Cyber Resilience, Dependability and Security

International Conference on Cyber Warfare and Security Pub Date : 2024-03-21 DOI:10.34190/iccws.19.1.2181

Gareth Davies, Angela Mison, Peter Eden

{"title":"Cyber Resilience, Dependability and Security","authors":"Gareth Davies, Angela Mison, Peter Eden","doi":"10.34190/iccws.19.1.2181","DOIUrl":null,"url":null,"abstract":"There is a continuing skills shortage associated with digital security and DevSecOps (World Economic Forum, 2023), but this paper argues that is due to non-recognition that it is time for cyber security and/or digital security to be defined, and a further separation of specialisms in computing to be made apparent. This has become increasingly important when considering Artificial Intelligence. The problem is not new. This paper presents a refinement of the principles suggested by Milner (2007) of using a model to describe behaviour and organise software, grappling with seemingly intractable and complex problems which cross boundaries between different systems: engineering, technological, social, economic, legal, and political, each with a distinct perspective and goal. It emphasises Hoare’s (1996) assertion that system failures are largely due to failed analysis impacting development of resilient systems. It argues that there are dichotomies between resilience – a system security/safety perspective, dependability – a user/consumer perspective, and security – a technology perspective. Many proposed systems to date have conflated these perspectives in the secure by design paradigm which requires a depth of knowledge and expertise. Unicorns are rare. This paper suggests how to overcome the skills shortage utilising the skill sets that are available in a manner that maximises the contribution to digital security. Recognising that not everyone and everything needs to communicate with the world reduces complexity and can increase trust. Concentration on the operational purpose of a system, resulting in an Operational Design Domain (ODD) reduces complexity further. Additional reduction in complexity is achieved by placing resilience in an engineering and programming development context, grounded in acceptable behaviours, while accepting dependability as a user expectation of system behaviour, and cyber security as a separate specialism addressing access to systems and infrastructure. Much of this paper is a reversion to defensive programming through the ODD. There is a need for any solution to the skills shortage be scalable and economic, and this paper suggests how that can be achieved using existing skill sets targeted at their specialisms.","PeriodicalId":429427,"journal":{"name":"International Conference on Cyber Warfare and Security","volume":" 63","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Cyber Warfare and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34190/iccws.19.1.2181","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

There is a continuing skills shortage associated with digital security and DevSecOps (World Economic Forum, 2023), but this paper argues that is due to non-recognition that it is time for cyber security and/or digital security to be defined, and a further separation of specialisms in computing to be made apparent. This has become increasingly important when considering Artificial Intelligence. The problem is not new. This paper presents a refinement of the principles suggested by Milner (2007) of using a model to describe behaviour and organise software, grappling with seemingly intractable and complex problems which cross boundaries between different systems: engineering, technological, social, economic, legal, and political, each with a distinct perspective and goal. It emphasises Hoare’s (1996) assertion that system failures are largely due to failed analysis impacting development of resilient systems. It argues that there are dichotomies between resilience – a system security/safety perspective, dependability – a user/consumer perspective, and security – a technology perspective. Many proposed systems to date have conflated these perspectives in the secure by design paradigm which requires a depth of knowledge and expertise. Unicorns are rare. This paper suggests how to overcome the skills shortage utilising the skill sets that are available in a manner that maximises the contribution to digital security. Recognising that not everyone and everything needs to communicate with the world reduces complexity and can increase trust. Concentration on the operational purpose of a system, resulting in an Operational Design Domain (ODD) reduces complexity further. Additional reduction in complexity is achieved by placing resilience in an engineering and programming development context, grounded in acceptable behaviours, while accepting dependability as a user expectation of system behaviour, and cyber security as a separate specialism addressing access to systems and infrastructure. Much of this paper is a reversion to defensive programming through the ODD. There is a need for any solution to the skills shortage be scalable and economic, and this paper suggests how that can be achieved using existing skill sets targeted at their specialisms.

查看原文本刊更多论文

网络复原力、可靠性和安全性

与数字安全和 DevSecOps 相关的技能持续短缺（世界经济论坛，2023 年），但本文认为，这是由于人们没有认识到，现在是对网络安全和/或数字安全进行定义的时候了，也是对计算机专业进行进一步分离的时候了。在考虑人工智能时，这一点变得越来越重要。这个问题并不新鲜。本文对米尔纳（2007 年）提出的使用模型描述行为和组织软件的原则进行了改进，以解决看似难以解决的复杂问题，这些问题跨越了不同系统之间的界限：工程、技术、社会、经济、法律和政治，每个系统都有其独特的视角和目标。它强调了 Hoare（1996 年）的论断，即系统故障在很大程度上是由于失败的分析影响了弹性系统的开发。它认为，在弹性--系统安全/保障角度、可靠性--用户/消费者角度和安全性--技术角度之间存在二分法。迄今为止，许多拟议的系统都将这些视角混淆在安全设计范式中，这需要深厚的知识和专业技能。独角兽是罕见的。本文提出了如何利用现有的技能组合克服技能短缺问题，从而为数字安全做出最大贡献。认识到并非每个人、每件事都需要与世界沟通，可以降低复杂性，提高信任度。专注于系统的运行目的，形成运行设计域（ODD），可进一步降低复杂性。将复原力置于工程和编程开发的背景下，以可接受的行为为基础，同时接受可依赖性作为用户对系统行为的期望，并将网络安全作为一个单独的专业领域来解决系统和基础设施的访问问题，从而进一步降低复杂性。本文的大部分内容是通过 ODD 恢复防御性编程。任何解决技能短缺的方案都需要具有可扩展性和经济性，本文提出了如何利用现有的技能组合来实现这一目标。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Conference on Cyber Warfare and Security

自引率

0.00%

发文量