10 Commandments of Secure Engineering

By Darryl K. Taft

When engineering secure systems, you must follow the fundamental principles of data separation and separate data by mission, objective and trust level so that only approved individuals have access to different types of data as well as different parts of your system.

When designing systems, sometimes we focus so much on perimeter security that we forget to pay the same attention to building an in-depth defense posture. It is important to build sensible gates or privilege barriers throughout your systems—not just along the perimeter.

The saying “You’re only as secure as your weakest link” is absolutely true, which is why it’s important to isolate each part of the system, or mission, from failures and compromises in others. If one part of the system goes down, you don’t want this to affect other parts of your system, eventually taking down your entire IT infrastructure.

Engineer a secure way to shut down parts of your system that may be under compromise. This ensures that if a hacker does infiltrate one particular part of your system, you are able to stop him or her in their tracks before the consequences become widespread.

Oftentimes, security requirements can become a barrier to system functionality—but they don’t have to be. Find new, creative ways to create functional systems that are also secure.

The work for creating trustworthy, resilient systems isn’t done once a system is engineered. It is equally as important to maintain a strong defense posture over time, which heavily relies on continuously monitoring as many aspects of your system as feasible and storing this data for possible forensic analysis. You must monitor multiple points within your system, and keep the data around for weeks or even months, in the event that you need to investigate historical patterns as part of a larger security analysis further down the road.

Often it is difficult to obtain or understand the internal state of a system, so it’s important to make it easy to get to the telemetry and make it intuitive to understand. Only then will an operator be able to quickly understand the difference between a failure and a compromise.

Develop a set of baselines within your systems so that you can uncover deviations from normal patterns in volumes, identities, timestamps and messages within your data analysis. The ability to detect suspicious data movement is key to uncovering threats and vulnerabilities before they affect your system, and this is only accomplished when building into your system a sense of what is normal and what is abnormal.

Assign priorities to alerts, anomalies and telemetry data and align these with possible impact on your systems. For example, if you have set up alerts to show when a particular part of your system is accessed at an irregular hour by an unauthorized user three days in a row, this should trigger a high-priority alert indicating a possible breach.

Create multiple views of the same system or component, allowing a multi-perspective view. This adds an extra layer of visibility in systems or system components to improve security analysis and help you develop the proactive measures you need to ensure a fully secured system.