Almost weekly we hear of corporate and public-sector cyberattacks, many of which are carried out by perpetrators wanting to make a very public point.
The most dangerous situations occur when attackers don’t want to be public — they want to sneak into your network, compromise the data they’re seeking and sneak back out. In an even more dire scenario, they want to sneak into your systems and stay hidden in one or more of them, slowly gaining deeper access to more privileged and sensitive data.
How do attackers compromise systems?
First, notice that I used the word “compromise” and not “attack.” You can’t stop attacks. If someone wants to attack you, he or she will; however, a well designed, secure system should anticipate attacks.
How attackers compromise systems is by finding a system that isn’t properly secured. But what makes a system secure? One definition of a secure system is a system that does what it is supposed to do and no more.
Think about an E911 system: It should perform only E911-related tasks and nothing more. Unfortunately, there have been incidents in the past where E911 systems have been compromised. Generally, denial of service (DoS) is considered the lowest-level threat. In the case of an emergency system, however, including E911, even the lowly DoS is a serious event if people cannot use an emergency service because it’s knocked offline.
What should you do to reduce the risk of being compromised? Here’s my three-step program to more secure software.
Get management buy-in on the importance of secure software. This is never easy because it’s very hard to show the return on your software security investment. The only thing you can do is show that spending X amount of dollars can help offset X worth of risk to the business or agency, so you will need to involve your risk management people. Don’t go to CIOs with scary stories because they’re sick of hearing them — unless the scary stories actually happened to your organization.
A little education goes a long way. Get all your engineers trained on the security issues. What they are, how to defend against them, and how to design code and test it securely. It’s not just about the code; it’s about system design too.
Change your development process. I don’t mean rip out everything you currently do and replace it en masse. What I mean is add some tooling to help find security bugs automatically; put a coding policy in place; require that critical systems have a built-in threat model to help you understand what the threats mean to the system and what mitigations should be used; and update your development tool set so you get better defenses for no engineering effort.
If you have a lot of pre-existing code, take some time to review all of it to build a plan for making that code more secure from attack. You will need to do some risk-based prioritizing. You can’t fix all of it at once — it’s simply not possible. But you can build a two-year plan to perform secure diligence and remediation.
It’s impossible to build a completely secure system, but you can build a system that is more resilient to attacks. Security technologies such as firewalls and anti-malware systems only provide part of the solution. It is imperative that networked systems be built from software that’s designed to be securer from the outset.
Michael Howard is a principal security program manager of security engineering for Microsoft.