Cyber Engineering Community

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

Patrick, Thanks for your feedback. Good point. I suggest that we amend principles 3 and 6 as follows: 

3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats, user needs and assessed risks.

6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, regulatory requirements and risk appetite.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

How do these principles relate to existing principles in the ISO2700x suite? Are they meant to be a replacement?

As the environments in which systems operate are always in a state of flux, should the principles include a statement about how systems will respond to this ongoing change, especially the risk of the unknown or unforeseen?

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

How do these principles relate to existing principles in the ISO2700x suite? Are they meant to be a replacement?

As the environments in which systems operate are always in a state of flux, should the principles include a statement about how systems will respond to this ongoing change, especially the risk of the unknown or unforeseen?

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

Hello Doug,

They are not meant to be a replacement but an addendum. The 2700x series focuses on design and development while the NIST/OWASP frameworks focus on making the design process secure. It is part of the whole shift-left ideology but this has changed over time and now with the introduction of AI the system is meant to change significantly. If you want some guidance, the OWASP SAMM project has a bunch of very useful blog post. If you want to discuss in more detail, I am happy to help.

Cheers,

Ric

How do these principles relate to existing principles in the ISO2700x suite? Are they meant to be a replacement?

As the environments in which systems operate are always in a state of flux, should the principles include a statement about how systems will respond to this ongoing change, especially the risk of the unknown or unforeseen?

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

Hello Ric,

I agree with much of what you have said but I would like to understand more about your statement that the ISO2700x series focusses on design and development. I understand that the ISO 27002 controls cover all phases of the NIST CSF framework including Detect, Respond and Recover which only occur after a system is deployed. Also, domains such as identity and access management and security assurance are usually considered to be operational activities.

Regards,

Nigel

Hello Doug,

They are not meant to be a replacement but an addendum. The 2700x series focuses on design and development while the NIST/OWASP frameworks focus on making the design process secure. It is part of the whole shift-left ideology but this has changed over time and now with the introduction of AI the system is meant to change significantly. If you want some guidance, the OWASP SAMM project has a bunch of very useful blog post. If you want to discuss in more detail, I am happy to help.

Cheers,

Ric

How do these principles relate to existing principles in the ISO2700x suite? Are they meant to be a replacement?

As the environments in which systems operate are always in a state of flux, should the principles include a statement about how systems will respond to this ongoing change, especially the risk of the unknown or unforeseen?

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

Thanks for the list of principles Shireane.

I have a question re the title of this area, basically, in "Cyber Engineering" is "Cyber" shorthand for "Cybersecurity" or "Cybersystems"? 

The following article suggests "cyber" is about more than just security, and concerns a whole of systems approach to design of (secure) cyber systems. https://createdigital.org.au/cyber-engineering-new-way-of-thinking/ 

If that's the case, then I believe it would be helpful to use the more specific (though wider) title of "Cybersystems" Engineering.

Much of modern engineering is about systems, so to some extent the "systems" is redundant, however I see "cyber" being used in many places in the narrow sense of security in cyber systems.

Regards, Graham 

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.

CYBER ENGINEERING PRINCIPLES

1. Take a whole of system whole of lifecycle approach to secure design, operation, maintenance and disposal. The whole system includes all technology, people and processes. Technology includes all hardware, firmware and software and interconnected systems; people includes human interactions, human behaviour, and skills to operate and maintain the systems; and processes includes in built controls and processes required to operate and maintain the system securely.
   
   
2. Implement an engineering management system linked to the enterprise governance framework that provides for clear accountability, authority and responsibility for secure design, operation, maintenance, and disposal of the system.
   
   
3. Undertake continuous threat and vulnerability modelling, to understand emerging security risks, to inform and build in physical and logical security measures that are readily evolvable to incorporate new technologies, changes to threats and user needs.
   
   
4. Tailor engineering processes and standards to system complexity and security needs.
   
   
5. Apply the engineering principles applicable to the context in which the system is to be designed, operated, maintained and disposed.
   
   
6. Undertake analysis of both functional and non-functional requirements (e.g. performance, confidentiality, integrity, availability, safety, human factors) to understand priorities and trade-offs of stakeholder needs and document decision trade-offs. Safety and security are addressed as co-ordinated views when determining trade-offs. Stakeholder needs include system intended capability outcomes, economic and organisational needs, customer requirements, and regulatory requirements.
   
   
7. Design and refine the system architecture to reduce the evolving threat attack surface, cognisant of strategic performance, support, and security risks.
   
   
8. Ensure all system elements are integrated in a logical sequence and tested to ensure that the system operates as predicted.
   
   
9. Plan and implement verification and validation processes that provide objective evidence of system performance, identify residual security risks, and determine actions required to mitigate or accept residual risks.
   
   
10. Establish processes to rigorously manage all interfaces (physical, logical, and human), including interfaces to external systems or networks where the pedigree of the connected systems cannot be accurately determined or actively managed.
    
    
11. Assume that there will be successful attacks on the system and design in mechanisms to aid recovery from such attacks. Changes in sophistication, diversity and vectors of attacks must be expected. Plan for and regularly exercise system recovery processes as part of the operations, support, and maintenance regimes.
    
    
12. Anticipate and expect human error that might create vulnerabilities (both intentional and unintentional).
    
    
13. Establish mechanisms to detect and eradicate counterfeit parts, components, firmware and software that may contain malicious or poor-quality code in the supply chain; e.g. through functional and physical configuration audits.
    
    
14. Design in mechanisms to detect and report unauthorised use, unusual or unpredicted system behaviour.
    
    
15. Define processes for introducing software and patches into the system to reduce the risk of unintended security impacts or impacts on system performance.
    
    
16. Implement security measures through a layered multifactored approach.
    
    
17. Design and implement maintenance and support regimes that ensure secure configuration control, approval of changes to system requirements, system performance monitoring, obsolescence management, system updates and regular patching. Plan for the management of system components (hardware, firmware, and software) that are likely or may become obsolete during the planned life of the system.