The Cyber Immune approach describes a methodology for creating secure-by-design systems that uses methods accessible to most business customers and developers. In particular, this approach helps a customer to articulate security objectives without delegating the responsibility and provides the developer with criteria for meeting these objectives.
Cyber Immune requirements to system architecture and design are based on core security templates, which drastically raise the standard of system security even in the absence of any other protection methods. Meanwhile, using other security templates, largely unknown to most developers, to build applications helps to increase system transparency and makes it easier to verify its security properties.
A properly designed and verified Cyber Immune system is capable of meeting declared security objectives even while it is under attack, as long as the security assumptions are true. Note that a Cyber Immune system is even capable of resisting threats that were unknown at the time of development.
It certainly takes more time and money to develop a secure system than one that “just works”. But this is a question of risks and costs that the system owner would be willing to accept.
Real-world experience shows that whether or not the system will be attacked is not even a question. The question is when. How large will the damage be? Will the first incident also be the last? How much time and resources will recovery and updating consume? Will it be possible to regain the owner’s lost reputation and the trust of customers and system users? A system must be updated not only after it is attacked, but to prevent an attack, as soon as vulnerabilities in any of its components come to light. Depending on the nature of the system, the update may be trivial, extremely resource-intensive, or occasionally, even impossible.
In the case of a Cyber Immune system, the extra development costs are very likely to be offset by the low cost of support. You may very well not even need any updates.
Security is an issue that affects every system, all the time. It is only necessary to calculate whether it is more cost-effective to develop a Cyber Immune system or to hope that the cost of updating the system is low and the direct and indirect damage of an attack is acceptable.
The Cyber Immune approach describes a methodology for creating secure-by-design systems that uses methods accessible to most business customers and developers. In particular, this approach helps a customer to articulate security objectives without delegating the responsibility and provides the developer with criteria for meeting these objectives.
Cyber Immune requirements to system architecture and design are based on core security templates, which drastically raise the standard of system security even in the absence of any other protection methods. Meanwhile, using other security templates, largely unknown to most developers, to build applications helps to increase system transparency and makes it easier to verify its security properties.
A properly designed and verified Cyber Immune system is capable of meeting declared security objectives even while it is under attack, as long as the security assumptions are true. Note that a Cyber Immune system is even capable of resisting threats that were unknown at the time of development.
It certainly takes more time and money to develop a secure system than one that “just works”. But this is a question of risks and costs that the system owner would be willing to accept.
Real-world experience shows that whether or not the system will be attacked is not even a question. The question is when. How large will the damage be? Will the first incident also be the last? How much time and resources will recovery and updating consume? Will it be possible to regain the owner’s lost reputation and the trust of customers and system users? A system must be updated not only after it is attacked, but to prevent an attack, as soon as vulnerabilities in any of its components come to light. Depending on the nature of the system, the update may be trivial, extremely resource-intensive, or occasionally, even impossible.
In the case of a Cyber Immune system, the extra development costs are very likely to be offset by the low cost of support. You may very well not even need any updates.
Security is an issue that affects every system, all the time. It is only necessary to calculate whether it is more cost-effective to develop a Cyber Immune system or to hope that the cost of updating the system is low and the direct and indirect damage of an attack is acceptable.