A Systems Security Engineering Approach · NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 9 Cyber...
Transcript of A Systems Security Engineering Approach · NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 9 Cyber...
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
NIST Special Publication 800-160, Volume 2
Developing Cyber Resilient SystemsA Systems Security Engineering Approach
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 2
The Current Landscape…
Today's systems are very brittle, rely on a one-dimensional protection strategy of penetration resistance, and are highly susceptible to devastating cyber-attacks.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 3
The adversaries are relentless.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 4
Exfiltrate information.Preposition malicious code.
Bring down capability.Create deception.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 5
§ Resilient Military Systems and the Advanced Cyber Threat
§ Cyber Supply Chain
§ Cyber Deterrence
Defense Science Board Reports
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 6
Defending cyberspace in 2020 and beyond.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 7
The Objective…
Expand the cyber aperture to a multi-dimensional protection strategy that includes developing damage limiting system architectures and cyber resilient systems.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 8
A New Paradigm…
Cyber resilient systems operate more like the human body than a traditional finite state computing machine.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 9
Cyber Resiliency Engineering
An emerging specialty systems engineering discipline, applied in conjunction with resilience
engineering and systems security engineering to develop survivable, trustworthy systems.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 10
Cyber Resiliency.
The ability to anticipate, withstand, recover from, and adapt to adverse conditions,
stresses, attacks, or compromises on systems that use or are enabled by cyber resources.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 11
Cyber resiliency relationships with other specialty engineering disciplines.
Reliability
Fault Tolerance
Privacy
Security Safety
Resilience and Survivability
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
Reducing susceptibility to cyber threats requires a multidimensional strategy.
SystemHarden the
targetFirst Dimension
Limit damage to the target
Second Dimension
Make the target resilient
Third Dimension
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 13
§ Business or mission analysis§ Stakeholder needs and requirements definition§ System requirements definition§ Architecture definition§ Design definition§ System analysis§ Implementation§ Integration
§ Verification§ Transition
§ Validation§ Operation
§ Maintenance§ Disposal
ISO/IEC/IEEE 15288:2015Systems and software engineering — System life cycle processes
NISTSP 800-160 Volume 1
Cyber Resiliency and Security in the System Life Cycle.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 14
Cyber Resiliency Constructs…
• Goals• Objectives• Sub-Objectives• Techniques• Approaches• Strategic Design Principles• Structural Design Principles
Updated DefinitionsSP 800-160Volume 2
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 15
Systems Security
Engineering
Risk Management Framework
Bridging Two Communities…
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 16
Relationship Among Cyber Resiliency Constructs…
RISK MANAGEMENT STRATEGY
Organizational LevelMission/Business
Process LevelSystem Level
Prog
ram
mat
ic
WhatWhy
STRATEGIC DESIGN PRINCIPLES
Inform selection and prioritization
Selection, prioritization, and application informed by programmatic, operational, and technical considerations, including threat considerations.
TECHNIQUES
STRUCTURAL DESIGN PRINCIPLES
OBJECTIVESUnderstandPrevent/AvoidPrepareContinueConstrainReconstituteTransformRe-architect
Can be further decomposed into sub-objectives and capabilities.
GOALSAnticipateWithstandRecoverAdapt
Inform selection and prioritization
Interpret, determine priorities of, and define strategies for achieving
Inform selection and prioritization
APPROACHES
How
Inform selection and prioritization
CYBER RESILIENCY SOLUTION
Linkage of constructs
captured in a series of tables
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 17
Coverage Analysis
• Provides a mapping of the NSA/CSS Technical Cyber Threat Framework (NTCTF) against the cyber resiliency techniques and approaches.– Each of the 21 NTCTF adversary objectives is mapped
against each of the 48 cyber resiliency approaches.– Illustrates how cyber resiliency techniques and
approaches can affect threat events using the NTCTF.– Mapping identifies which, if any, of 15 effects on the
adversary are applicable.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 18
Sample Coverage Analysis
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 19
Use Cases
• Provides several cyber resiliency use cases.– Self-driving car — Enterprise IT — Campus micro-grid
• Discusses representative situations in which cyber resiliency is considered by systems security engineering.
• Shows how cyber resiliency concepts and constructs can be interpreted and applied to that situation.
• Illustrates how cyber resiliency solutions can be defined or how specific solutions can be applied.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 20
Real World Example: Ukraine Power Grid Attack
For each step of attack, identifies potential cyber
resiliency mitigations and representative
technologies.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 21
NIST Special Publication 800-160, Volume 2
Developing Cyber Resilient SystemsA Systems Security Engineering Approach
Final Public DraftComment Period: September 4 through November 1
Comments to: [email protected]
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 22
100 Bureau Drive Mailstop 7770Gaithersburg, MD USA 20899-7770
Email [email protected] 301.651.5083
LinkedIn Twitterwww.linkedin.com/in/ronrossecure @ronrossecure
Web Commentscsrc.nist.gov [email protected]