended manners.

Securing Information Systems with a Trustworthy Foundation

Similar to building and operating physical objects like a skyscraper, secure information systems must be created from the ground up using trustworthy foundations.

First, during the design stage, tools are used to define security requirements and perform modeling and analysis to determine their impact on other system requirements such as usability and performance. This is the stage where design assumptions should be made explicit (i.e. – a vulnerability is often the invalidation of an assumption made in system design or operation). For example, formal methods have been used to create provably correct software implementations.

The application of security principles is also fundamental to the software development phase. From the provenance and trustworthiness of developers, code libraries, and software dependencies to the choice of (more or less secure) programming languages and practices used in DevOps, security efforts in this stage greatly help to reduce the introduction of potentially exploitable software bugs. Examples of reducing the exploitable software attack surface include type & memory safe languages such as Rust, removal of un-necessary / non-critical code, secure build configs/toolchains, and robust testing at every level.

Forming a Complete Solution with a Trusted Computing Base

After individual component development, systems are built. That is, multiple software and hardware components are brought together to form a complete solution.

The core of an operational system is the Trusted Computing Base (TCB) – the bedrock of hardware, firmware, hypervisor, and operating system kernel code (+configuration). The TCB is responsible for providing secure computing foundations to higher-order application software. These building blocks include data-at-rest protections and secure boot, configuration control and user/object access grants & restrictions, hardware resource partitioning and software process memory protections, containerization, secure software updates, integrity monitoring and system auditing.

From Development and Deployment to Secure Operations

The final state is operational cybersecurity.

In general, a system’s security posture degrades over time. For example, access permissions tend to expand over time. Similarly, the size and complexity of software tends to increase over time – leading to unintended/unrecognized interdependencies and system misconfigurations or under-configurations. Finally, discovery and knowledge of vulnerabilities in deployed software increases over time.

To combat this degradation, proactive security management is required, including continuous situational awareness, threat detection, integrity monitoring, software vulnerability mitigation (patching), periodic re-assessment of configurations, controls, and permissions (including penetration testing and red-teaming).

Properly managed and maintained, the combination of these approaches helps to ensure a reasonable defensive security posture over the operational life of the system, and thus provide the confidence and trust needed by humans living in the 21st century.

To learn more about how to assess and increase the security posture of your system download our free white paper below, Software Security By Design.