How do engineers make cyber networks safer?
Engineers protect sensitive data against an ever-evolving array of threats by applying their skills in areas like systems architecture, machine learning, modeling, and reverse engineering. They play an essential role in building a more secure future for technologies like self-driving cars and connected medical devices. Systems engineering provides the foundation for a disciplined and structured approach to engineering trustworthy secure systems. Trustworthiness includes attributes of safety, security, reliability, dependability, performance, resilience, and survivability under a wide range of potential adversity in the form of disruptions, hazards, and threats. A trustworthy system is a system that meets specific security requirements in addition to meeting other critical requirements. Engineering provides the needed complementary engineering capability that extends the notion of trustworthiness to deliver trustworthy secure systems. Systems security engineering contributes to a broad-based and holistic security perspective and focus within the systems engineering effort. The effectiveness of any engineering discipline depends on understanding the problem that is being solved and consideration of all feasible solution options before acting to solve the identified problem. To maximize the effectiveness of systems security engineering, security requirements for the protection against loss in the context of all relevant assets, driven by business, mission, and all other stakeholder asset loss concerns, must be defined and managed as a set of engineering requirements and cannot be addressed independently or after the fact. System security is the application of engineering and management principles, concepts, criteria, and techniques to optimize security within the constraints of operational effectiveness, time, and cost throughout all stages of the system life cycle. When performing appropriate analysis, the evaluation is performed holistically by tying into systems security engineering concepts and best practices and ensuring that system security has an integrated, system-level perspective. Systems security engineering focuses on the protection of stakeholders and system assets so as to exercise control over asset loss and the associated consequences.
References:
Ross, R. , McEvilley, M. and Oren, J. (2018), Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems [including updates as of 1-03-2018], Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-160 (Accessed March 31, 2023)