Voting
?What about new design for our website
- Excellent
- Very Good
- Good
Voting Number 1647
- Joint Operations Commander Meets Head of Center for the Planning and Conduct of Operations in France
- EDGE Signs Agreement with PT Pindad for Ammunition Production Line
- Joint Operations Commander meets with Italian Chief of Defence Staff, Commander of Space Operations in Italy
- RTX extends support for ADU Undergraduate Research and Innovation Competition through 2024 and 2025
- Joint Operations Commander meets with Italian top brass during official visit to Italy
- The commander of Joint Operations meets with the Iranian Military liaison officer
- Birds of Goodness executes 49th humanitarian aid airdrop in north Gaza
- Hamdan bin Mohammed attends celebration marking 48th anniversary of Armed Forces Unification
- Birds of Goodness executes 48th humanitarian aid airdrop in north Gaza
- EDGE is fully committed to supporting the UAE Armed Forces
- Lockheed Martin Congratulates the UAE's Leadership for Their Visionary Approach to Security and Stability
- Saab's Continued Commitment to the UAE's Defence Vision
- 'Birds of Goodness' executes 47th humanitarian aid airdrop in north Gaza
- 'Birds of Goodness' executes 46th humanitarian aid airdrop in north Gaza
- 'Birds of Goodness' executes 45th humanitarian aid airdrop in north Gaza
- RTX’s Pratt & Whitney awarded $65.8 million F100 engine maintenance contract for Saudi Arabia’s F-15s
- Lockheed Martin Successfully Transitions Long Range Discrimination Radar To The Missile Defense Agency
- Patria and Kongsberg to Deliver Remote Weapon Stations to Sweden and Finland
- Raytheon’s LTAMDS Detects and Engages Complex Targets
- Saab Secures Order for Sensor Suite for German Eurofighters
2020-03-01
Cybersecurity by Design:Built-In Protection From the Outset
In today’s digitised world, the demand for improved security has risen in line with the increased risk of cyberattacks. Cybersecurity is now built more from the start of the product life cycle rather than in response to emerging problems with costly solutions.
Cybersecurity by design is like an architect drawing up plans for a building as the main security features are there from the outset and software incorporating them is similar to safety-oriented software development. Here the operational behaviour of software must be as deterministic as possible to minimise or eliminate unforeseen behaviour through very high quality development standards applied to every phase of the development cycle.
By covering the entire software development cycle, including peripheral activities such as configuration management and qualification of testing tools, developers’ errors may be intercepted before the system is placed into service. However, primary responses from software development teams activities can be negative and unpopular in relation to safety and security because they are frequently viewed as obstacles to productivity.
Particular attention should therefore be paid to training, raising the awareness of development teams to emphasise the key issues associated with such critical systems, ensuring compliance with the associated development processes. It is the specification phase that is key in the design of a new system where the same generic questions must be addressed in terms of security and safety but from different perspectives in the application of a sequenced risk analysis. For both safety and security, the later the risk analysis is carried out in the development process, the greater the impact on system design, and therefore, cost.
Necessity of Diverse Implementation
Safety and security have a major impact on the design and development costs of a new system when the concept of diversity is applied. The resulting design choices commonly involve the implementation of two systems performing the same function but developed by different teams using different programming languages.
This approach is designed to prevent identical bugs and flaws from occurring in the two systems, preventing a hack or failure on one system from being reproduced in identical fashion on the other system. One example of this diversity would be the installation of two firewalls in series to protect infrastructure, each coming from a different supplier.
In the domain of safety, the principle of redundant systems can meet the single failure criterion and satisfy availability objectives where, for example, all of the critical systems onboard an aircraft (autopilot, navigation systems etc.) are designed with inbuilt redundancy. In cybersecurity, redundancy is used to protect against denial-of-service attacks on security services, albeit to a lesser extent.
In another scenario, multiple servers may be deployed to provide backup where a single server is vulnerable to attack, so ensuring that a service continues to be available even after damage. Here, protection is provided by replicating system components such as communication lines and data storage facilities.
In the event of an attack, if security measures are not incorporated at an early stage, they can end up costing 10 or 15 times more. This failure can cause significant reputational damage, as underlined by Alexandre Bouteille, Technical Director of Critical Information Systems and Cybersecurity for Thales.
“There is a very strong analogy between cybersecurity and safety, meaning the protection of equipment and people against unintentional damage,” says Bouteille. “While there’s no such thing as zero risk in the digital world, nor in the safety critical systems sector, risk analysis is essential and integrating security from the start is a must-have. Otherwise, major problems can arise.”
Graduated and Proportionate Approach
In a world that is increasingly fast moving and ever more connected, cybersecurity is the key to successful “digital transformation”. Inspired by safety practices in domains like aerospace or nuclear power, Bouteille advocates a “graduated and proportionate” approach where protection measures are designed for the level of consequences and probability of an incident.
Beyond banks and military defence cybersecurity is now applied to all sectors, such as healthcare and e-commerce organisations, looking to protect their data and digital assets. Bouteille emphasises that demand will continue growing as the Internet of Things (IoT) creates a significant increase in the demand for secure connected objects.
“Cyberattacks often exploit software, behaving in an unexpected or non-specified way to gain entry to a system. One of the objectives of secure development is. Therefore, to ensure that programmes behave exactly and only as planned”, explains Bouteille, giving the following formula: “No digital transformation without trust. No trust without cyber security.”
One characteristic of cybersecurity is the need to maintain a secure level of protection over time. Since the acquisition of Gemalto, Thales especially is well-positioned to design systems that meet customers' needs precisely.
“Since new vulnerabilities may appear during the software lifecycle, one major requirement is to integrate secure and effortless update capabilities. In addition, Artificial Intelligence is increasingly being used to detect abnormal behaviour and flag anomalies as possible attacks. We can offer solutions that fully understand what our customers need, and which deliver the most suitable and tailored solution,” assures Bouteille.”
Reference Text/Photo:
Visitors Comments
Related Topics
.
No Comments