How do engineers make cyber networks safer?
Much of the safety found in cyber networks is thanks to the work done by systems security engineers, which is a specialty discipline of systems engineering. Systems security engineering establishes the appropriate security principles, concepts, methods, and practices to be applied during the system life cycle to achieve assurance and trustworthiness in a given system (including cyber networks), thereby protecting sensitive assets from all forms of adversity. To achieve this, they must identify and address any protection needs and security concerns associated with the system in question. This involves protecting intellectual property such as data, information, methods, techniques, and technology that are essential to the system. Asset protection is a vital and necessary element of network safety. Engineers understand this need for the protection of valuable information and devise a plan of action to achieve this objective. By applying specific security design principles to system elements or components consisting of hardware, software, and firmware, engineers can build a network that is trustworthy and adequately safe. They must be adequately safe because a perfectly safe system does not and will not ever exist. Engineers evaluate the sum of all system protections for all system execution modes (initiation, operation, maintenance, training, and shutdown) for all system states (secure, nonsecure, normal, degraded, recovery) and for all transitions that happen between system execution modes. Engineers help optimize system security by designing loss prevention strategies that are proactive and reactive in regard to the losing of assets and the unacceptable consequences that come along with it, thereby strengthening the safety of the network. Ultimately, cyber networks are made safer through the engineering of security functions that provide system security capability, the engineering of the security-driven constraints for all system functions, and the engineering and advising for the protection of data, information, technology, methods, and assets associated with the system throughout its life cycle.
References
Ross, R., McEvilley, M., & Oren, J. (2016). Systems security engineering: Considerations for a multidisciplinary approach in the engineering of trustworthy secure systems. NIST Special Publication 800-160.