Struggling to identify real risks
Part of the risk identification problem was the previous approach. The threat modeling approach they had been using identified over 300 distinct risk items. Struggling with the sheer volume made the team unable to see the forest for the trees. Identifying the root causes of the items was a difficult and time-consuming task. But without identifying these root causes, the firm lacked clarity around the true risks.
Struggling with risk prioritization and management
Without a clear understanding of potential vulnerabilities and impacts, the development team was unable to prioritize the risks. Additionally, they were identifying more risks than they were able to effectively mitigate. The key here is that they weren’t able to identify which risks were most critical to resolve.
To resolve concerns relating to the use of wireless components, the firm was considering the implementation of a Diffie-Hellman key exchange security control. However, they didn’t understand that Diffie-Hellman lacks authentication controls. Their new design didn’t have the same authentication as their current implementation. This resulted in a lack of clarity around their planned security control implementing the key exchange.
Solution: Threat modeling
During the threat modeling process, Synopsys interviewed members of the neuroimplantable system team. The Synopsys team also reviewed design documentation to identify assets, threats, trust zones, potential attack vectors, and security implications of the proposed design.
Aligning the team
The threat model provided risk identification and a foundational understanding of these risks. This understanding resolved the team’s confusion. They moved on to create concrete requirements with rationale in a matter of weeks. The team achieved this with a systematic, disciplined, and repeatable approach to risk identification. They produced artifacts communicating the impact of potential cost-saving decisions to engineering and management.
Identifying real risks
The threat model produced a traceability matrix of assets, threats, and potential attacks to controls and system requirements.
The Synopsys team identified risks and the underlying root causes. Those risks were then traced back to the security principles. With the risks, root causes, and security principles outlined in the matrix, it was now possible to define high-level draft requirements and test plans. These would help to reduce the risks to an acceptable level.
The Synopsys threat modeling approach proved highly effective when compared to the firm’s previous approach. Synopsys reported a smaller number of tangible risks for the firm’s development team to focus on. Additionally, system-specific context highlighted the business impact, which allowed for greater understanding.
Prioritizing and managing the risks
In response to the identified risks, Synopsys provided recommendations to the firm’s development team based on root cause analysis. After business impacts were identified, the risks could be prioritized to align with the firm’s goals.
The highest risks related to
- the device’s battery life,
- key disclosure,
- confidentiality, and
- integrity of communications.
This information would drive prioritized effort toward the highest risks, thereby ensuring high-level requirements were created to reduce each risk to an acceptable level. This would also be followed by appropriate verification and validation efforts.
Results and impact
The Synopsys threat modeling methodology provided traceability and visibility into the necessity of requirements. The process provided the firm with an effective and systematic method of making informed decisions—in particular, those relating to cost savings achieved by leveraging the wireless communications. Additionally, the development team saved time and effort by focusing on a small number of root cause issues, rather than several hundred risks.
The repeatable risk identification approach resonated with the development team. The prioritization of the threat model’s results allowed the firm to kick off the design and implementation phases. The goal of these phases focused on risks and enabling the team to make informed decisions. Increased productivity ultimately led to the delivery of high-quality, actionable results. In the end, the team was able to implement these results immediately.