Systems Engineering and the Security Imperative INCOSE Las Vegas September 15-18 Rick Dove Chairman,...

Systems Engineering and the Security Imperative

INCOSELas Vegas

September 15-18

Rick Dove

Chairman, Agile Security Forum

(an open participation initiative in formative stage)

www/parshift.com/AgileSecurityForum

[email protected]

Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum

Security Strategy Elements

Policy: Goals, and principles governing how goals may be attained.

Procedure: Proscribed method for satisfying policy.

Practice: Implementation that carries out procedure.

Security Strategy Is...

a business system,

not a collection of vendor technologies.


Policy (Goals) Procedure (Methods) Practice (Execution) Principles - general and contextual expectations, and organizational behavior

Compliance

Risk level

Human behavior

Tradeoffs - risk vs user productivity

Controls - code quality assurance checks, audit trails, practice audits, personnel monitoring and validation, enforcements, etc

Process methodologies - Governance, disaster recovery, sys admin rules, hiring/firing rules, code quality rules, external organization interconnect, identity management, service level agreements, etc

Networks - internal and external infrastructure

Applications - software development, acquisition and life cycle management

Appliances - hardware/ software development, acquisition and life cycle management

Services – development, acquisition and life cycle management

Activities - procedure execution and management

Examples


Information Security - Today

The Facts Vulnerability – Increasing points and modes of

attack Threat – Increasing attackers and incidents Risk – Increasing value available for

compromise

The Result Time stolen by security measures is increasing Money invested in security measures is increasing Effectiveness and life-cycle of security measures are decreasing

ROI is Declining!


Security's Seven Ignorances of Reality

1. Human Behavior – Human error, whimsy, expediency, arrogance, ...

2. Organizational Behavior – Survival rules rule, nobody's in control, ...

3. Technology Pace – Accelerating vulnerability-introductions, ...

4. System Complexity – Incomprehensible, unintended consequences, ...

5. Globalization – Partners with different ethics, values, infrastructures, ...

6. Agile Enterprise – Outsourcing, on-demand, webservices, transparancy, ...

7. Agile Attackers – Distributed, collaborative, self organizing, proactive, ...

For 50 years of IT-progress,

management policy/procedure/practice

has followed behind ... patching potholes.


Maintaining Systems in Unstable States

Takes Constant Energy Input

Reality LandscapeOrg

Beh

avio

r

Hu

man

Beh

avio

r

Expecting or enforcing ideal and repetitive behavior ignores reality...and is not a substitute for Strategy

PenaltiesRegulation

LawsLitigation

RulesThreats

SecurityProcess

SecurityProcess

Att

acke

r B

ehav

ior

SP

SP

SP


A Rational Strategy Requires New Knowledge

A rational view of the problem:

Reality bites – what is its nature? The problem is bigger than technology – what is its nature? The situation is in constant flux – what is its nature?

A rational view of the solution:

You are compromised – now what? Situation in constant flux – what is proactive response-ability? Excellence – what is its nature?


ProblemAnalysisFrwks

Focus

Policy

Procedure

Practice

include

dealing with

RealityIssues

TechnologyPace

AgileEnterprise

HumanBehavior

SystemsComplexity

Globalization

OtgBehavior

AgileAttack

Community(Perhaps

More)

arising from

Problem AnalysisKnowledge Frameworks

Correction

Variation

Expansion

Creation

Improvement

Migraation

Reconfig-uration Modification

with reactivedomains of

with proactivedomains of

SituationAgility

Agile Security Forum Pathfinder Initiativewww/parshift.com/AgileSecurityForum

The Bite Problem Breadth Situation Flux


SolutionFitnessFrwks

ExcellencePrinciples

RequisiteVariety

Parsimony

Delight

include

of

AgilePrinciples

SelfContained

Units

PlugCompatibility

FacilitatedReuse

EvolvableFramework

ElasticCapacity

SelfOrganization

DeferredCommitment

DistributedCtrl & Info

Redundancy& Diversity

Peer-PeerInteraction

of

Solution FitnessKnowledge Frameworks

VulnerabilityAnticipation

Prudence

Transfor-mation

Detection

Containment

Mitigation

Threat/RiskAnticipation Assessment

with proactivedomains of

with reactivedomains of

RealityObjectives

Migration Recovery

Accountability(proactive)

Accountability (reactive)

Situation Flux Excellence Nature Assume Compromise

Agile Security Forum Pathfinder Initiativewww/parshift.com/AgileSecurityForum

[Rick Dove, Response Ability, Wiley 2001]


Excellence Principles – Strawman Framework

Requisite Variety Ashby's Law: "The larger the variety of actions available to a control

system, the larger the variety of perturbations it is able to compensate....variety must match variety."

Any effective system must be as agile as its environmental forces. Reality-compatible (rational) policy, procedure, and practice. Functional Quality.

Parsimony Occam's Razor: Given a choice between two ... choose the simplest. Unintended consequences are the result of complexity. Humans can only deal with 5-9 items simultaneously. Bounded rationality (Herb Simon). Reduces perceived Risk.

Delight Engenders feelings of Trust and Respect. Aesthetic Quality.


Reality Objectives - Strawman Framework

Proactive Principles

Vulnerability Anticipation – Identify/fix vulnerabilities before exploitation, sense indirect indicators of exploitation

Prudence – Correct vulnerabilities before exploitation

Transformation – Change randomly the elements/nature of security system

Threat/Risk Anticipation – Identify and counter threats and risks before exploitation

Migration – Continuous upgrade of security strategy and components

Accountability (Proactive) – Identify perpetrators with traps, glass houses, disinformation, etc, before damage

Reactive Principles

Detection – Detect intrusion and damage quickly

Containment – Minimize potential damage scope

Mitigation – Minimize potential damage magnitude

Assessment – Understand what has been damaged and how

Recovery – Repair damage quickly

Accountability (Reactive) – Identify the perpetrators forensically, after damage


Early Rational-Security Examples Buffer overflows – coders will create them, QA will miss them.

AMD Solution: New processors will stop them (shift point of focus). Access-rights to critical resources will be abused.

Military Solution: Two-person access required on critical elements. Credit Card Theft – eSites will make it easy to re-order.

SWA Solution: Retain the trivial info, don't retain the number. M&A interconnect will occur quickly.

Cisco(?) Solution: Strategic fast/phased/buffered integration process. Known vulnerabilities will exist in systems.

HP Solution: "Active Countermeasures" probe and remediate.Sygate Solution: Magellan product shows real-time network node states.

New virus/worm versions defy advance signature filtering.HP Solution: "Virus Throttle" detects infection-speed and stops it.Symantic Solution: "Generic Exploit Blocking" filters for vulnerability exploit-

pattern. Foreign equipment of contractors and employees needs network access.

Sygate solution: End-point, acceptable-equipment-condition access monitor.Anonymous solution: AV vendor sends updates to employee-equipment.

Many/complex/changing passwords – users will write them down.Dove Solution: write all into one strongly-encrypted user file.

Rogue employees will be bought or go postal.Mitigation: Assume penetration is a natural state and act accordingly.

Outsource Centers will become major opportunity targets.Mitigation: Security-level agreements, Compartmentalized hard/soft/wet-ware.


of

Methods& Controls

affecting

cause

This is a map summarizing concept relationships.It is not a flow chart or organizational structure.

Relationships are read downward along connecting lines.

SolutionProfile

PathfinderInitiative

augmentedwith

documented as

ParticipantValue

SituationProfile

OperatingModes

CommunityInvolvement

Plan

Pathfinder Initiative – Concept of Operations

BroadPursuit ofStrategy

RationalStrategyProfile

DeepEffectiveInsight

create

RationalPolicy

RationalPractices

RationalProcedures

with immediate guidance for

PreliminaryCommunity

Agenda

RefinedKnowledge

FrameworksForumStaff

KnowledgeDiscovery

provides

of

Technology& Activities

affecting

Expectations& Objectives

affecting

has

MarketValue

Roadmapfor Action

Wake UpCall

provides

of

RealProblems

RealPeople

RealTime

SolutionFitnessProfile

SituationReality

Analysis

PathfinderGroup

CommunityPreparation

CFO/HR/CIO/CSOCTO/Mkt

Users andDevelopers

Mediaand Research

Firms

Logistics,Planning andFacilitation

CommunityAwareness

DeliverableConstruction

conducted by

CurrentPersonalIssues

~9 Months

assistingcoordinating providing

of assisted by

representing

developing

of

with

working on

in

ManagementInitial

KnowledgeFrameworks

StructuredWorkshop

ProceduresMission

Accountability

with

DeliverablesMission

on

developed by

see detail maps

Agile Security Forum


Rational Security Strategy

A strategy that ignores realityis a loosing proposition.

Humans and organizations swim in reality,and naturally fight incompatibilities.

"Unintended consequences are inevitable. Nevertheless, we are responsible both for what we do and what we fail to do

with technology [and strategy]."

Quote from "Frankenstein Today" by Scott Yoderhttp://www.msu.edu/~marianaj/frank2.ppt

Pathfinder Initiative Participation Inquiries:[email protected]

Systems Engineering and the Security Imperative INCOSE Las Vegas September 15-18 Rick Dove Chairman,...

Documents

Transcript of Systems Engineering and the Security Imperative INCOSE Las Vegas September 15-18 Rick Dove Chairman,...