Title: Systems Engineering and the Security Imperative
1Systems Engineering and the Security Imperative
- INCOSELas VegasSeptember 15-18
- Rick Dove
- Chairman, Agile Security Forum
- (an open participation initiative in formative
stage) -
- www/parshift.com/AgileSecurityForum
- SecurityForum_at_parshift.com
2Security Strategy Elements
-
- Policy Goals, and principles governing how
goals may be attained. - Procedure Proscribed method for satisfying
policy. - Practice Implementation that carries out
procedure.
Security Strategy Is... a business
system, not a collection of vendor technologies.
3Examples
4Information Security - Today
- The Facts
- Vulnerability Increasing points and modes of
attack - Threat Increasing attackers and incidents
- Risk Increasing value available for compromise
- The Result
- Time stolen by security measures is increasing
- Money invested in security measures is increasing
- Effectiveness and life-cycle of security measures
are decreasing - ROI is Declining!
5Security's Seven Ignorances of Reality
- Human Behavior Human error, whimsy, expediency,
arrogance, ... - Organizational Behavior Survival rules rule,
nobody's in control, ... - Technology Pace Accelerating vulnerability-intro
ductions, ... - System Complexity Incomprehensible, unintended
consequences, ... - Globalization Partners with different ethics,
values, infrastructures, ... - Agile Enterprise Outsourcing, on-demand,
webservices, transparancy, ... - Agile Attackers Distributed, collaborative,
self organizing, proactive, ...
For 50 years of IT-progress, management
policy/procedure/practice has followed behind ...
patching potholes.
6Maintaining Systems in Unstable StatesTakes
Constant Energy Input
Security Process
Human Behavior
Security Process
Laws Litigation
Penalties Regulation
Rules Threats
Org Behavior
Reality Landscape
Expecting or enforcing ideal and repetitive
behavior ignores reality... and is not a
substitute for Strategy
7A Rational Strategy Requires New Knowledge
- A rational view of the problem
- Reality bites what is its nature?
- The problem is bigger than technology what is
its nature? - The situation is in constant flux what is its
nature? - A rational view of the solution
- You are compromised now what?
- Situation in constant flux what is proactive
response-ability? - Excellence what is its nature?
8Problem AnalysisKnowledge Frameworks
Problem Analysis Frwks
Agile Security Forum Pathfinder
Initiative www/parshift.com/AgileSecurityForum
include
Focus
Reality Issues
Situation Agility
dealing with
with reactive domains of
with proactive domains of
arising from
Policy
Technology Pace
Systems Complexity
Correction
Creation
Procedure
Agile Enterprise
Globalization
Variation
Improvement
Practice
Human Behavior
Otg Behavior
Expansion
Migraation
Agile Attack Community
(Perhaps More)
Reconfig- uration
Modification
The Bite
Problem Breadth
Situation Flux
9Solution FitnessKnowledge Frameworks
Solution Fitness Frwks
Agile Security Forum Pathfinder
Initiative www/parshift.com/AgileSecurityForum
include
Excellence Principles
Agile Principles
Reality Objectives
of
with proactive domains of
with reactive domains of
of
Requisite Variety
Self Contained Units
Evolvable Framework
Vulnerability Anticipation
Detection
Parsimony
Plug Compatibility
Elastic Capacity
Prudence
Containment
Delight
Facilitated Reuse
Self Organization
Transfor- mation
Mitigation
Deferred Commitment
Distributed Ctrl Info
Threat/Risk Anticipation
Assessment
Redundancy Diversity
Peer-Peer Interaction
Migration
Recovery
Rick Dove, Response Ability, Wiley 2001
Accountability
Accountability
(proactive)
(reactive)
Situation Flux
Excellence Nature
Assume Compromise
10Excellence Principles Strawman Framework
- Requisite Variety
- Ashby's Law "The larger the variety of actions
available to a control system, the larger the
variety of perturbations it is able to
compensate....variety must match variety." - Any effective system must be as agile as its
environmental forces. - Reality-compatible (rational) policy, procedure,
and practice. - Functional Quality.
- Parsimony
- Occam's Razor Given a choice between two ...
choose the simplest. - Unintended consequences are the result of
complexity. - Humans can only deal with 5-9 items
simultaneously. - Bounded rationality (Herb Simon).
- Reduces perceived Risk.
- Delight
- Engenders feelings of Trust and Respect.
- Aesthetic Quality.
11Reality Objectives - Strawman Framework
Proactive Principles Vulnerability Anticipation
Identify/fix vulnerabilities before
exploitation, sense indirect indicators of
exploitation Prudence Correct vulnerabilities
before exploitation Transformation Change
randomly the elements/nature of security system
Threat/Risk Anticipation Identify and counter
threats and risks before exploitation Migration
Continuous upgrade of security strategy and
components Accountability (Proactive) Identify
perpetrators with traps, glass houses,
disinformation, etc, before damage
Reactive Principles Detection Detect
intrusion and damage quickly Containment
Minimize potential damage scope Mitigation
Minimize potential damage magnitude Assessment
Understand what has been damaged and how
Recovery Repair damage quickly
Accountability (Reactive) Identify the
perpetrators forensically, after damage
12Early Rational-Security Examples
- Buffer overflows coders will create them, QA
will miss them. AMD Solution New processors
will stop them (shift point of focus). - Access-rights to critical resources will be
abused. Military Solution Two-person access
required on critical elements. - Credit Card Theft eSites will make it easy to
re-order. SWA Solution Retain the trivial info,
don't retain the number. - MA interconnect will occur quickly. Cisco(?)
Solution Strategic fast/phased/buffered
integration process. - Known vulnerabilities will exist in systems. HP
Solution "Active Countermeasures" probe and
remediate. Sygate Solution Magellan product
shows real-time network node states. - New virus/worm versions defy advance signature
filtering. HP Solution "Virus Throttle" detects
infection-speed and stops it. Symantic Solution
"Generic Exploit Blocking" filters for
vulnerability exploit-pattern. - Foreign equipment of contractors and employees
needs network access. Sygate solution
End-point, acceptable-equipment-condition access
monitor. Anonymous solution AV vendor sends
updates to employee-equipment. - Many/complex/changing passwords users will
write them down. Dove Solution write all into
one strongly-encrypted user file. - Rogue employees will be bought or go
postal. Mitigation Assume penetration is a
natural state and act accordingly. - Outsource Centers will become major opportunity
targets. Mitigation Security-level agreements,
Compartmentalized hard/soft/wet-ware.
13Agile Security Forum
Pathfinder Initiative Concept of Operations
This is a map summarizing concept
relationships. It is not a flow chart or
organizational structure. Relationships are read
downward along connecting lines.
Pathfinder Initiative
provides
has
provides
Participant Value
Operating Modes
Market Value
Deliverables
Mission
cause
documented as
create
of
of
Solution Profile
Situation Profile
Broad Pursuit of Strategy
Rational Strategy Profile
Deep Effective Insight
Roadmap for Action
Wake Up Call
of
augmented with
with immediate guidance for
Knowledge Discovery
Community Preparation
developed by
Pathfinder Group
Preliminary Community Agenda
Refined Knowledge Frameworks
conducted by
of
assisted by
Forum Staff
Users and Developers
Media and Research Firms
with
Community Involvement Plan
Rational Practices
Rational Procedures
Real People
assisting
coordinating
providing
representing
Rational Policy
CFO/HR/ CIO/CSO CTO/Mkt
affecting
affecting
working on
Methods Controls
Technology Activities
Real Problems
Logistics, Planning and Facilitation
Community Awareness
Deliverable Construction
developing
Solution Fitness Profile
Situation Reality Analysis
affecting
in
with
Expectations Objectives
Real Time
Management
Initial Knowledge Frameworks
Structured Workshop Procedures
Mission Accountability
of
on
Current Personal Issues
9 Months
see detail maps
14Rational Security Strategy
- A strategy that ignores reality
- is a loosing proposition.
- Humans and organizations swim in reality,
- and naturally fight incompatibilities.
- "Unintended consequences are inevitable.
Nevertheless, we are responsible both for what
we do and what we fail to dowith technology and
strategy."
Pathfinder Initiative Participation
Inquiries AgilityForum_at_parshift.com
Quote from "Frankenstein Today" by Scott
Yoder http//www.msu.edu/marianaj/frank2.ppt