Hybrid Threat

We are challenged not only by novel employment of conventional weaponry, but also by the hybrid nature of asymmetric tactics such as terrorism and cyber warfare. Thus, managing the complexity of today’s systems and being able to claim that those systems are trustworthy and secure means that first and foremost, there must be a level of confidence in the ability of a system to function securely as intended. pdf

While it is impossible to know all potential forms of adversity or to stop all anticipated disruptions, hazards, and threats, the basic architecture and design of systems can make those systems inherently less vulnerable, provide an increased level of penetration resistance, and offer engineered-in tolerance and resilience that can be leveraged by system owners and operators— allowing missions and business functions to exercise resilience techniques even when the systems are operating in degraded or debilitated states.

The engineering of agile systems offers unique challenges to the system security engineer based on the similarities and differences between the systems. The similarities offer the potential for reuse of development, assessment, and related approaches, whereas the differences increase the likelihood of invalidly applying assumptions from one operating environment to another with potentially adverse consequences.


After a provocative introduction I found the report to be 250 pages of tedious specification extracted from previous reports and given a gloss of security diligence appropriate for military contractors who provide a vanishingly small proportion of the world's software.

I found much of the report overly corporate. If we were talking about water pollution would we have no concern for those downstream? For example: "Adequate security is a trade space decision or judgement driven by the objectives and priorities of stakeholders."

I was once asked by a colleague, a biologist, why computer systems keep breaking. We live in a world guided by economic transactions, I suggested, where the cost of failure is not borne by parties to the trade.

I was misled to the NIST report by a post that also cited the recently released and equally bland U.S. Department of Homeland Security's Strategic Principles for Securing the Internet of Things. pdf