Home / News / Ron Ross: NIST Systems Security Engineering Guideline Details Cyber’s ‘Complexity’

Ron Ross: NIST Systems Security Engineering Guideline Details Cyber’s ‘Complexity’

cybersecurityThe National Institute of Standards and Technology has issued a security guideline that works to address ways to engineer systems that can operate continuously amid various disruptions, threats and hazards.

NIST Fellow Ron Ross wrote in a blog post published Tuesday the Special Publication 800-160 Systems Security Engineering guide was developed after four years of research and development.

“Our fundamental cybersecurity problem can be summed up in three words—too much complexity,” Ross wrote.

“There are simply too many bases—all the software, firmware, and hardware components that we rely on to run our critical infrastructure, business, and industrial systems—for us to cover as it is, and we’re adding to the number of bases all the time,” he added.

Ross noted increased complexity gives adversaries “limitless opportunity” to attack vulnerabilities in underlying systems.

Fundamental weaknesses in system architecture and design can be mitigated through a “holistic approach” based on systems security engineering techniques and design principles, according to Ross.

The security engineering approach is designed to help systems block penetration; limit damage from disruptions, hazards and threats; and continue to support missions and business operations after security incidents, Ross stated.

Organizations should integrate engineering-based security design principles at physical and virtual levels to address vulnerabilities, Ross said.

Check Also

USCIS Launching System Modernization, Supply Chain Security Initiatives

The U.S. Citizenship and Immigration Services is working on modernizing its systems and fortifying software security at the supply chain level, Federal Times reported Friday. Adrian Monza, chief of the Department of Homeland Security component's cyber defense branch, told the publication that USCIS is launching “very significant” modernization efforts and that other agencies must be able to defend their networks against threats to financial databases.

Leave a Reply

Your email address will not be published. Required fields are marked *