Today's Essential Cyber Security Requirements

Cross-cutting security requirements called for today

In this entry we compile a short-list of cross-cutting security features most called for by Government and Industry security experts.  The ICT Gozo Malta projects specifically address each of these points:

• security built in from the ground up
• removing central points of failure by distributing trust and using multiple layers of defense
• protection against a wide range of insider (management, trusted staff, malware in hardware and software) and external attacks
• rewards collaboration between competitors (organisations or divisions can guarantee their own security and satisfy legislation, while gaining superior security when collaborating with others, including their competitors)
• exploiting existing infrastructure and standards investments
• careful attention to maintaining interoperability and security standards compliance
• enhancing and removing known threats to existing standards security systems

DHS - Security features required for trustworthy systems envisioned by U.S. Government 

The United States Department of Homeland Security November 2009 Cyber Security Roadmap has outlined the following eight current hardest and most critical security problems and needs that must be addressed if trustworthy systems envisioned by the U.S. Government are to be built.  In addition to the first eight (1-8), there are three other important security features (9-10).  These features need to be retro fitted where possible to existing security systems and present in all future systems.  Projects in the ICT Gozo Malta forum directly contribute to those security properties marked with an asterisk * for both existing and future systems. 

1. Global-scale identity management *
2. Combatting insider threats *
3. Availability and survivability of time-critical systems *
4. Building scalable trustworthy and secure systems *
5. Situational understanding and attack attribution *
6. Information provenance *
7. Security with privacy *
8. Enterprise-level security metrics
9. System evaluation life cycle
10. Combating malware and botnets *
11. Privacy-aware security *

NITRD - Leap ahead cyber-security themes

"It's not about security, its about Trustworthiness of our digital infrastructure.  This means Security and Reliability, Resiliance, Privacy and Useability."  Dr. Jeanette Wing, 
Assistant director for computer & information science and engineering (CISE), NSF (2010)

1. Tailored trustworthy spaces:
   • According to Dr. Jeanette Wing in the NITRD 2010 Cybersecurity R&D Themes webcast, based on federal consensus the tailored trustworthy spaces theme is considered the most important of the three NITRD themes. 
   • "Tailored Trustworthy Spaces is a New Paradigm.  Users can select different environments for different activities (online banking, commerce, healthcare, personal communications) providing operating capabilities across many dimensions, including confidentiality, anonymity, data and system integrity, provenance, availability and performance."
2. Moving target theme:
   
   • According to Dr. Jeanette Wing in the NITRD 2010 webcast, the moving target theme is about providing resilience through agility.
   • According to Dr Patricia Muoio, Science and technology lead for cyber, Office of the Director of National Intelligence defines agility as the ability to control change across multiple system dimensions to:
     • increase uncertainty and apparent complexity for attackers,
     • reduce their windows of opportunity, and
     • increase their costs in time and effort.
     • increase resiliency and fault tolerance within a system.
3. Cyber economic incentives theme:
   • According to Dr. Jeanette Wing in the NITRD 2010 webcast, the cyber economics theme is about providing incentives to good security.
   • Dr Douglas Maughan, Program Manager, Cyber Security R&D, Science & Technology Directorate, Department of Homeland Security (DHS S&T), goes on to say that the consensus agreement today is "Crime pays on the internet".  He asks, in the future can we create an environment where being a good guy pays, and a bad guy doesn't?
   • The ICT Gozo Malta approach to cyber economic incentives is to employ notions such as user-centric design, holding all parties equally accountable, and design for protecting the legitimate interests of all stake-holders as proactive design strategies to begin addressing the cyber economic incentives.

NITRD - Leap-ahead recommendations

We will list several suggestions or desirable features from the working groups of the NITRD National Cyber Leap Year 2009 Summit that are adopted in one or more of the ICT Gozo Malta Project.  Security features and design techniques were proposed in five cyber security themes. 

• Hardware enabled trust
  • Trustworthy hardware that will not leak information
  • Hardware-enabled resilience
  • Application behavioral analysis
  • Trustworthy storage and data
• Cyber economics
  • Infrastructure diversity
• Moving target defense
  • Diversity in software
  • Resilient cryptographic systems
  • Configuration-space randomization for infrastructure
• Digital provenance
  • Global identifier based cryptography
  • Global electronic identity management system
  • Systems that are post-quantum secure
  • Network behavioral analysis and over-the-horizon network visibility
• Digital Immune System (Nature-inspired cyber health):
  • Create a digital immune system for ICT systems that employs:
    • distributed processing
    • decentralised control
    • distributed defense
    • multi-layered protection
    • pathogenic pattern recognition
    • diversity
    • signalling
  • Employ early and dependable detection and recognition of information attacks, rational utilization of the network resources for minimization of the damage and fast recovery, and development of successful ways to prevent further attacks.

ENISA - Critical security requirements for public cloud computing

Major security studies in 2009/10 (such as those by European Network and Information Security Agency (ENISA), the US NIST and the Cloud Security Alliance CSA) have identified a short-list of top threats / open problems.  The common themes found in these studies are:

• A cloud user's or user organization's loss of governance:
  • Ceding security controls of data to cloud provider
  • Insufficient assurances of data security controls
• Data leakage or destruction:
  • Malicious insider attacks by cloud provider
  • Malicious insider attacks by managed security providers
  • Inherent vulnerabilities and malicious back-doors present in the cloud's software & hardware platforms
  • Malicious client attacks that exploit isolation failure between virtual machines in the cloud (cloud-bursting)
  • Client does not know what the risk profile of the cloud provider is, and so cannot mitigate those risks
• Account or service hijacking

Projects in the ICT Gozo Malta forum directly address these security requirements.

DHS - Essential security requirements for global-scale identity management

In this section we outline many of the requirements for global-scale identity management systems identified by the US Department of Homeland Security.  The ICT Gozo Malta global-scale IdM-CKM model is designed (or is being designed) to address these issues. 

• Must be capable of trustworthy binding of identities [humans, organisations] and credentials
• Must be capable of multi-stakeholder, multi-jursidiction environments.
• Must be capable of managing diverse interorganizational relationships that today are hampered by the lack of trustworthy credentials for accessing shared resources.
• Will need to incorporate policies governing release of identifying information. (user-centricity, data-self determination)
• Support the control and management of credentials used to authenticate one entity to another, and authorization of an entity to adopt a specific role and assert properties, characteristics, or attributes of entities performing in a role.
• Must support efficient support for management of identities of objects, processes, and transactions on a very large scale.
• Must provide mechanisms for two-way assertions and authentication handshakes building mutual trust among mutually suspicious parties.
• The lifetimes of credentials may exceed human lifetimes in some cases, which implies that prevention of and recovery from losses are particularly difficult problems that must be managed.
• Must achieve longevity of security without the use of public-key cryptography or with quantum-resistant public key cryptography (such as Merkle Tree digital signatures). 
• Insider and outsider misuses are commonplace in identity management systems. These must be addressed.
• To whatever extent it can be automated, it must be administratively manageable and psychologically acceptable to users
• Must be embedded in trustworthy systems and be integrally related to authentication mechanisms and authorization systems, such as access controls.

NIST - Essential requirements for global-scale key management

"Key management is critical for all sensitive information processing applications. Economic prosperity is a major goal and needs information security.” ... “Nearly all Internet security protocols use cryptography for authentication, integrity and/or confidentiality, and hence, require key management (KM).” - Curtis Barker, Division Chief - Computer Security Division, NIST.

“There are several problems with today’s Cryptographic Key Management (CKM) solutions. They are expensive, hard to implement, difficult to maintain, perhaps insecure, and user unfriendly.” - Miles Smid, Former acting NIST Computer Security Division Chief.

Some identified essential features that are frequently not present in currently deployed key management systems include:

• Solutions that are focused on the user:
  • "It is not acceptable to only have a choice between usability with little security and security with little usability.  A CKM system designer has to know the prospective user and to understand that security is not the primary task of the user. A system must be efficient, effective and understandable. There is no complex system that is secure"
• Scalable Solutions:
  • "We know how to handle key management reasonably effectively for up to a million people, we need to go a couple of orders of magnitude beyond that in the relatively near future”
  • “Identity based symmetric keys may reduce the scale of symmetric key distribution problem”
• Solutions that offer vastly improved security:
  • “We’re not going to accept high risks in the future Internet, because we don’t want the adversaries to have high payoffs.”
  • “In light of quantum computing, CKM system designers must look at means other than public key-based key management systems; they must look at quantum computing-resistant algorithms and schemes.” 
  • “… must be secure, cost-effective, fault-tolerant, and highly available”
• Designs that are fault-tolerant and highly available:
  • “Survivable key management systems”

end faq