Secure By Design

Why we shouldn't focus on cyberattacks

2021-05-30 Previous Home Next

Over the past few months, many companies and government departments have found themselves under attack.

In some cases it was ransomware, as in the gas pipeline operator Colonial Gas and the meat distribution company JBS, while in others it seems to have been espionage, as in the SolarWinds software attack (see A Question of Trust).

It's tempting to buy scanning software and pay security consultants. That might be necessary, but it's not a strategy.


These failures are symptoms of defects in the system architecture.

The system needs to be properly designed based on sound principles. If a system is poorly architected, it can die of natural causes, too, as we saw in the Texas electric grid in February, when millions lost power for days and 150 people died.

How to do it right

You have to identify which assets are the most precious and how to keep them available throughout the lifecycle of your system. You apply well-known engineering principles to ensure your system is trustworthy.

Example: aircraft network

In 2008, the Federal Aviation Administration reviewed a proposed network design for a new Boeing model and noticed some vulnerabilities.

Planes, just like pretty much everything else, have IT systems. Some are critical for flight control and navigation, while others are meant for passenger use and entertainment.

The new plane had computer networks that provided new passenger facilities like satellite radio. These networks connected together all the IT systems on the plane.

The FAA made the company change the network design, and also publicly issued some requirements that all planes would have to meet from then on. (Special Conditions E7-25467)

They require that the "Passenger Information and Entertainment Domain" of the network must not allow access to the other domains. This rule was based on architectural principles of isolation, trusted communications channels, and modularity.

These principles protect the most precious IT assets on the plane, the ones that control flight systems and navigation, both from natural disasters and from malicious attack.

This is an example of regulations that help vendors architect a trustworthy system. These regulations are necessary to protect all of us.

How to build trustworthy systems

These principles are not new. In 2016, NIST issued a publication called System Security Engineering, which explains how to apply them to build modern systems. (NIST.SP.800-160)

These publications are free. There's no good reason not to use them.