The New Old Discipline of Cyber Security Engineering

Page created by Jean Quinn
 
CONTINUE READING
The New Old Discipline of Cyber Security Engineering
The New Old Discipline of Cyber Security Engineering
                                                Thomas A. Fuhrman
                           Senior Vice President, Booz Allen Hamilton, Herndon, VA, USA

                                                                   Agency (NSA) and the Department of Homeland Security
Abstract - Although cyber security engineering is an
                                                                   jointly sponsor a program to designate schools whose
established and diverse engineering field, it is not widely
                                                                   curriculums meet certain standards as Centers of Academic
understood, and is under-applied in practice. The large and
                                                                   Excellence in Information Assurance Education. Yet while
growing need to secure IT networks has been the primary
                                                                   these and other programs are making progress in increasing
driver across society in developing the cyber security
                                                                   the cyber workforce, the demand continues to outpace supply.
workforce from high school through college and in the
continuing education programs of industry and professional               The body of knowledge for cyber security today is
societies. However, this emphasis on building the workforce        unquestionably centered on enterprise networks and IT
skills for securing IT networks neglects the distinct technical    systems. In fact, what is striking about the qualifications and
skills needed to secure complex systems other than traditional     deployment of cyber security practitioners is that only a small
IT systems. This paper focuses on the urgent need for the          percentage is focused beyond IT networks. This emphasis on
discipline of cyber security engineering and its relevance to      securing traditional IT systems is not misplaced, but it is
these complex systems, using mis-use case analysis as an           important to realize that systems other than traditional IT also
example of systems engineering methods that can be                 have critical and often distinct cyber security needs. Those
employed.                                                          systems are the purpose-built systems that exist to perform
                                                                   functions in the physical world—tasks other than pure data
Keywords: security engineering, systems engineering, cyber,        processing. This includes a large class of systems called by
mis-use case, tradeoff analysis                                    names such as closed-loop systems, embedded systems,
                                                                   complex systems, realtime systems, realworld systems,
                                                                   distributed systems, and unmanned systems. Specific
1    Introduction                                                  examples include power grids, smart cars, aircraft, air traffic
      The growing recognition of the threat that hackers pose      management systems, manufacturing process control systems,
to IT networks and the enterprise data that they hold and          Supervisory Control and Data Acquisition (SCADA) systems,
process has attracted a great number of professionals to the       oil drilling platforms, nuclear power plants, autonomous
field of cyber security. This workforce is widely deployed         underwater vehicles, Unmanned Aircraft Systems (UAS),
against the difficult task of protecting IT systems and            space vehicles, healthcare tools and systems including
software, corporate network infrastructures, and network           implantable medical devices, military weaponry, and a great
resources (e.g., “clouds”). Because this challenge requires a      many others. These systems are designed to perform specific
wide range of different skills, the cyber security workforce is    functions in the physical realm rather than in cyberspace,
highly diverse. Professional cyber security practitioners range    though certainly onboard computing and external network
from entry-level analysts to experienced System Security           interfaces are almost universally critical to their functions.
Engineers with multiple professional certifications. Managers            In the absence of an accepted all-encompassing term,
often view this set of specialists as the cyber “experts” in the   the term “mission systems” is used here in referring to this
organization, to be brought in when problems occur on the          class of systems.1
network, sometimes without regard to their particular
expertise. Assigning people with the right skill levels to the
right positions is uneven in both government and industry. [1,
                                                                   2      The Cyber Challenge for Mission
2, 3]                                                                     Systems
     Compounding the cyber security challenge is that there              The cyber challenge for mission systems today has two
are not enough cyber security professionals in the workforce.      dimensions. First, buyers and owners of mission systems
Many reports describe how the nation is critically short of        often do not have sufficient appreciation of the threats facing
people with these skills. [4, 5] Since the late-1990s, the U.S.    their systems in the cyber realm and the damage they can
government has made a concerted effort to increase the size
and depth of this workforce by establishing numerous               1
                                                                       Many such mission systems, including those that are termed
programs aimed at increasing the pipeline of qualified cyber           “critical infrastructures,” have connections to IT networks for the
security professionals. Cybersecurity scholarship programs             purpose of control and communication. In these cases, the IT
have been set up across the civil agencies and within the              network provides the automated control of the realworld system—
Department of Defense. Additionally, the National Security             reflecting Norbert Wiener’s original usage of the term cybernetics,
                                                                       from which today’s word cyber is derived. [6]
The New Old Discipline of Cyber Security Engineering
inflict. Second, the cyber security workforce has difficulty        disciplines and domains, especially power systems specialists
delivering its expertise in ways that are compatible with the       in this case, and to take a broad systems view of cyber risks.
main engineering effort so that the overworked adage about          For mission systems, the cyber engineer needs to know the
security being “built in, not bolted on” can be realized.           systems engineering process, the tools used, and the artifacts
                                                                    produced.
2.1    The Buyer/Owner Dimension
      There have been many cases in recent years in which                                                        	
  
cyber vulnerabilities in mission systems were only discovered                                                    	
  
when they were exploited. Recent newsworthy examples                                                             	
  
                                                                                                                 	
  
include the 2011 case of the in-theater military UAS sensor
                                                                                                                 	
  
system whose live streaming intelligence video was                                                               	
  
intercepted by the adversary using software downloaded from                                                      	
  
the Internet; the 2011 landing in Iran of a classified UAS,                                                      	
  
which at least one Iranian engineer claimed was achieved by                                                      	
  
cutting the command link and changing the vehicle’s GPS                                                          	
  
position; and the widespread reporting in 2010 of a                                                              	
  
sophisticated virus that targeted computers of the Siemens                                                       	
  
product line for managing large-scale industrial control                                                         	
  
systems used by manufacturing and utility companies.                                                             	
  
Further, a 2007 test conducted by the Idaho National                                                             	
  
                                                                                                                 	
  
Laboratory proved that the so-called “Aurora Vulnerability”
                                                                                                                 	
  
in a certain class of large electric generators and turbines that                                                	
  
serve the U.S. power grid could in fact be exploited in a way                                                    	
  
that would lead to their physical self-destruction. [7, 8, 9]                                                    	
  
                                                                                                                 	
  
      These events and others like them indicate that the cyber                                                  	
  
security community often has had too small a voice in the                                                        	
  
design decisions made in the development of mission                                                              	
  
systems. But cyber security needs have not been ignored                                                          	
  
totally, and there is widespread agreement on the general                                                        	
  
concept that cyber security engineering should be part of a                                                      	
  
broader system engineering effort. In the Department of                                                          	
  
Defense, for example, cyber security for mission systems is                                                      	
  
called out in certain areas, such as in the cyber security policy                                                	
  
                                                                       Figure	
  1.	
  Smart	
  Grid	
  Cyber	
  Security	
  Engineering	
  Tasks	
  
for space systems, which says that Information Assurance
(IA) ‘shall be applied in a balanced manner by performing                 One aspect of cyber security engineering that
Information System Security Engineering (ISSE) as an                differentiates it from other engineering fields is that its focus
integral part of the space system architecture and system           is primarily (though not exclusively) on the potential
engineering process to address all IA requirements in the           disruption of system performance caused by the deliberate
intended operational environment.’ [10]                             actions of human actors intent on doing harm. Designing for
                                                                    security is different in this way from designing against
      Similarly, the National Institute of Standards and            environmental effects, unreliable components, or external
Technology (NIST) has developed draft guidelines for                hazards. The unique value that the cyber expert can bring to
securing the vastly complex and emerging Smart Grid. [11]           an engineering effort is a technical understanding of the threat
The three-volume guidelines document describes a set of             and an ability to identify potential vulnerabilities in the
tasks for assessing cyber security issues and identifying cyber     mission system that could be exploited by the threat, as well
security requirements. (See Figure 1.) It also contains top-        as the range of options for mitigating the risk posed by the
level security requirements for the smart grid and defines the      threat.
logical reference model for interfaces and interactions
between the organizations, buildings, individuals, systems,              Figure 2 shows some of the threat vectors that mission
and devices that make up the Smart Grid domains. The                systems need to address. Additionally, cyber security
amount of content alone is an indication of the magnitude of        considerations can lead to requirements for implementing
the cyber challenge in this highly complex mission system.          special features such as a command disable function or anti-
                                                                    tamper technologies to guard against compromise and reverse
      The cyber security engineer cannot effectively work in        engineering if the system is physically exploited.
isolation. These tasks clearly require the cyber security
engineer to work side-by-side with engineers from other
The New Old Discipline of Cyber Security Engineering
mission systems, are not normally used in the development of
   	
   Exploitation	
  of	
  vulnerabilities	
  in	
  embedded	
  mission	
  platform	
               IT networks, and cyber security specialists are not usually
         software	
  and	
  firmware	
  (e.g,	
  Operational	
  Flight	
  Program)	
  and	
             expected to have this skill. Cybersecurity needs to be part of
         its	
  development	
  and	
  maintenance	
                                                     the tradespace. Advocates recognize that more formalization
   	
   Exploitation	
  of	
  vulnerabilities	
  of	
  on-­‐platform	
  operating	
  systems	
  
                                                                                                        of the cyber security engineering career field, patterned on the
                                                                                                        features of established engineering fields, will take time.[2, 3]
   	
   Exploits	
  against	
  the	
  attack	
  surface	
  of	
  the	
  connected	
  network	
  	
  
                                                                                                              Among the most mature of the efforts to advance the
   	
   Data	
  protocol	
  exploitation	
  
                                                                                                        systems engineering approach to cyber security is the
   	
   Insiders	
  (both	
  witting	
  and	
  unwitting)	
                                            Systems Security Engineering—Capability Maturity Model
   	
   External	
  interfaces/communications	
  links	
                                               (SSE-CMM) standard. Codified as an International
                                                                                                        Organization for Standardization (ISO) standard (ISO/IEC
   	
   Portable	
  media	
  (e.g.,	
  CDs,	
  USB	
  devices)	
                                       21827:2008), SSE-CMM describes the security engineering
   	
   Local	
  “plug-­‐in”	
  devices	
  (e.g.,	
  peripherals,	
  special	
  purpose	
              processes that organizations need to ensure good security
         probes,	
  sensors,	
  test	
  and	
  diagnostic	
  tools)	
                                   engineering. The standard provides a reference model for
                                                                                                        system security engineering throughout the entire system life
   	
   Supply	
  chain	
  
                                                                                                        cycle and the entire organization, including interaction with
                Figure	
  2.	
  Example	
  Cyber	
  Threat	
  Vectors	
  	
                             other disciplines and with other organizations. It is designed
                         Affecting	
  Mission	
  Systems	
                                              to be congruent with the Systems Engineering process. [13]

2.2       The Workforce Dimension                                                                       3        A Synthesis of Disciplines
      The workforce challenge for the cyber security of                                                       Systems Engineering is inherently interdisciplinary. As
mission systems is particularly difficult. Not only are there                                           such it provides an overarching framework in which multiple
too few cyber security professionals in total, but only a                                               disciplines can productively operate and integrate towards a
minority of those in the workforce today have the engineering                                           common design goal. Figure 3 summarizes some of the key
training and credentials to credibly engage in the engineering                                          features of Systems Engineering.
process. It is still somewhat unusual to find a cyber
professional with experience in mission systems engineering,                                                Systems	
  Engineering	
  is	
  an	
  interdisciplinary	
  approach	
  that	
  focuses	
  on	
  
and who is able to blend with an engineering team to develop                                                defining	
   customer	
   needs	
   and	
   required	
   functionality	
   early	
   in	
   the	
  
meaningful requirements and operate in the trade space                                                      development	
  cycle,	
  documenting	
  requirements,	
  then	
  proceeding	
  with	
  
through which the design is evolved.                                                                        design	
   synthesis	
   and	
   system	
   validation	
   while	
   considering	
   the	
  
                                                                                                            complete	
  problem:	
  
      These tasks would challenge many cyber specialists                                                                Operations	
  
                                                                                                                        Performance	
  
today because systems engineering methods differ in
                                                                                                                        Test	
  
important respects from the way cyber security services are
                                                                                                                        Manufacturing	
  	
  
typically delivered. The structure within which IT security                                                             Cost	
  &	
  Schedule	
  
specialists operate is the well-thought-out Risk Management                                                             Training	
  &	
  Support	
  
Framework (RMF) described in Special Publication 800-53                                                                 Disposal	
  
of the National Institute of Standards and Technology
                                                                                                            Systems	
  Engineering	
  integrates	
  all	
  the	
  disciplines	
  and	
  specialty	
  groups	
  
(NIST). The framework helps the specialist define required                                                  into	
   a	
   team	
   effort	
   forming	
   a	
   structured	
   development	
   process	
   that	
  
levels of assurance, select the appropriate security controls                                               proceeds	
   from	
   concept	
   to	
   production	
   to	
   operation.	
   Systems	
  
from a comprehensive catalog, assess that the controls are                                                  Engineering	
  considers	
  both	
  the	
  business	
  and	
  the	
  technical	
  needs	
  of	
  all	
  
implemented correctly, support a formal decision by a                                                       customers	
  with	
  the	
  goal	
  of	
  providing	
  a	
  quality	
  product	
  that	
  meets	
  the	
  
designated owner to authorize operation, and then                                                           user	
  needs.	
  
continuously monitor the security of the system throughout its                                                                           Source:	
  	
  International	
  Council	
  on	
  Systems	
  Engineering	
  
life cycle. [12]
                                                                                                                             Figure	
  3.	
  What	
  is	
  Systems	
  Engineering?	
  
      While the RMF and controls catalog form an essential
foundation, more is expected of the cyber security engineer.                                                  Cyber Security Engineering has strong affinity with two
First, the systems engineering environment expects a more                                               other disciplines found in this environment—System Safety
interdisciplinary focus and even more engineering creativity                                            Engineering and Reliability Engineering. These disciplines
than the RMF structure fosters. For systems of any                                                      have long histories and active professional communities. All
appreciable complexity, inevitably there are competing                                                  three are oriented towards managing throughout the full
operational and technical considerations. One of the key tools                                          system life cycle, and integrate very well into the overarching
of engineering for complex systems is the formal tradeoff                                               System Engineering framework. All three operate generally
study to examine alternatives and make design choices.                                                  in the realm of nonfunctional requirements, with the goal of
Tradeoff studies, while common in the engineering of                                                    making the design inherently resistant to failures. In practice,
The New Old Discipline of Cyber Security Engineering
concerns may be in tension with the performance objectives
                                                                                                            that the system is being designed to meet—and therefore may
                                                                                                            be overlooked or overcome by the pressure to deliver
                                                                                                            performance. Figure 4 shows a Venn diagram indicating the
                                                                                                            relationship among cyber security, safety, and reliability
                                                                                                            components. [14, 15, 16, 17, 18]

                                                                                                                  Good examples of the integration of these disciplines
                                                                                                            are found in two government agencies: the mission assurance
                                                                                                            program of NASA and the surety programs of the Department
                                                                                                            of Energy. Both explicitly seek to integrate safety, security,
                                                                                                            reliability, and quality across the system life cycle and have
                                                                                                            proven records of success. [19] Table 1 summarizes some of
                                                                                                            the key features and fundamental methods of Systems
                                                                                                            Engineering, Reliability Engineering, System Safety
                                                                                                            Engineering, and Cyber Security Engineering.

                                                                                                            4    Cyber Security in the Tradespace:
                                                                                                                 An Example
 Figure	
  4.	
   Convergence	
  of	
  Disciplines	
  Within	
  the	
  Systems	
                                 “Use case” analysis is one of the tools of Systems
                           Engineering	
  Framework	
                                                       Engineering that has particular relevance to cyber security,
                                                                                                            used for both requirements identification and in tradeoff
many of the tools (such as Risk Assessment) used within                                                     studies over alternative solutions. A use case is a description
these disciplines are very similar to each other. They also                                                 of the employment of the target system in an operating
have in common the fact that the non-functional requirements                                                scenario with emphasis on its functions and interactions with
that emerge from safety, cyber security, or reliability                                                     the external environment including human actors. It provides

                                                   Table	
  1.	
  Summary	
  of	
  Four	
  Systems	
  Engineering	
  Disciplines	
  

                     	
                                                    Background	
                                                              Fundamental	
  Methods	
  

    Systems	
  Engineering	
                Interdisciplinary	
  by	
  design	
                                                  Program	
  integration	
  and	
  management	
  tools	
  
                                            International	
  Council	
  on	
  Systems	
  Engineering	
  (INCOSE)	
               Use	
  Case	
  Analysis	
  
                                             develops	
  and	
  disseminates	
  best	
  practices	
  for	
                        Design	
  Trade-­‐off	
  Analysis	
  (Figures	
  of	
  
                                             successful	
  systems.	
                                                              Merit/Evaluation	
  Measures)	
  
                                            Publishes	
  the	
  Systems	
  Engineering	
  Handbook	
  and	
                      Life	
  Cycle	
  management	
  tools	
  
                                             maintains	
  the	
  Systems	
  Engineering	
  Body	
  of	
  Knowledge	
  	
  
                                            Certification	
  programs	
  [14]	
  
    Reliability	
  Engineering	
            Emerged	
  in	
  the	
  1950s	
                                                        Statistical	
  modeling	
  
                                            Relationship	
  to	
  Surety	
  Engineering	
  and	
  NASA	
  Mission	
                Reliability	
  Physics	
  (Physics	
  of	
  Failure)	
  	
  
                                             Assurance	
  [15]	
                                                                    Failure	
  Modes	
  and	
  Effects	
  Analysis	
  
                                            Industry-­‐recognized	
  Certified	
  Reliability	
  Engineer	
  (CRE)	
               Fault	
  Tree	
  Analysis	
  
                                             and	
  Certified	
  Reliability	
  Professional	
  certifications	
  
                                             through	
  American	
  Society	
  for	
  Quality	
  (ASQ)	
  [16]	
  
                                            IEEE	
  Reliability	
  Society	
  provides	
  numerous	
  professional	
  
                                             development	
  opportunities	
  [17]	
  
    System	
  Safety	
  Engineering	
       International	
  System	
  Safety	
  Society	
  fosters	
  the	
                     Qualitative	
  Analysis	
  to	
  anticipate	
  failure	
  
                                             application	
  of	
  systems	
  engineering	
  and	
  systems	
                       potential	
  during	
  the	
  design	
  phase	
  
                                             management	
  to	
  the	
  process	
  of	
  hazard,	
  safety,	
  and	
  risk	
      Hazard,	
  Safety,	
  and	
  Risk	
  analyses	
  (qualitative	
  
                                             analysis	
  [18]	
                                                                    and	
  quantitative)	
  
                                            Certification	
  programs	
                                                          Designing	
  ways	
  to	
  contain	
  failures	
  
                                                                                                                                  Safety	
  of	
  software	
  as	
  a	
  special	
  area	
  of	
  focus	
  

    Cyber	
  Security	
  Engineering	
      Major	
  industry-­‐recognized	
  certifications	
  through	
                        Mis-­‐Use	
  Case	
  Analysis	
  
                                             (ISC)2,	
  SANS,	
  ISACA,	
  and	
  other	
  organizations	
                        Threat	
  Identification	
  and	
  Characterization	
  
                                            System	
  Security	
  Engineering	
  Capability	
  Maturity	
  Model	
               Risk	
  Management	
  Framework	
  and	
  controls	
  
                                             (ISO/IEC	
  21827:2008)	
  model	
  for	
  organizations	
  [13]	
                    catalog	
  
                                                                                                                                  Continuous	
  management	
  of	
  system	
  security	
  
                                                                                                                                   throughout	
  the	
  life	
  cycle	
  

                                                                                                     	
  
a structured way of thinking about how the system will be                          diagrams as well, ultimately leading to additional system
used in its operating environment that helps in defining the                       requirements. [20, 21]
functional requirements.
                                                                                         Both analyses—use case and mis-use case—can help
     In practice, use cases are usually expressed using the                        with the trade studies through which the design evolves in
Unified Modeling Language (UML) that depicts both the                              addition to their role in requirements definition.
actors and the process flow, facilitating information exchange
and enabling the use of automated support tools. However, it                             An example of the use case and mis-use case operational
can be helpful to begin by developing a top-level conceptual                       views is shown in Figures 5 and 6. These figures depict a
picture similar to the “operational view” of the Department of                     notional case in the Air Traffic Management System: the pre-
Defense Architecture Framework (DODAF). This can then                              takeoff preparation of the aircraft, filing of the flight plan, and
provide a structured way of thinking about the problem to                          the ground operations associated with starting the engines and
illuminate needs, enable creative cross-disciplinary                               taxiing. Coordination with the air traffic management
discussion, and produce insights into the cyber security and                       facilities of the Federal Aviation Administration (FAA) is a
other non-functional requirements. It can be a pre-cursor to                       necessity, as are programming the onboard navigation
the UML Use Case Diagrams.                                                         computer, getting authorization from the airline operations
                                                                                   center, and obtaining taxi clearance from the control tower.

                       Figure	
  5.	
  Operational	
  View	
  of	
  a	
  Pre-­Takeoff	
  Use	
  Case	
  (Air	
  Traffic	
  Management)	
  

      A tool that is particularly suited to the cyber security                     These process steps are accomplished by people at a wide
engineering challenge is “mis-use case” analysis. Initially                        range of locations and facilities.2 The operational view of the
developed in the 1990s, the mis-use case turns the use case
                                                                                   2
around by focusing on what a malicious actor could do to                              This scenario is for illustration only. In reality, most of the
disrupt, subvert, or negate the performance of the system. The                     requirements of today’s Air Traffic Management System are already
top-level operational view can also be used for the mis-use                        known and specified by standards and regulatory requirements of the
                                                                                   FAA and other agencies. Nonetheless, specific implementation
case. These insights can later be developed into UML                               details would typically still need to be decided as part of the system
                                                                                   engineering effort, and a regular review of mis-use cases is advisable
                                                                                   as threats change.
use case and its associated misuse case allow all members of                        5      Summary and Prescription
the systems engineering team to work together from a
common starting point.                                                                    Although the intellectual groundwork for cyber security
                                                                                    engineering for mission systems is solidly in place, the degree
      Examination of the mis-use case should involve every                          of true engagement by cyber security engineers still falls short
component and link within the system, and every relevant                            of what it should be. Evidence indicates that acquiring
threat vector with the goal of illuminating the cyber security                      organizations do not have a clear picture of the value
challenges. These results should be brought forward for                             proposition of the cyber security engineer, and, frankly, there
further consideration and analysis.                                                 are not enough qualified cyber security engineers to meet the
                                                                                    needs even if the value proposition were recognized. If cyber
      In the example shown in Figure 6, possible cyber                              security specialists are to have an impact on mission systems,
challenges suggested by the operational view include                                they must have the skills to engage in the system engineering
interception of mission data by intruding into the                                  process as franchised members, not as dabblers. This will be
communication links in the system; exploitation of the insider                      difficult to achieve as the cyber community is already
leading to compromise of access controls or other critical                          struggling to develop the workforce to address the more
security controls; penetration of the ground-based networks                         obvious needs of securing networks and IT systems.
that communicate and process critical system data; and

                    Figure	
  6.	
  Operational	
  View	
  of	
  a	
  Pre-­Takeoff	
  Mis-­Use	
  Case	
  (Air	
  Traffic	
  Management)	
  

malicious exploitation of vulnerabilities in the supply chain of                         More emphasis is therefore needed on the specific
the avionics equipment. These insights are just the start of the                    challenge of cyber security engineering for mission systems
process, and a full use/mis-use case analysis using accepted                        through existing university programs, U.S. government cyber
systems engineering tools should be the next step.                                  scholarship initiatives, and professional certification
                                                                                    programs.
Cyber security specialists themselves need to be part of    [7] Peter       Neumann.        Moderator,     Risks      Digest,
the solution. They should strive to learn the practices of       http://catless.ncl.ac.uk/Risks.
systems engineering, encourage their organizations to
embrace SSE-CMM, and work hard at their own professional         [8] Robert McMillan. “Virus targeted at Siemens industrial
development. They should learn and internalize the unique        control systems”, IDG News Service, July 17, 2010.
value that the cyber security engineering community can          http://www.networkworld.com/news/2010/071710-new-
bring to the systems engineering arena. And they should gain     virus-targets-industrial.html.
experience in the use of systems engineering tools.
                                                                 [9] Brent Kesler. “The Vulnerability of Nuclear Facilities to
      Lastly, the similarities and strong overlaps among Cyber   Cyber Attack,” Strategic Insights, Vol. 10, Issue 1, pp. 15 –
Security Engineering, System Safety Engineering, and             25, Spring 2011.
Reliability Engineering should prompt those professional
communities to work together in an effort to find greater        [10] DoD Directive 8581.1. “Information Assurance (IA)
synergy in the systems engineering environment. The              Policy for Space Systems Used by the Department of
professional societies and associations that represent these     Defense,” June 21, 2005.
stakeholders should join together under the auspices of the
International Council on Systems Engineering (INCOSE) to         [11] The Smart Grid Interoperability Panel – Cyber Security
tackle this together to enhance the profession and produce       Working Group. Guidelines for Smart Grid Cyber Security,
mission systems with better performance in any                   NISTIR 7628, August 2010.
environment—normal, abnormal, or hostile.
                                                                 [12] NIST Special Publication 800-53 Revision 3.
                                                                 “Recommended Security Controls for Federal Information
6    References                                                  Systems and Organizations,” National Institute of Standards
[1] Cyber IN-security: Strengthening the Federal Cyber           and Technology, Gaithersburg, MD.
security Workforce; Partnership for Public Service and Booz
Allen Hamilton, July 2009.                                       [13] ISO/IEC 21827:2008. Systems Security Engineering—
                                                                 Capability Maturity Model®.
[2] Brian Dutcher. “Determining the Role of the
IA/Security Engineer,” SANS Institute; InfoSec Reading           [14] International Council on          Systems        Engineering
Room. March 15, 2010,                                            (INCOSE). http://www.incose.org
http://www.sans.org/reading_room/whitepapers/assurance/det
ermining-role-ia-security-engineer_33508.                        [15] NASA Office of Safety and Mission Assurance.
                                                                 http://www.hq.nasa.gov/office/codeq/.
[3] Robert Ayoub. The 2011 (ISC)2 Global Information
Security Workforce Study, Frost & Sullivan Market Survey         [16] American Society for Quality. Certified Reliability
Sponsored by (ISC)2, 2011.                                       Engineer,
                                                                 http://prdweb.asq.org/certification/control/reliability-
[4] Karen Evans and Franklin Reeder. “Human Capital              engineer/index.
Crisis in Cybersecurity Technical Proficiency Matters,” A
Report of the CSIS Commission on Cybersecurity for the           [17] IEEE Reliability Society. http://rs.ieee.org/.
44th Presidency, Center for Strategic and International
Studies, November 2010.                                          [18] The     International     System        Safety      Society.
                                                                 http://www.system-safety.org/.
[5] Eric Beidel and Stew Magnuson. “Government, Military
Face Severe Shortage Of Cybersecurity Experts”, National         [19] Nancy Leveson. “White Paper on Approaches to Safety
Defense (National Defense Industrial Association), August        Engineering.” Nancy Leveson’s Home Page at MIT, April 23,
2011,                                                            2003; http://sunnyday.mit.edu/caib/concepts.pdf.
http://www.nationaldefensemagazine.org/archive/2011/Augus
t/Pages/Government,MilitaryFaceSevereShortageOfCybersec          [20] Guttorm Sindre and Andreas Opdahl. Eliciting Security
urityExperts.aspx.                                               Requirements by Misuse Cases, Proceedings of TOOLS
                                                                 Pacific 2000, pp. 120-131, 20-23 November 2000, IEEE
[6] Norbert Wiener. Cybernetics: or Control and                  Computer Society Press.
Communication in the Animal and the Machine, The
Massachusetts Institute of Technology, Cambridge, MA,            [21] Ian Alexander. “Use/Misuse Case Analysis Elicits Non-
1948 and 1961.                                                   Functional   Requirements,”    Computing     &     Control
                                                                 Engineering Journal, Volume 14, Issue 1, pp. 40 – 45, Feb.
                                                                 2003.
You can also read