The detailed requirements for conditions for cybersecurity is described by three principles: rooted in hardware, trusting layers of software, and autonomous posture, which have been described in other posts. To provide effective cybersecurity, all three of these principles must be designed into an application or system from the start. Only complete use of the above principles can ensure the trustworthiness of a system. Piecemeal use of these principles, where most of the software is trusted but some layers are not, is likely to leave gaps of uncertainty in the system that may create vulnerabilities to cyberattack. Modern applications are typically large and highly complicated, often with hundreds of classes, thousands of methods or functions, and hundreds of thousands of lines of code. Therefore, only careful analysis and design of required and allowed functionality, and just as importantly, unallowed functionality, will result in an application that is highly secure against cyberattack.
Each application is designed in a manner to achieve certain, desired goals. That design becomes integral to the identity and operation of the application. So much so, that any significant change to the design also significantly changes the application or system, and may require a redevelopment of the entire system. Imposing the above cybersecurity principles is tantamount to making basic and integral design decisions for an application. In the process of designing for cybersecurity, the application will undergo significant changes from the operational design alone, to achieve the goals stated above.
Such changes are generally out of question for large legacy applications and systems due to the costly effort to implement the changes needed, and the side effects on other systems and components that interface with the system. Instead, an effort to patch or wrap an existing application or system with a new cybersecurity approach is often tried, leaving the original application or system largely intact. The hope is that most of the benefits of the new techniques will be realized while the impact and costs are minimized. Unfortunately, these efforts can never be completely true to the intent and execution of the above cybersecurity principles. The result is a system with some of the characteristics of a security system, but not one that provides comprehensive security for the system. In terms of cybersecurity, the system thus produced will have many omissions and behaviors that diverge from the desired cybersecurity goals for the system. In the patched system, the total number of vulnerabilities may be fewer than in the original system, but the cybersecurity will not come close to what would be possible by designing the systems with the above principles from the start as part of the base requirements.
In a sense, cybersecurity is an all-or-nothing proposition, that behooves taking the maximal effort to secure a system simply because the next vulnerability is completely unknown. A system that is 90% secure is not much different than a system that is 20% secure. That additional 10% that is left unprotected will quickly be found by the advanced cyberattacker. What is needed is 99.999% secure, so that the attacker has to dedicate months or years of effort to just have the potential of finding a vulnerability. That effort will be so costly that the attacker is most likely to try another route to compromise the system.
At Cognoscenti Systems we have applied the above principles in designing our ControlMQ™ secure communications product for controls in order to achieve the highest level of network security for controls available. Find out more at: Cognoscenti Systems