Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time

Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time

by O. Sami Saydjari
Released August 2018
Publisher(s): McGraw-Hill
ISBN: 9781260118186

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Cutting-edge cybersecurity solutions to defend against the most sophisticated attacks

This professional guide shows, step by step, how to design and deploy highly secure systems on time and within budget. The book offers comprehensive examples, objectives, and best practices and shows how to build and maintain powerful, cost-effective cybersecurity systems. Readers will learn to think strategically, identify the highest priority risks, and apply advanced countermeasures that address the entire attack space. Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time showcases 35 years of practical engineering experience from an expert whose persuasive vision has advanced national cybersecurity policy and practices.

Readers of this book will be prepared to navigate the tumultuous and uncertain future of cyberspace and move the cybersecurity discipline forward by adopting timeless engineering principles, including:

•Defining the fundamental nature and full breadth of the cybersecurity problem
•Adopting an essential perspective that considers attacks, failures, and attacker mindsets
•Developing and implementing risk-mitigating, systems-based solutions
•Transforming sound cybersecurity principles into effective architecture and evaluation strategies that holistically address the entire complex attack space

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents
  6. Foreword
  7. Acknowledgments
  8. Introduction
  9. Part I What Do You Want?
    1. Chapter 1 What’s the Problem?
      1. Overview
        1. Learning Objectives
      2. 1.1 Baking in Trustworthiness: Design-Time
        1. 1.1.1 What Is Trust?
        2. 1.1.2 Trust and Belief
        3. 1.1.3 Engineering
        4. 1.1.4 Why Trust?
      3. 1.2 Operational Perspective: Basic Questions
        1. 1.2.1 Am I Under Attack?
        2. 1.2.2 What Is the Nature of the Attack?
        3. 1.2.3 What Is the Mission Impact So Far?
        4. 1.2.4 What Is the Potential Mission Impact?
        5. 1.2.5 When Did It Start?
        6. 1.2.6 Who Is Attacking?
        7. 1.2.7 What Are They Trying to Do?
        8. 1.2.8 What Is the Attacker’s Next Step?
        9. 1.2.9 What Can I Do About It?
        10. 1.2.10 What Are My Options and How Effective Will Each Option Be?
        11. 1.2.11 How Will My Mitigation Actions Affect Operation?
        12. 1.2.12 How Do I Better Defend Myself in the Future?
      4. 1.3 Asymmetry of Cyberspace Effects
        1. 1.3.1 Dimensionality
        2. 1.3.2 Nonlinearity
        3. 1.3.3 Coupling
        4. 1.3.4 Velocity
        5. 1.3.5 Manifestation
        6. 1.3.6 Detectability
      5. 1.4 The Cybersecurity Solution Landscape
        1. 1.4.1 Information Assurance Science and Engineering
        2. 1.4.2 Defensive Mechanisms
        3. 1.4.3 Cybersensors and Exploitation
        4. 1.4.4 Cyber Situation Understanding
        5. 1.4.5 Cyber Actuation
        6. 1.4.6 Cyber Command and Control
        7. 1.4.7 Cyber Defense Strategy and Tactics
      6. 1.5 Ounces of Prevention and Pounds of Cure
      7. Conclusion
      8. Questions
    2. Chapter 2 Cybersecurity Right-Think
      1. Overview
        1. Learning Objectives
      2. 2.1 It’s About Risk
      3. 2.2 The Cybersecurity Trade-off: Performance and Functionality
        1. 2.2.1 User-Friendliness
        2. 2.2.2 Time to Market
        3. 2.2.3 Employee Morale
        4. 2.2.4 Missed Opportunity
        5. 2.2.5 Opportunity Cost
        6. 2.2.6 Quantity of Service or Product
        7. 2.2.7 Quality of Service or Product
        8. 2.2.8 Cost of Service or Product
        9. 2.2.9 Limited Resources
      4. 2.3 Theories of Security Come from Theories of Insecurity
      5. 2.4 They Come at You Through the Weeds
      6. 2.5 Top-Down Meets Bottom-Up
      7. 2.6 Cybersecurity Is a Live Orchestra, Not a Recorded Instrument
      8. Conclusion
      9. Questions
    3. Chapter 3 Value and Mission: Know Thyself
      1. Overview
        1. Learning Objectives
      2. 3.1 Focus on Mission and Value
        1. 3.1.1 Avoid Concentrating Value
        2. 3.1.2 Beware the Complacency of Trust
      3. 3.2 Confidentiality: Value of Secrecy from Adversaries
        1. 3.2.1 Acquired-Knowledge Secrets
        2. 3.2.2 Planning Secrets
        3. 3.2.3 Stolen Secrets
        4. 3.2.4 Means-of-Stealing-Secrets Secrets
      4. 3.3 Confidentiality: Beware the Tyranny of Secrecy
        1. 3.3.1 Secrecy Is Tenuous
        2. 3.3.2 Secrecy Is Expensive
        3. 3.3.3 Secrecy Can Be Self-Defeating
        4. 3.3.4 Secrecy Is Self-Breeding
        5. 3.3.5 Secrecy Creates a Form of Corrupting Power and Impediment to Operation
      5. 3.4 Confidentiality: Changing the Value Proposition
        1. 3.4.1 Minimize Secrecy and Dependency on Secrecy
        2. 3.4.2 Minimize Impact of Loss of Secrecy
      6. 3.5 Integrity: The Root of All Trustworthiness Value
      7. 3.6 Availability: An Essential Yet Tenuous Value
      8. Conclusion
      9. Questions
    4. Chapter 4 Harm: Mission in Peril
      1. Overview
        1. Learning Objectives
      2. 4.1 Focus on Strategic Risks
        1. 4.1.1 What Is Strategic Risk?
        2. 4.1.2 Expected Harm
        3. 4.1.3 The Range of Risks
        4. 4.1.4 The Meaning of Focus
      3. 4.2 Harm Is About Mission
        1. 4.2.1 Elicitation of Harm
        2. 4.2.2 Aggregating Harm Statements
        3. 4.2.3 Representative Harm Lists
      4. 4.3 Critical Asset Inventory: Data
        1. 4.3.1 Data Asset Types
        2. 4.3.2 Data Value Spectrum
        3. 4.3.3 Criticality Classes
        4. 4.3.4 Criticality Levels
      5. 4.4 A Template for Exploring Mission Harm
      6. 4.5 Harm Is in the Eye of the Beholder
        1. 4.5.1 Gravity of Harm: Consensus
        2. 4.5.2 Drawing Conclusions
      7. 4.6 Sometimes Belief Is More Powerful than Truth
        1. 4.6.1 Destroying Value
        2. 4.6.2 Frustrating to Address: Life Is Unfair
      8. Conclusion
      9. Questions
    5. Chapter 5 Approximating Reality
      1. Overview
        1. Learning Objectives
      2. 5.1 The Complexity of State: Why Model?
      3. 5.2 Levels of Abstraction: At What Levels
      4. 5.3 What to Model and Why
        1. 5.3.1 The Target System
        2. 5.3.2 Users
        3. 5.3.3 Adversaries
        4. 5.3.4 Measures/Countermeasures
      5. 5.4 Models Are Always Wrong, Sometimes Useful
        1. 5.4.1 Incompleteness of Essentials
        2. 5.4.2 Inaccuracy
        3. 5.4.3 Non-Timeliness
      6. 5.5 Model Views
        1. 5.5.1 Defender’s View
        2. 5.5.2 Adversary’s View
        3. 5.5.3 Attacking the Views Themselves
      7. 5.6 Defense Models Must Consider Failure Modes
      8. 5.7 Assume Adversaries Know Defender’s System
      9. 5.8 Assume Adversaries Are Inside Defender’s System
      10. Conclusion
      11. Questions
  10. Part II What Could Go Wrong?
    1. Chapter 6 Adversaries: Know Thy Enemy
      1. Overview
        1. Learning Objectives
      2. 6.1 Know Your Adversaries
        1. 6.1.1 Intentions
        2. 6.1.2 Capabilities
        3. 6.1.3 Attacker Resources and Defender Resources
        4. 6.1.4 Risk Tolerance
        5. 6.1.5 Strategic Goals
        6. 6.1.6 Tactics
      3. 6.2 Assume Smart Adversaries
      4. 6.3 Assume Adversaries Don’t Play Fair
        1. 6.3.1 Going Around Security Controls
        2. 6.3.2 Going Beneath Security Controls
        3. 6.3.3 Attacking the Weakest Link
        4. 6.3.4 Violating a Design Assumption
        5. 6.3.5 Using Maintenance Modes
        6. 6.3.6 Using Social Engineering
        7. 6.3.7 Using Bribery and Blackmail to Subvert Insiders
        8. 6.3.8 Taking Advantage of Temporary Bypasses
        9. 6.3.9 Taking Advantage of Temporary Connections
        10. 6.3.10 Taking Advantage of Natural System Failure
        11. 6.3.11 Exploiting Bugs You Did Not Even Know You Had
        12. 6.3.12 Compromising External Systems that a System Trusts
      5. 6.4 Anticipate Attack Escalation
      6. 6.5 Red Teams
        1. 6.5.1 Opposing Force
        2. 6.5.2 Red Team Characteristics
        3. 6.5.3 Other Types of Red Teams
      7. 6.6 Cyberspace Exercises
        1. 6.6.1 Red Versus Blue
        2. 6.6.2 Pure Versus Hybrid
        3. 6.6.3 Purple Collaboration
      8. 6.7 Red Team Work Factor: Measuring Difficulty
      9. Conclusion
      10. Questions
    2. Chapter 7 Forests of Attack Trees
      1. Overview
        1. Learning Objectives
      2. 7.1 Attack Trees and Forests
        1. 7.1.1 Attack Tree Structure
        2. 7.1.2 Deriving Attack Scenarios
        3. 7.1.3 From Trees to Forests
      3. 7.2 System Failures Predict Cybersecurity Failures
        1. 7.2.1 Inspirational Catastrophes
        2. 7.2.2 The 10x Rule
        3. 7.2.3 Feigning Failure
      4. 7.3 Understanding Failure Is the Key to Success: The Five Whys
        1. 7.3.1 Why Five Whys?
        2. 7.3.2 Projecting Fishbones
      5. 7.4 Forests Should Be Representative, Not Exhaustive
      6. 7.5 Drive Each Attack Tree Layer by Asking How
      7. 7.6 Go as Deep as Needed and No Deeper
      8. 7.7 Beware of External Dependencies
        1. 7.7.1 Just in Time
        2. 7.7.2 Information Dependency
        3. 7.7.3 Creating Redundancy
      9. Conclusion
      10. Questions
  11. Part III What Are the Building Blocks of Mitigating Risk?
    1. Chapter 8 Countermeasures: Security Controls
      1. Overview
        1. Learning Objectives
      2. 8.1 Countermeasures: Design to Purpose
      3. 8.2 Ensure Attack-Space Coverage (Defense in Breadth)
      4. 8.3 Defense in Depth and Breadth
      5. 8.4 Multilevel Security, Trusted Code, Security Kernels
        1. 8.4.1 Multilevel Security
        2. 8.4.2 Trusted Code
        3. 8.4.3 Security Kernel and the Reference Monitor
      6. 8.5 Integrity and Type Enforcement
        1. 8.5.1 Multilevel Integrity
        2. 8.5.2 Type Enforcement
      7. 8.6 Cybersecurity Usability
        1. 8.6.1 Invisible
        2. 8.6.2 Transparent
        3. 8.6.3 Clear
        4. 8.6.4 Easy to Understand
        5. 8.6.5 Reliable
        6. 8.6.6 Fast
        7. 8.6.7 Reversible
        8. 8.6.8 Adaptable
        9. 8.6.9 Traceable
        10. 8.6.10 Reviewable
      8. 8.7 Deploy Default Secure
      9. 8.8 Costs
        1. 8.8.1 Cost Always Matters
        2. 8.8.2 Time-to-Deploy Matters
        3. 8.8.3 Impact to Mission Matters
        4. 8.8.4 Pareto Rule: 80/20
        5. 8.8.5 Opportunity Cost Is a Key Part of Cost
        6. 8.8.6 How Much to Invest in Cybersecurity
        7. 8.8.7 Optimizing Zero-Sum Cybersecurity Budgets
      10. Conclusion
      11. Questions
    2. Chapter 9 Trustworthy Hardware: Bedrock
      1. Overview
        1. Learning Objectives
      2. 9.1 Foundation of Trust
      3. 9.2 Instruction Set Architectures
      4. 9.3 Supervisors with Rings and Things
      5. 9.4 Controlling Memory: Mapping, Capabilities, and Tagging
        1. 9.4.1 Memory Mapping
        2. 9.4.2 Capabilities
        3. 9.4.3 Tagging
      6. 9.5 Software in Hardware
        1. 9.5.1 Microcode
        2. 9.5.2 Firmware
        3. 9.5.3 Secure Bootstrapping
      7. 9.6 Buses and Controllers
      8. Conclusion
      9. Questions
    3. Chapter 10 Cryptography: A Sharp and Fragile Tool
      1. Overview
        1. Learning Objectives
      2. 10.1 What Is Cryptography?
      3. 10.2 Key Space
      4. 10.3 Key Generation
      5. 10.4 Key Distribution
        1. 10.4.1 Transmission to Intended Recipients
        2. 10.4.2 Storage
        3. 10.4.3 Loading
      6. 10.5 Public-Key Cryptography
        1. 10.5.1 The Math
        2. 10.5.2 Certificates and Certificate Authorities
        3. 10.5.3 Performance and Use
        4. 10.5.4 Side Effect of Public-Key Cryptography
      7. 10.6 Integrity
      8. 10.7 Availability
        1. 10.7.1 Positive Effects
        2. 10.7.2 Negative Effects
      9. 10.8 Chinks in the Cryptographic Armor
        1. 10.8.1 Quantum Cryptanalytics: Disruptive Technology
        2. 10.8.2 P=NP 185
      10. 10.9 Cryptography Is Not a Panacea
      11. 10.10 Beware of Homegrown Cryptography
      12. Conclusion
      13. Questions
    4. Chapter 11 Authentication
      1. Overview
        1. Learning Objectives
      2. 11.1 Entity Identification: Phase 1 of Authentication
      3. 11.2 Identity Certification: Phase 2 of Authentication
      4. 11.3 Identity Resolution: Phase 3 of Authentication
      5. 11.4 Identity Assertion and Identity Proving: Phases 4 and 5 of Authentication
      6. 11.5 Identity Decertification: Phase 6 of Authentication
      7. 11.6 Machine-to-Machine Authentication Chaining
      8. Conclusion
      9. Questions
    5. Chapter 12 Authorization
      1. Overview
        1. Learning Objectives
      2. 12.1 Access Control
        1. 12.1.1 Discretionary Access Control
        2. 12.1.2 Mandatory Access Control
        3. 12.1.3 Covert Channels
        4. 12.1.4 Identity-Based Access Control
        5. 12.1.5 Attribute-Based Access Control
      3. 12.2 Attribute Management
        1. 12.2.1 User Attributes and Privilege Assignment
        2. 12.2.2 Resource Attribute Assignment
        3. 12.2.3 Attribute Collection and Aggregation
        4. 12.2.4 Attribute Validation
        5. 12.2.5 Attribute Distribution
      4. 12.3 Digital Policy Management
        1. 12.3.1 Policy Specification
        2. 12.3.2 Policy Distribution
        3. 12.3.3 Policy Decision
        4. 12.3.4 Policy Enforcement
      5. 12.4 Authorization Adoption Schemas
        1. 12.4.1 Direct Integration
        2. 12.4.2 Indirect Integration
        3. 12.4.3 Alternative Integration
      6. Conclusion
      7. Questions
    6. Chapter 13 Detection Foundation
      1. Overview
        1. Learning Objectives
      2. 13.1 The Role of Detection
      3. 13.2 How Detection Systems Work
      4. 13.3 Feature Selection
        1. 13.3.1 Attack Manifestation in Features
        2. 13.3.2 Manifestation Strength
        3. 13.3.3 Mapping Attacks to Features
        4. 13.3.4 Criteria for Selection
      5. 13.4 Feature Extraction
      6. 13.5 Event Selection
      7. 13.6 Event Detection
      8. 13.7 Attack Detection
      9. 13.8 Attack Classification
      10. 13.9 Attack Alarming
      11. 13.10 Know Operational Performance Characteristics for Sensors
      12. Conclusion
      13. Questions
    7. Chapter 14 Detection Systems
      1. Overview
        1. Learning Objectives
      2. 14.1 Types of Detection Systems
        1. 14.1.1 Signature-Based
        2. 14.1.2 Anomaly Detection
      3. 14.2 Detection Performance: False Positives, False Negatives, and ROCs
        1. 14.2.1 Feature Selection
        2. 14.2.2 Feature Extraction
        3. 14.2.3 Event Selection
        4. 14.2.4 Attack Detection
        5. 14.2.5 Attack Classification
        6. 14.2.6 Attack Alarming
      4. 14.3 Drive Detection Requirements from Attacks
      5. 14.4 Detection Failures
        1. 14.4.1 Blind Sensors
        2. 14.4.2 Below Noise Floor
        3. 14.4.3 Below Alert Threshold
        4. 14.4.4 Improper Placement
        5. 14.4.5 Natural Failure
        6. 14.4.6 Successfully Attacked
        7. 14.4.7 Blocked Sensor Input
        8. 14.4.8 Blocked Report Output
      6. Conclusion
      7. Questions
    8. Chapter 15 Detection Strategy
      1. Overview
        1. Learning Objectives
      2. 15.1 Detect in Depth and Breadth
        1. 15.1.1 Breadth: Network Expanse
        2. 15.1.2 Depth: Network Expanse
        3. 15.1.3 Breadth: Attack Space
        4. 15.1.4 Depth: Attack Space
      3. 15.2 Herd the Adversary to Defender’s Advantage
      4. 15.3 Attack Epidemiology
      5. 15.4 Detection Honeypots
      6. 15.5 Refining Detection
        1. 15.5.1 Running Alerts to Ground
        2. 15.5.2 Learning More About an Attack
      7. 15.6 Enhancing Attack Signal and Reducing Background Noise
        1. 15.6.1 Reducing the Noise Floor
        2. 15.6.2 Boosting Attack Signal
        3. 15.6.3 Lowering the Alert Threshold
      8. Conclusion
      9. Questions
    9. Chapter 16 Deterrence and Adversarial Risk
      1. Overview
        1. Learning Objectives
      2. 16.1 Deterrence Requirements
        1. 16.1.1 Reliable Detection: Risk of Getting Caught
        2. 16.1.2 Reliable Attribution
        3. 16.1.3 Meaningful Consequences
      3. 16.2 All Adversaries Have Risk Thresholds
      4. 16.3 System Design Can Modulate Adversary Risk
        1. 16.3.1 Detection Probability
        2. 16.3.2 Attribution Probability
        3. 16.3.3 Consequence Capability and Probability
        4. 16.3.4 Retaliation Capability and Probability
        5. 16.3.5 Risky Behavior
      5. 16.4 Uncertainty and Deception
        1. 16.4.1 Uncertainty
        2. 16.4.2 Deception
      6. 16.5 When Detection and Deterrence Do Not Work
      7. Conclusion
      8. Questions
  12. Part IV How Do You Orchestrate Cybersecurity?
    1. Chapter 17 Cybersecurity Risk Assessment
      1. Overview
        1. Learning Objectives
      2. 17.1 A Case for Quantitative Risk Assessment
      3. 17.2 Risk as a Primary Metric
      4. 17.3 Why Measure?
        1. 17.3.1 Characterize
        2. 17.3.2 Evaluate
        3. 17.3.3 Predict
        4. 17.3.4 Improve
      5. 17.4 Evaluate Defenses from an Attacker’s Value Perspective
      6. 17.5 The Role of Risk Assessment and Metrics in Design
      7. 17.6 Risk Assessment Analysis Elements
        1. 17.6.1 Develop Mission Model
        2. 17.6.2 Develop System Model
        3. 17.6.3 Develop Adversary Models
        4. 17.6.4 Choose Representative Strategic Attack Goals
        5. 17.6.5 Estimate Harm Using Wisdom of Crowds
        6. 17.6.6 Estimate Probability Using Wisdom of Crowds
        7. 17.6.7 Choose Representative Subset
        8. 17.6.8 Develop Deep Attack Trees
        9. 17.6.9 Estimate Leaf Probabilities and Compute Root
        10. 17.6.10 Refine Baseline Expected Harm
        11. 17.6.11 Harvest Attack Sequence Cut Sets => Risk Source
        12. 17.6.12 Infer Attack Mitigation Candidates from Attack Sequences
      8. 17.7 Attacker Cost and Risk of Detection
        1. 17.7.1 Resources
        2. 17.7.2 Risk Tolerance
      9. Conclusion
      10. Questions
    2. Chapter 18 Risk Mitigation and Optimization
      1. Overview
        1. Learning Objectives
      2. 18.1 Develop Candidate Mitigation Packages
      3. 18.2 Assess Cost of Mitigation Packages
        1. 18.2.1 Direct Cost
        2. 18.2.2 Mission Impact
      4. 18.3 Re-estimate Leaf Node Probabilities and Compute Root Node Probability
      5. 18.4 Optimize at Various Practical Budget Levels
        1. 18.4.1 Knapsack Algorithm
        2. 18.4.2 Sensitivity Analysis
      6. 18.5 Decide Investment
      7. 18.6 Execute
      8. Conclusion
      9. Questions
    3. Chapter 19 Engineering Fundamentals
      1. Overview
        1. Learning Objectives
      2. 19.1 Systems Engineering Principles
        1. 19.1.1 Murphy’s Law
        2. 19.1.2 Margin of Safety
        3. 19.1.3 Conservation of Energy and Risk
        4. 19.1.4 Keep It Simple, Stupid
        5. 19.1.5 Development Process
        6. 19.1.6 Incremental Development and Agility
      3. 19.2 Computer Science Principles
        1. 19.2.1 Modularity and Abstraction
        2. 19.2.2 Layering
        3. 19.2.3 Time and Space Complexity: Understanding Scalability
        4. 19.2.4 Focus on What Matters: Loops and Locality
        5. 19.2.5 Divide and Conquer and Recursion
      4. Conclusion
      5. Questions
    4. Chapter 20 Architecting Cybersecurity
      1. Overview
        1. Learning Objectives
      2. 20.1 Reference Monitor Properties
        1. 20.1.1 Functional Correctness
        2. 20.1.2 Non-Bypassable
        3. 20.1.3 Tamperproof
      3. 20.2 Simplicity and Minimality Breed Confidence
      4. 20.3 Separation of Concerns and Evolvability
      5. 20.4 Security Policy Processing
        1. 20.4.1 Policy Specification
        2. 20.4.2 Policy Decision Making
        3. 20.4.3 Policy Enforcement
      6. 20.5 Dependability and Tolerance
        1. 20.5.1 Cybersecurity Requires Fail Safety
        2. 20.5.2 Expect Failure: Confine Damages Using Bulkheads
        3. 20.5.3 Tolerance
        4. 20.5.4 Synergize Prevention, Detect-Response, and Tolerance
      7. 20.6 Cloud Cybersecurity
      8. Conclusion
      9. Questions
    5. Chapter 21 Assuring Cybersecurity: Getting It Right
      1. Overview
        1. Learning Objectives
      2. 21.1 Cybersecurity Functionality Without Assurance Is Insecure
      3. 21.2 Treat Cybersecurity Subsystems as Critical Systems
      4. 21.3 Formal Assurance Arguments
        1. 21.3.1 Cybersecurity Requirements
        2. 21.3.2 Formal Security Policy Model
        3. 21.3.3 Formal Top-Level Specification
        4. 21.3.4 Security-Critical Subsystem Implementation
      5. 21.4 Assurance-in-the-Large and Composition
        1. 21.4.1 Composition
        2. 21.4.2 Trustworthiness Dependencies
        3. 21.4.3 Avoiding Dependency Circularity
        4. 21.4.4 Beware of the Inputs, Outputs, and Dependencies
        5. 21.4.5 Violating Unstated Assumptions
      6. Conclusion
      7. Questions
    6. Chapter 22 Cyber Situation Understanding: What’s Going On
      1. Overview
        1. Learning Objectives
      2. 22.1 Situation Understanding Interplay with Command and Control
      3. 22.2 Situation-Based Decision Making: The OODA Loop
      4. 22.3 Grasping the Nature of the Attack
        1. 22.3.1 What Vulnerability Is It Exploiting?
        2. 22.3.2 Which Paths Are the Attacks Using?
        3. 22.3.3 Are the Attack Paths Still Open?
        4. 22.3.4 How Can the Infiltration, Exfiltration, and Propagation Paths Be Closed?
      5. 22.4 The Implication to Mission
        1. 22.4.1 Increased Risk
        2. 22.4.2 Contingency Planning
        3. 22.4.3 Nature and Locus Guiding Defense
      6. 22.5 Assessing Attack Damages
      7. 22.6 Threat Assessment
      8. 22.7 The State of Defenses
        1. 22.7.1 Health, Stress, and Duress
        2. 22.7.2 Status
        3. 22.7.3 Configuration Maneuverability
        4. 22.7.4 Progress and Failure
      9. 22.8 Dynamic Defense Effectiveness
      10. Conclusion
      11. Questions
    7. Chapter 23 Command and Control: What to Do About Attacks
      1. Overview
        1. Learning Objectives
      2. 23.1 The Nature of Control
        1. 23.1.1 Decision Cycle
        2. 23.1.2 Speed Considerations
        3. 23.1.3 Hybrid Control
      3. 23.2 Strategy: Acquiring Knowledge
        1. 23.2.1 Analogy
        2. 23.2.2 Direct Experience
        3. 23.2.3 Vicarious Experience
        4. 23.2.4 Simulation
      4. 23.3 Playbooks
        1. 23.3.1 Game Theory
        2. 23.3.2 Courses of Action in Advance
        3. 23.3.3 Criteria for Choosing Best Action
        4. 23.3.4 Planning Limitations
      5. 23.4 Autonomic Control
        1. 23.4.1 Control Theory
        2. 23.4.2 Role of Autonomic Control
        3. 23.4.3 Autonomic Action Palette
      6. 23.5 Meta-Strategy
        1. 23.5.1 Don’t Overreact
        2. 23.5.2 Don’t Be Predictable
        3. 23.5.3 Stay Ahead of the Attackers
      7. Conclusion
      8. Questions
  13. Part V Moving Cybersecurity Forward
    1. Chapter 24 Strategic Policy and Investment
      1. Overview
        1. Learning Objectives
      2. 24.1 Cyberwar: How Bad Can Bad Get?
        1. 24.1.1 Scenario
        2. 24.1.2 Call to Action
        3. 24.1.3 Barriers to Preparation Action
        4. 24.1.4 Smoking Gun
      3. 24.2 Increasing Dependency, Fragility, and the Internet of Things
        1. 24.2.1 Societal Dependency
        2. 24.2.2 Just-in-Time Everything
        3. 24.2.3 The Internet of Things
        4. 24.2.4 Propagated Weakness
      4. 24.3 Cybersecurity in the Virtual World: Virtual Economy
        1. 24.3.1 Booming Game Economy: Virtual Gold Rush
        2. 24.3.2 Digital Currency Such as Bitcoin
        3. 24.3.3 Virtual High-Value Targets
        4. 24.3.4 Start from Scratch?
      5. 24.4 Disinformation and Influence Operations: Fake News
        1. 24.4.1 What’s New?
        2. 24.4.2 Hacking Wetware
        3. 24.4.3 Polluting the Infosphere
      6. Conclusion
      7. Questions
    2. Chapter 25 Thoughts on the Future of Cybersecurity
      1. Overview
        1. Learning Objectives
      2. 25.1 A World Without Secrecy
        1. 25.1.1 Timed Release
        2. 25.1.2 Minimize Generation
        3. 25.1.3 Zero-Secrecy Operations
      3. 25.2 Coevolution of Measures and Countermeasures
      4. 25.3 Cybersecurity Space Race and Sputnik
        1. 25.3.1 Gaining the Ultimate Low Ground
        2. 25.3.2 Stuxnet and the Cyberattack Genie
        3. 25.3.3 Georgia and Hybrid Warfare
        4. 25.3.4 Estonia and Live-Fire Experiments
        5. 25.3.5 Responsibility for Defending Critical Information Infrastructure
      5. 25.4 Cybersecurity Science and Experimentation
        1. 25.4.1 Hypothesis Generation
        2. 25.4.2 Experimental Design
        3. 25.4.3 Experiment Execution
      6. 25.5 The Great Unknown: Research Directions
        1. 25.5.1 Hard Research Problems
        2. 25.5.2 Are Cybersecurity Problems Too Hard?
        3. 25.5.3 Research Impact and the Heilmeier Catechism
        4. 25.5.4 Research Results Dependability
        5. 25.5.5 Research Culture: A Warning
      7. 25.6 Cybersecurity and Artificial Intelligence
      8. Conclusion
      9. Questions
  14. Part VI Appendix and Glossary
    1. Appendix Resources
    2. Glossary
    3. Index

Product information

  • Title: Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
  • Author(s): O. Sami Saydjari
  • Release date: August 2018
  • Publisher(s): McGraw-Hill
  • ISBN: 9781260118186