Home / News / Ron Ross: NIST Systems Security Engineering Guideline Details Cyber’s ‘Complexity’

Ron Ross: NIST Systems Security Engineering Guideline Details Cyber’s ‘Complexity’

cybersecurityThe National Institute of Standards and Technology has issued a security guideline that works to address ways to engineer systems that can operate continuously amid various disruptions, threats and hazards.

NIST Fellow Ron Ross wrote in a blog post published Tuesday the Special Publication 800-160 Systems Security Engineering guide was developed after four years of research and development.

“Our fundamental cybersecurity problem can be summed up in three words—too much complexity,” Ross wrote.

“There are simply too many bases—all the software, firmware, and hardware components that we rely on to run our critical infrastructure, business, and industrial systems—for us to cover as it is, and we’re adding to the number of bases all the time,” he added.

Ross noted increased complexity gives adversaries “limitless opportunity” to attack vulnerabilities in underlying systems.

Fundamental weaknesses in system architecture and design can be mitigated through a “holistic approach” based on systems security engineering techniques and design principles, according to Ross.

The security engineering approach is designed to help systems block penetration; limit damage from disruptions, hazards and threats; and continue to support missions and business operations after security incidents, Ross stated.

Organizations should integrate engineering-based security design principles at physical and virtual levels to address vulnerabilities, Ross said.

Check Also

DARPA Launches Program Seeking High Performance Computing for Military Simulators

The Defense Advanced Research Projects Agency launched a new program to improve how virtual training environments replicate real-world interactions and host more complex systems. DARPA unveiled Monday that the Digital RF Battlespace Emulator program intends to build a new breed of High Performance Computing capable of supporting advanced radio frequency for simulators. 

Leave a Reply

Your email address will not be published. Required fields are marked *