Cyber Engineering Community

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

Patrick, Thanks for your feedback. Good point. I suggest that we amend principles 3 and 6 as follows: 

3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats, user needs and assessed risks.

6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, regulatory requirements and risk appetite.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.