With an eye toward use in automobiles, the electric grid, and emergency response teams, the National Institute for Science and Technology (NIST) proposes how organizations can incorporate time-tested security design principles and concepts into these systems from concept to completion in a new publication.
Originally available in 2014, Special Publication 800-160: Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems is based on the international ISO/IEC/IEEE Standard 15288 for Systems and Software Engineering. The new public draft aims to merge the cyber and physical world best practices.
“The systems security engineering considerations in NIST SP 800-160 give organizations the capability to strengthen their systems against cyberattacks, limit the damage from those attacks if they occur, and make their systems survivable,” NIST Fellow Ron Ross said in a blog.
Of interest to software developers is Appendix J “Software Security And Assurance: Applying Security Fundamentals To Achieve More Trustworthy Software” discusses security controls for software assurance.
“The key to reducing the risk to our critical infrastructure is to build ‘trustable‘ systems on a foundation of systematic and accepted engineering principles,” said Robert Bigman, a cybersecurity consultant at 2BSecure and former Central Intelligence Agency chief information security officer.
“NIST SP 800-160 will become the de facto standard for integrating ‘trustability’ into the design, development, deployment and operation of systems used both within government and commercial critical infrastructure industries,” he said.