Cyber Engineering Community

 View Only
  • 1.  Cyber Engineering Principles

    Posted 07-02-2023 02:12 PM
    The Cyber Engineering Working Group has developed a set of Principles for Cyber Engineering which are intended to cove all engineers involved in Cyber across all disciplines. The principles are set out below. Members views on the principles are welcomed.

    CYBER ENGINEERING PRINCIPLES

    1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.

    2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.

    3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.

    4. Tailor engineering processes and standards to system complexity and security needs.

    5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.

    6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.

    7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.

    8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.

    9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.

    10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.

    11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.

    12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).

    13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.

    14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.

    15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.

    16. Implement security measures through a layered multifactored approach.

    17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

     

     



    ------------------------------
    Shireane McKinnie
    ------------------------------


  • 2.  RE: Cyber Engineering Principles

    Posted 07-02-2023 08:28 PM
    Given that limited resources will exist to address cybersecurity issues, a risk-based decision-making framework is required to prioritize which risks are to be addressed and which will be accepted.

    --
    Best regards,


    Patrick Berry
    m: 0458 278 449





  • 3.  RE: Cyber Engineering Principles

    Posted 09-02-2023 02:46 PM

    Patrick, Thanks for your feedback. Good point. I suggest that we amend principles 3 and 6 as follows: 

    3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats, user needs and assessed risks.

    6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, regulatory requirements and risk appetite.



    ------------------------------
    Shireane McKinnie
    ------------------------------



  • 4.  RE: Cyber Engineering Principles

    Posted 16-02-2023 09:36 AM

    Hi all, excited to see some conversation in here. I think this is a comprehensive set of principles.

    For item 17. I think support and maintenance should include the need to test the appropriateness of controls once it is in operation. As an engineer I focus a lot of my effort in the design, validation and verification. However with IT systems, sometimes things can just stop working whilst they are in operation due to various external factors. 

    This can be huge burden on organisations if we test everything, so it is important to apply a risk-based decision-making framework to prioritise where the most likely attack surfaces are and test those controls are appropriate on regular basis (i.e. penetration testing). 



    ------------------------------
    Olivia Leung
    ------------------------------



  • 5.  RE: Cyber Engineering Principles

    Posted 19-02-2023 01:36 AM

    This is a solid piece of work. I would say though that 17 principles sound like a long list - it is difficult to remember so many items. Have there been any thoughts about how those 17 principles could be structured or grouped to ease their understanding?

    Principles 1 and 2 appear to be "core" statements and not limited to cyber only, just normal engineering practices. Could they be combined? Principle 1 says basically that a systematic approach should be applied and then generally this is achieved through deployment of a management system. Principle 2 somehow seem to limit the scope of management systems to a RASCI. Can we frame principle 1 as follows? Can it be trimmed down?

    "Implement an engineering management system linked to the enterprise governance framework. The management system should provide for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system. It should take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.".

    I feel that principle 5 is redundant. As engineers we use a multitude of standards, practices, manuals, principles and it is impossible to do the work without appreciation of the fact that principles should be used selectively based on the context on the system.

    I feel that principle 15 is redundant as well since principle 17 requires to implement regimes for patching.

    Second statement (plan for components obsolescence) in principle 17 seems redundant since the first statement already calls for having an obsolescence management.

     



    ------------------------------
    Ilya Shustikov
    ------------------------------



  • 6.  RE: Cyber Engineering Principles

    Posted 20-02-2023 12:44 PM

    These 17 principles are comprehensive perhaps too much so with some redundancy. My major concern is the lack of any discussion about trust - for any changes or additions to systems, for any transient or permanent interfacing and for interacting with the wide, wide world. Trust is a concept that needs to be described in terms of what it is, what it implies, how we judge or even measure trust and how we accumulate a degree of trust such that we can rely implicitly on a lower level of threat from the trusted entity, noting the threat is never zero.

    I don't profess any special insight or competence in this field, but I am utterly convinced in its importance and hence would like the topic of trust to be widely addressed.



    ------------------------------
    Christopher Skinner BSc(Eng) MEngSc MIET MIEAust MACS CPEng
    Creating New Insights By Linking Disparate Ideas
    ------------------------------