Systems Security Engineering
Considerations for a
Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
NIST Special Publication 800-160 Second Public Draft
“This whole economic boom in cybersecurity seems largely to
be a consequence of poor engineering.” ‐‐ Carl Landwehr, Communications of
the ACM, February 2015
Systems Security Engineering — A Specialty Discipline
Security, like safety and other system quality properties,
is an emergent property of a system. System security is the application of
engineering and management principles, concepts, criteria, and techniques to
optimize security within the constraints of operational effectiveness, time,
and cost throughout all stages of the system life cycle. When performing
appropriate analysis, the evaluation is performed holistically by tying into
systems security engineering concepts and best practices and ensuring that
system security has an integrated, system‐level perspective. Systems security
engineering focuses on the protection of stakeholder and system assets so as to
exercise control over asset loss and the associated consequences. Such
protection is achieved by carrying out the specific activities and tasks in the
system engineering processes with the objective of eliminating or reducing
vulnerabilities and minimizing or constraining the impact of exploiting or
triggering those vulnerabilities. This approach helps to reduce the
susceptibility of systems to a variety of simple, complex, and hybrid threats
including physical and cyber‐attacks; structural failures; natural disasters;
and errors of omission and commission. This reduction is accomplished by
fundamentally understanding stakeholder protection needs and subsequently
employing sound security design principles and concepts throughout the systems
engineering processes. These processes, if properly carried out (to include the
identified systems security engineering activities and tasks), result in
systems that are adequately secure relative to the asset loss consequences and
associated risk based on measurable assurance and trustworthiness in the
systems security performance and effectiveness. To accomplish the security
objectives described above, systems security engineering, as a specialty
discipline of systems engineering, provides several distinct perspectives and
focus areas which set it apart from other engineering disciplines. These
include the engineering of security functions; addressing the security aspects
associated with the engineering of non‐security functions; and protecting the
intellectual property and otherwise sensitive data, information, technologies,
and methods utilized as part of the systems engineering effort.
Systems security engineering, as part of a multidisciplinary
systems engineering effort:
·
Defines stakeholder security objectives, protection needs and concerns,
security requirements, and associated validation methods;
· Defines system security
requirements and associated verification methods;
· Develops security views and
viewpoints of the system architecture and design;
· Identifies and assesses
vulnerabilities and susceptibility to life cycle disruptions, hazards, and
threats;
·
Designs proactive and reactive protective measures encompassed within a
balanced strategy to control asset loss and associated loss consequences;
· Provides security
considerations to inform systems engineering efforts with the objective to
reduce errors, flaws, and weakness that may constitute security vulnerability
leading to unacceptable asset loss and consequences;
· Identifies, quantifies, and
evaluates the costs and benefits of protective measures and considerations to
inform analysis of alternatives, engineering trade-offs, and risk treatment12
decisions;
·
Performs system security analyses in support of decision making, risk
management, and engineering trades;
·
Develops the assurance case to demonstrate that security claims for the system
have been satisfied;
·
Provides evidence to support the assurance case and to substantiate the
trustworthiness of the system; and
· Leverages multiple
security and other specialties to address all feasible solutions so as to
deliver an adequately secure and trustworthy system.
Systems Security Engineering Framework – Why It Matters ?
Establishing problem, solution, and trustworthiness contexts
as key components of a systems security engineering framework ensures that the
security of a system is based on achieving a sufficiently complete
understanding of the problem as defined by a set of stakeholder security
objectives, security concerns, protection needs, and security requirements.
This understanding is essential in order to develop effective security
solutions—that is, a system that is sufficiently trustworthy and adequately
secure to protect stakeholder’s assets in terms of loss and the associated
consequences.
