NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

NIST Special Publication 800-160, Volume 2

Developing Cyber Resilient SystemsA Systems Security Engineering Approach

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 2

The Current Landscape…

Today's systems are very brittle, rely on a one-dimensional protection strategy of penetration resistance, and are highly susceptible to devastating cyber-attacks.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 3

The adversaries are relentless.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 4

Exfiltrate information.Preposition malicious code.

Bring down capability.Create deception.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 5

§ Resilient Military Systems and the Advanced Cyber Threat

§ Cyber Supply Chain

§ Cyber Deterrence

Defense Science Board Reports

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 6

Defending cyberspace in 2020 and beyond.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 7

The Objective…

Expand the cyber aperture to a multi-dimensional protection strategy that includes developing damage limiting system architectures and cyber resilient systems.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 8

A New Paradigm…

Cyber resilient systems operate more like the human body than a traditional finite state computing machine.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 9

Cyber Resiliency Engineering

An emerging specialty systems engineering discipline, applied in conjunction with resilience

engineering and systems security engineering to develop survivable, trustworthy systems.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 10

Cyber Resiliency.

The ability to anticipate, withstand, recover from, and adapt to adverse conditions,

stresses, attacks, or compromises on systems that use or are enabled by cyber resources.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 11

Cyber resiliency relationships with other specialty engineering disciplines.

Reliability

Fault Tolerance

Privacy

Security Safety

Resilience and Survivability

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Reducing susceptibility to cyber threats requires a multidimensional strategy.

SystemHarden the

targetFirst Dimension

Limit damage to the target

Second Dimension

Make the target resilient

Third Dimension

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 13

§ Business or mission analysis§ Stakeholder needs and requirements definition§ System requirements definition§ Architecture definition§ Design definition§ System analysis§ Implementation§ Integration

§ Verification§ Transition

§ Validation§ Operation

§ Maintenance§ Disposal

ISO/IEC/IEEE 15288:2015Systems and software engineering — System life cycle processes

NISTSP 800-160 Volume 1

Cyber Resiliency and Security in the System Life Cycle.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 14

Cyber Resiliency Constructs…

• Goals• Objectives• Sub-Objectives• Techniques• Approaches• Strategic Design Principles• Structural Design Principles

Updated DefinitionsSP 800-160Volume 2

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 15

Systems Security

Engineering

Risk Management Framework

Bridging Two Communities…

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 16

Relationship Among Cyber Resiliency Constructs…

RISK MANAGEMENT STRATEGY

Organizational LevelMission/Business

Process LevelSystem Level

Prog

ram

mat

ic

WhatWhy

STRATEGIC DESIGN PRINCIPLES

Inform selection and prioritization

Selection, prioritization, and application informed by programmatic, operational, and technical considerations, including threat considerations.

TECHNIQUES

STRUCTURAL DESIGN PRINCIPLES

OBJECTIVESUnderstandPrevent/AvoidPrepareContinueConstrainReconstituteTransformRe-architect

Can be further decomposed into sub-objectives and capabilities.

GOALSAnticipateWithstandRecoverAdapt

Inform selection and prioritization

Interpret, determine priorities of, and define strategies for achieving

Inform selection and prioritization

APPROACHES

How

Inform selection and prioritization

CYBER RESILIENCY SOLUTION

Linkage of constructs

captured in a series of tables

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 17

Coverage Analysis

• Provides a mapping of the NSA/CSS Technical Cyber Threat Framework (NTCTF) against the cyber resiliency techniques and approaches.– Each of the 21 NTCTF adversary objectives is mapped

against each of the 48 cyber resiliency approaches.– Illustrates how cyber resiliency techniques and

approaches can affect threat events using the NTCTF.– Mapping identifies which, if any, of 15 effects on the

adversary are applicable.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 18

Sample Coverage Analysis

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 19

Use Cases

• Provides several cyber resiliency use cases.– Self-driving car — Enterprise IT — Campus micro-grid

• Discusses representative situations in which cyber resiliency is considered by systems security engineering.

• Shows how cyber resiliency concepts and constructs can be interpreted and applied to that situation.

• Illustrates how cyber resiliency solutions can be defined or how specific solutions can be applied.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 20

Real World Example: Ukraine Power Grid Attack

For each step of attack, identifies potential cyber

resiliency mitigations and representative

technologies.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 21

NIST Special Publication 800-160, Volume 2

Developing Cyber Resilient SystemsA Systems Security Engineering Approach

Final Public DraftComment Period: September 4 through November 1

Comments to: sec-cert@nist.gov

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 22

100 Bureau Drive Mailstop 7770Gaithersburg, MD USA 20899-7770

Email Mobileron.ross@nist.gov 301.651.5083

LinkedIn Twitterwww.linkedin.com/in/ronrossecure @ronrossecure

Web Commentscsrc.nist.gov sec-cert@nist.gov