The National Institute of Standards and Technology has issued a security guideline that works to address ways to engineer systems that can operate continuously amid various disruptions, threats and hazards.
NIST Fellow Ron Ross wrote in a blog post published Tuesday the Special Publication 800-160 Systems Security Engineering guide was developed after four years of research and development.
“Our fundamental cybersecurity problem can be summed up in three words—too much complexity,” Ross wrote.
“There are simply too many bases—all the software, firmware, and hardware components that we rely on to run our critical infrastructure, business, and industrial systems—for us to cover as it is, and we’re adding to the number of bases all the time,” he added.
Ross noted increased complexity gives adversaries “limitless opportunity” to attack vulnerabilities in underlying systems.
Fundamental weaknesses in system architecture and design can be mitigated through a “holistic approach” based on systems security engineering techniques and design principles, according to Ross.
The security engineering approach is designed to help systems block penetration; limit damage from disruptions, hazards and threats; and continue to support missions and business operations after security incidents, Ross stated.
Organizations should integrate engineering-based security design principles at physical and virtual levels to address vulnerabilities, Ross said.