Critical Infrastructure Security, Network Security

Trustworthiness can’t guarantee security, but it’s indispensable

The unfortunate reality today is that some of the most brilliant minds in computing have dedicated themselves to creating innovative ways of attacking IT infrastructures.

As a result, attacks on these systems have emerged as a significant cost consideration in enterprise computing, influencing purchasing decisions both for general-purpose processing, storage, and working products, and for specialized security hardware, software, and services.

To what extent do security threats affect information technology investment decisions? It is clear that security concerns have become strong enough to drive consumers to seek products, services and vendors with a solid reputation for security.

IT decision-makers are aware that IT products are not immune from sophisticated and stealthy attacks. They also understand the importance of acquiring products that incorporate the very latest in security-oriented features and design techniques. It is important for them to verify that these products have not been tampered with during the manufacturing-and-distribution supply chain and do not contain deliberately built-in security vulnerabilities.

The offerings that meet these requirements are referred to as trustworthy products and systems. The concept of a trustworthy system sets a high bar for security. The system, along with its subsystems and components, must embody established, reliable security design features, practices and execution standards. Compliance with security standards and practices needs to be proven to the satisfaction of the consumer, either through the product vendor's own quality assurance procedures, or certified by a neutral and knowledgeable third-party.

The assurance process ranges far beyond the primary vendor's own design, manufacturing, distribution and service practices. Primary vendors must also be held accountable for the trustworthiness of components and subsystems outsourced from subcontractors and OEM suppliers.

A trustworthiness assurance process stretches across the full lifecycle of the product, from inception to the eventual decommissioning. Over the product's lifespan, it must be operated and maintained in full fidelity, with best practices implemented constantly. This requires timely software updates, patches, any necessary standard recertifications and even early dismissal from a production environment should the product be recalled or decertified for commercial or public use.

Vendors are essential to the trustworthy systems concept. Even if a product meets all formal certification criteria, it cannot be considered trustworthy unless it is sold and supported by an equally trusted vendor.

So how does one identify a trustworthy vendor? The perception of trustworthiness stems from external reputation factors, the vendor's observable behaviors and ultimately the consumer's own business experiences with a vendor.

External validation of vendor reputation can involve both formal and informal standards.

Formal standards could entail the following: Industry certifications relevant to IT security, industry analyst rankings, inclusion in approved-vendor lists (such as the GSA schedule), customer references and independently certified customer satisfaction ratings. Some reputation indicators may have only indirect relevance to a vendor's IT expertise – for example, appearances on “best places to work” surveys or credit ratings can indicate vendors with high standards of employee relation practices and fiscal integrity.

Additionally, consider individual, one-to-one business relationship factors, which are often highly subjective. Indicators here can include a willingness to provide product validation and certification information, responsiveness and overall transparency in dealing with business and technical problems.

Initially, it might seem like system and vendor trustworthiness can exist independently from one another. System dependability can be evaluated and certified according to objective, technical criteria. Vendor reliability, however, depends largely on human opinions of vendor behavior, regardless of whether these perceptions come from knowledgeable third parties (analysts, customers, credit rating firms, best-places-to-work magazine stories), or the consumer's own experience. But the reader will quickly recognize that positive, independently certifiable belief in system trustworthiness can be fatally undermined by any perceptions of vendor unreliability.

The logic here is that while system trustworthiness can be validated, vendor trustworthiness must be earned and constantly affirmed in the eyes of the technology consumer. When vendor trustworthiness ceases to exist, so does that of the products and services the vendor sells.

Reputations built on trust are inherently volatile. A scandal, media exposé, quality breakdown or bad behavior in a business relationship can destroy perceptions of trust and taint anything the vendor has produced in the consumer's IT infrastructure. When it comes to trustworthiness, “What have you done for me lately?” is a fair question to ask.

As previously discussed, trustworthiness does not ensure immunity from breakdowns or security attacks. Trustworthiness offers, at best, the prerequisites for successful operation of an IT infrastructure in the face of a growing global threat environment. Threats alter rapidly. In parallel, system and vendor trustworthiness must be renewed and constantly enforced.

Trust alone cannot save IT infrastructure owners; however, they are completely lost without it.

John Stewart

Former Chief Security & Trust Officer at Cisco.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.