The second principle of the Agile Security Manifesto is an interesting conundrum. We state, “Security technologies and operations must be as dynamic as the threats you face and the environments you are protecting.”
If you believe what I stated in my last post that part of our problem in securing environments is our pursuit of stability, and success in achieving it, then you are going to be a little bewildered by the second principle. I think it is a natural question to ask: How can I be as dynamic as the threats, unencumbered by process and a need for stability, and as dynamic as the stable unchanging environments I am charged with protecting?
This is a good question and it lets us talk about the problem in the right context. While the technology may be stable, the environments are anything but. There is no better recent example of this than the acknowledgment by DHS, through ICS-CERT, that systemic design "features" (failures to the purists among us) in industrial control systems are too common and too widely deployed to be routinely addressed through a rapid response system like ICS-CERT. This is an entirely practical acknowledgement that uncovers an inconvenient truth; we have to secure these systems in the presence of design features that were never intended to face an adversary.
For those of you that are charged with defending these stable ICS environments, things are not going to be static for long. The technology may not change very quickly but the threats you face may make the environment you protect a potentially exciting and challenging place to work. The adversaries are going to continue to look for opportunities and the researchers, having no viable and responsible outlet, are going to release their research publicly so we can take appropriate mitigating action. Stuck in the middle of this challenge are our customers, users, and us. We can see it coming and we need to have built systems that can adapt at will, in the absence of clear direction, to maintain stability while others address correcting the fundamental problem.
The second principle speaks directly to this situation. It acknowledges that regardless of the stability of the technology in the absence of an adversary, the environment and threats are dynamic. They are unquestionably at least as dynamic as the adversary intends them to appear to be. Take Stuxnet as an example of how the adversary can and does manage the dynamics of the environment. This was a tool designed to infiltrate, unbeknownst to the users, and silently degrade effectiveness while providing the appearance of stability. Had the adversary taken a different approach and caused chaos it would have been directly destructive and not deviantly destructive. They clearly didn't want the environment to be too dynamic and also clearly had the ability to make it chaotic if they chose.
The second principle "Security technologies and operations must be as dynamic as the threats you face and the environments you are protecting" isn't just about technology; it is about the people, process, and tools you use to deal with the currently unknown. It is about building systems that allow their users to act, with appropriate information, in appropriate ways, to an environment that can become instantly dynamic where it had never been before.
0 comments:
Post a Comment