Beyond Security-by-design: Securing a compromised system

TL;DR

This paper emphasizes the need to shift from traditional security-by-design approaches to strategies that focus on securing systems even when they are compromised, due to the complex and interconnected nature of modern digital infrastructures.

Contribution

It introduces the concept of 'securing-a-compromised-system' as a new paradigm for managing security in complex, heterogeneous digital environments.

Findings

Highlighting the limitations of security-by-design in complex systems

Proposing a new paradigm for security in compromised scenarios

Addressing security challenges in cyber-physical infrastructures

Abstract

Digital infrastructures are seeing convergence and connectivity at unprecedented scale. This is true for both current critical national infrastructures and emerging future systems that are highly cyber-physical in nature with complex intersections between humans and technologies, e.g., smart cities, intelligent transportation, high-value manufacturing and Industry 4.0. Diverse legacy and non-legacy software systems underpinned by heterogeneous hardware compose on-the-fly to deliver services to millions of users with varying requirements and unpredictable actions. This complexity is compounded by intricate and complicated supply-chains with many digital assets and services outsourced to third parties. The reality is that, at any particular point in time, there will be untrusted, partially-trusted or compromised elements across the infrastructure. Given this reality, and the societal scale of digital infrastructures, delivering secure and resilient operations is a major challenge. We argue that this requires us to move beyond the paradigm of security-by-design and embrace the challenge of securing-a-compromised-system.