Systems Engineering and the Security Imperative

Download Report

Transcript Systems Engineering and the Security Imperative 

Systems Engineering and the Security Imperative
INCOSE
Las Vegas
September 15-18
Rick Dove
Chairman, Agile Security Forum
(an open participation initiative in formative stage)
www/parshift.com/AgileSecurityForum
[email protected]
Security Strategy Elements
Policy:
Goals, and principles governing how goals may be attained.
Procedure:
Proscribed method for satisfying policy.
Practice:
Implementation that carries out procedure.
Security Strategy Is...
a business system,
not a collection of vendor technologies.
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Attributed Copies Permitted
Examples
Policy (Goals)
Procedure (Methods)
Practice (Execution)
Principles - general and Controls - code quality
contextual expectations,
assurance checks, audit
and organizational
trails, practice audits,
behavior
personnel monitoring and
validation, enforcements,
Compliance
etc
Networks - internal and
external infrastructure
Risk level
Appliances - hardware/
software development,
acquisition and life cycle
management
Human behavior
Tradeoffs - risk vs user
productivity
Process methodologies Governance, disaster
recovery, sys admin rules,
hiring/firing rules, code
quality rules, external
organization interconnect,
identity management,
service level agreements,
etc
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Applications - software
development, acquisition and
life cycle management
Services – development,
acquisition and life cycle
management
Activities - procedure
execution and management
Attributed Copies Permitted
Information Security - Today
The Facts
 Vulnerability – Increasing points and modes of attack
 Threat
– Increasing attackers and incidents
 Risk
– Increasing value available for compromise
The Result
 Time stolen by security measures is increasing
 Money invested in security measures is increasing
 Effectiveness and life-cycle of security measures are decreasing
ROI is Declining!
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Attributed Copies Permitted
Security's Seven Ignorances of Reality
1. Human Behavior – Human error, whimsy, expediency, arrogance, ...
2. Organizational Behavior – Survival rules rule, nobody's in control, ...
3. Technology Pace – Accelerating vulnerability-introductions, ...
4. System Complexity – Incomprehensible, unintended consequences, ...
5. Globalization – Partners with different ethics, values, infrastructures, ...
6. Agile Enterprise – Outsourcing, on-demand, webservices, transparancy, ...
7. Agile Attackers – Distributed, collaborative, self organizing, proactive, ...
For 50 years of IT-progress,
management policy/procedure/practice
has followed behind ... patching potholes.
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Attributed Copies Permitted
Maintaining Systems
in Unstable States
Takes Constant Energy Input
Security
Process
SP
Attacker
Behavior
SP
Penalties
Regulation
Laws
Litigation
Rules
Threats
Reality Landscape
Expecting or enforcing ideal and repetitive behavior ignores reality...
and is not a substitute for Strategy
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Attributed Copies Permitted
A Rational Strategy Requires New Knowledge
A rational view of the problem:
 Reality bites – what is its nature?
 The problem is bigger than technology – what is its nature?
 The situation is in constant flux – what is its nature?
A rational view of the solution:
 You are compromised – now what?
 Situation in constant flux – what is proactive response-ability?
 Excellence – what is its nature?
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Attributed Copies Permitted
Problem
Analysis
Frwks
include
Problem Analysis
Knowledge Frameworks
Agile Security Forum Pathfinder Initiative
www/parshift.com/AgileSecurityForum
Reality
Issues
Focus
Situation
Agility
arising from
dealing with
with reactive
domains of
with proactive
domains of
Technology
Pace
Systems
Complexity
Policy
Correction
Creation
Agile
Enterprise
Globalization
Procedure
Variation
Improvement
Human
Behavior
Otg
Behavior
Practice
Expansion
Migraation
Agile
Attack
Community
(Perhaps
More)
Reconfiguration
Modification
The Bite
Problem Breadth
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Situation Flux
Attributed Copies Permitted
Solution
Fitness
Frwks
include
Solution Fitness
Knowledge Frameworks
Agile Security Forum Pathfinder Initiative
www/parshift.com/AgileSecurityForum
Agile
Principles
Excellence
Principles
of
of
with proactive
domains of
with reactive
domains of
Reality
Objectives
Self
Contained
Units
Evolvable
Framework
Requisite
Variety
Vulnerability
Anticipation
Detection
Plug
Compatibility
Elastic
Capacity
Parsimony
Prudence
Containment
Facilitated
Reuse
Self
Organization
Delight
Transformation
Mitigation
Deferred
Commitment
Distributed
Ctrl & Info
Threat/Risk
Anticipation
Assessment
Redundancy
& Diversity
Peer-Peer
Interaction
Migration
Recovery
Accountability
Accountability
[Rick Dove, Response Ability, Wiley 2001]
(proactive)
Situation Flux
Excellence Nature
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
(reactive)
Assume Compromise
Attributed Copies Permitted
Excellence Principles – Strawman Framework
Requisite Variety
 Ashby's Law: "The larger the variety of actions available to a control
system, the larger the variety of perturbations it is able to
compensate....variety must match variety."
 Any effective system must be as agile as its environmental forces.
 Reality-compatible (rational) policy, procedure, and practice.
 Functional Quality.
Parsimony
 Occam's Razor: Given a choice between two ... choose the simplest.
 Unintended consequences are the result of complexity.
 Humans can only deal with 5-9 items simultaneously.
 Bounded rationality (Herb Simon).
 Reduces perceived Risk.
Delight
 Engenders feelings of Trust and Respect.
 Aesthetic Quality.
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Attributed Copies Permitted
Reality Objectives - Strawman Framework
Reactive Principles
Detection – Detect intrusion and
damage quickly
Proactive Principles
Containment – Minimize potential
damage scope
Vulnerability Anticipation – Identify/fix
vulnerabilities before exploitation, sense
indirect indicators of exploitation
Prudence – Correct vulnerabilities before
exploitation
Mitigation – Minimize potential
damage magnitude
Transformation – Change randomly the
elements/nature of security system
Assessment – Understand what has
been damaged and how
Threat/Risk Anticipation – Identify and
counter threats and risks before exploitation
Recovery – Repair damage quickly
Migration – Continuous upgrade of security
strategy and components
Accountability (Reactive) – Identify
the perpetrators forensically, after
damage
Accountability (Proactive) – Identify
perpetrators with traps, glass houses,
disinformation, etc, before damage
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Attributed Copies Permitted
Early Rational-Security Examples
 Buffer overflows – coders will create them, QA will miss them.
AMD Solution: New processors will stop them (shift point of focus).
 Access-rights to critical resources will be abused.
Military Solution: Two-person access required on critical elements.
 Credit Card Theft – eSites will make it easy to re-order.
SWA Solution: Retain the trivial info, don't retain the number.
 M&A interconnect will occur quickly.
Cisco(?) Solution: Strategic fast/phased/buffered integration process.
 Known vulnerabilities will exist in systems.
HP Solution: "Active Countermeasures" probe and remediate.
Sygate Solution: Magellan product shows real-time network node states.
 New virus/worm versions defy advance signature filtering.
HP Solution: "Virus Throttle" detects infection-speed and stops it.
Symantic Solution: "Generic Exploit Blocking" filters for vulnerability exploit-pattern.
 Foreign equipment of contractors and employees needs network access.
Sygate solution: End-point, acceptable-equipment-condition access monitor.
Anonymous solution: AV vendor sends updates to employee-equipment.
 Many/complex/changing passwords – users will write them down.
Dove Solution: write all into one strongly-encrypted user file.
 Rogue employees will be bought or go postal.
Mitigation: Assume penetration is a natural state and act accordingly.
 Outsource Centers will become major opportunity targets.
Mitigation: Security-level agreements, Compartmentalized hard/soft/wet-ware.
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Attributed Copies Permitted
Agile Security Forum
Pathfinder Initiative – Concept of Operations
This is a map summarizing concept relationships.
It is not a flow chart or organizational structure.
Relationships are read downward along connecting lines.
Pathfinder
Initiative
provides
Market
Value
create
Rational
Strategy
Profile
Roadmap
for Action
provides
Operating
Modes
Mission
of
Wake Up
Call
has
cause
Broad
Pursuit of
Strategy
developed by
Participant
Value
documented as
of
Situation
Profile
of
Knowledge
Discovery
Deliverables
Community
Preparation
Solution
Profile
augmented
with
Deep
Effective
Insight
with immediate
guidance for
Pathfinder
Preliminary
Refined
Group assisted by
conducted by
Community
Knowledge
Media
Agenda
Frameworks
Users and
Forum
with
and
Research
Community
Developers
Staff
Firms
Involvement
Real
Rational
Rational
Plan
Procedures
Practices
representing People
assistingcoordinating providing
Rational
CFO/HR/
working on
affecting Policy affecting
CIO/CSO
CTO/Mkt
Logistics,
Real
Deliverable Community
Methods
Technology
Planning
and
developing Problems
Construction Awareness
&
Controls
&
Activities
Facilitation
Situation
in
with
affecting
Reality
Analysis
Structured
Initial
Real
Mission
Expectations
Workshop
Knowledge
Time
Accountability Procedures Frameworks Management
& Objectives
of
on
Current
Personal
see detail maps
Issues
of
Solution
Fitness
Profile
~9 Months
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Attributed Copies Permitted
Rational Security Strategy
A strategy that ignores reality
is a loosing proposition.
Humans and organizations swim in reality,
and naturally fight incompatibilities.
"Unintended consequences are inevitable. Nevertheless,
we are responsible both for what we do and what we fail to do
with technology [and strategy]."
Pathfinder Initiative Participation Inquiries:
[email protected]
Quote from "Frankenstein Today" by Scott Yoder
http://www.msu.edu/~marianaj/frank2.ppt
© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Attributed Copies Permitted