WE PRESENT an analysis of Risk within the Cybersecurity arena.
Here at ScienceOfCybsersecurity, we foster an open science approach to Cybersecurity; with logical concepts and accessible language that may be readily-understood by anyone. As such we avoid use of jargon-filled language. That said, Cybersecurity is a highly technical field of study; and in order to adequately consider related happenings—it is necessary to develop new concepts and to coin a large number of terms (see our Cybersecurity Lexicon and Axioms).
The reader may find the argument(s) presented below somewhat unfamiliar and/or conceptually condensed; and if so begin by reading the preliminary materials in the Science, Theory and Hypothesis section(s).
Security Metric (Privacy Status)
As explained earlier, everything here is taken from the perspective of a Communication System whose primary purpose is to protect the security of a private or secret datum held on a nominal networked information system.
Ostensibly, we consider just one of the 5 fundamental domains of computing operation(s); named as Digital Communications; whilst ignoring (for example) Command and Control etc. Note however, that everything explained here maps closely to problems encountered in other computing domains.
We begin our analysis of Risk by recognising Absolute Security as a primary metric by means of which we can adjudge the degree of risk faced by a private datum existing on a networked computer system. Risk is defined as the likelihood of said datum’s inner meaning being compromised in some way; whereby the datum’s meaning is exposed to an illegitimate party, hacked, or subject to a computer-intrusion, data-breach, system exploit etc.
Wherein Absolute Security is a kind of ruler or metric—one that indicates/reflects the specific Accessibility (or Privacy) Status for the datum-copy. An item is absolutely secure when it is—at the present epoch—out of reach of any unsafe actors—and there are no illegitimate copies.
Earlier we pinned down Absolute Security thusly…
Absolute Security—for a point-to-point communication system—is the replication of a single instance (or primary-copy) of a private/secret datum from one socially restricted access-node to another [ref. Absolute Security:TARGET].
In other words, it is the single-copy-send of a datum from one party to another; whereby no—socially accessible—nth-party copies exist whatsoever (hopefully persistently). Thus—ABSOLUTE SECURITY and PARTIAL/ABSENT SECURITY—are binary dualisms—or mutually exclusive true/false values for any act of communication.
Absolute security is protection of privacy-status for a datum-copy. Ergo, it relates to the maintenance of social accessibility restriction(s) for private-datum(s).
Whereby we achieve single-copy-send—now and (hopefully) at all times in the future. Accordingly, Absolute Security can be thought of as an objective true/false value, in and of itself. Hence an item either: is absolutely secure—or else: it is not absolutely secure—at any specific epoch—and for a particular environment /communication-instance.
As stated, the Absolute Security TARGET is defined as single-copy-send for the encapsulated meaning (i.e certainty of protection). But it may be that at some post-communication epoch: A) the system/data is successfully hacked—and datum(s) are exposed to unsafe-actors; and hence B) the judgement of secure communication was/is/will-become false.
Objective vs Subjective Factors
Patently, privacy status may change; and security is a situation-specific/time-dependant quality. As a result, it seems clear that Absolute Security must be—in one sense—a purely objective property. However because it is influenced by perceptions/judgements/ predictions—it is at the same time a subjective property.
Evidently, factors such as: inadequate knowledge of any/all unsafe-actors; plus hidden and changing threat types—can cause incorrect and/or revised predictions in this respect. Henceforth making judgment(s)—as to the various capability, coverage and control aspects of security is especially difficult—because these are inevitably human assessed factors (automatic monitoring/reporting systems aside).
Absolute security status is simultaneously a goal, metric, judgment and prediction; in addition to being a real-world fact/truth. Accordingly, many interrelating factors are evident for a particular system operating at any specific epoch.
At the very least—the person making the Cybersecurity judgment(s)/decision(s) seeks to:
- Be in possession of all the facts—or make accurate predictions on real-world: threats/defensive capabilities, and judge the effectiveness of threat-models; plus accuracy of monitoring system(s) etc; and
- Adequately perceive/understand labyrinthine relationship(s) between multiple, complex, fixed and/or changing factors for relevant: systems/tools/networks/ actors/attackers etc—including future ones; and
- Implement valid Cybersecurity measures, plus avoid/correct mistakes etc.
Processing Atomicity / Complexity
Networked computers (in general) have advanced to the stage where they are—quite literally—beyond the (complete) understanding of any single human, or even a large organisation of humans. Our degree of personal familiarity with and/or localised knowledge of—all of the vast multitude(s) of low-level implementation details (and their combined/aggregated effects for a particular data-processing path) may be very small/non-existent.
And so we must take it on faith—that the top-level ‘marketing’ promises of what these (potentially) boundless processing units do—is (always) identical to what is claimed for them. But it may often be the case—that even the designers cannot foresee how the individual processing units will work in reality—and/or what will be the precise outcomes of there operation in any specific use-case scenario.
We have processor ‘chips’ containing billions of components, working on computers containing hundreds of millions of lines of code—code that exists inside many different kinds of programs (that may or may not be running on the same device simultaneously—and often sharing memory and system resources etc). Plus we often have remote-actors (humans, programs) using networked machines and influencing local events and processes etc; and everything connected to hundreds of millions of other networked computers etc.
These complexities and fragmentary logic paths—render into a fiction the processing atomicity of personal computers, device(s), programming operation(s) etc. In other words, understanding causality—THE WHO, WHAT, WHY, WHEN AND HOW OF CYBERSECURITY, and henceforth acting appropriately to protect a networked system from all possible data-exploits, becomes a seemingly overwhelming task.
What to do? Perhaps only to—combat lack-of-knowledge/uncertainty—with constant data-gathering, knowledge acquisition etc; and by employing specific monitoring system(s)—both automatic and human types. Plus by reading related news stories, and by staying up-to-date on the latest security exploits/defence-techniques/reports etc.
The defender seeks to accurately: perceive, measure and understand all relevant factors; and so to assess which ones will influence overall Cybersecurity strategy. Ergo privacy status may be partly a perception, model, prediction, belief and/or truth/falsehood; depending upon your point of view and information/knowledge level(s).
Ultimately Cybersecurity involves assimilation of intelligence from as many as possible of the different: threats, actors, systems, entry and defensive methods present. Hence Cybersecurity is an interdependent capability— and it must be constantly monitored and defended; plus—be (ideally) ever adapting to the changing needs/requirements of the open-network’s perilous environment.
Unfortunately, the real-life situation may be even worse than this, because whenever you share access to a digital item—you are forced to trust:
- Primary/secondary network users (i.e. multiple humans who are granted legitimate access to the item in question ); plus:
- The communication-system itself (i.e. primary and secondary network security—and associated machine-actors).
Ergo, dangers include both human and systematic vulnerabilities.
Human and Machine: Actors / Antagonists
Earlier, we defined unauthorised datum-copy access (generally)—as an ordered series of goals—or a path—to be navigated. In real-world terms—any attacker desires the capability to see/touch/open a datum-copy’s form and/or content. Attendant accessibility actions are finding, contacting and knowing a datum’s meaning. QED.
Evidently, protecting any item from unsafe-actors—involves first building a defensive wall and/or unbridgeable barrier around it; prior to then providing an entrance-way for authorised parties (which must also be defended).
Whereby, the finding action (for a human/programmatic actor and his/her helper actors) is detection of an item’s material self (i.e. the datum-copy’s form). For example, locating a datum-copy’s form existing on a primary, secondary or tertiary network (media of access, storage and/or transfer for a copy).
Concordantly, the contacting action refers to the full mapping of datum-copy’s interior form (true possession of content). Finally, the knowing action is the opening-up/reading of meaning for the copy.
Accordingly, protecting access for unsafe-actors normally involves: concealing (ref. find); blocking (ref. contacting); and/or locking (ref. knowing); for datum-copies on the data-processing stack. Henceforth Cybersecurity is concerned with techniques to afford protective measures for datum-copies.
Unfortunately measuring/quantifying the effectiveness—of any and all of these protective factors—may also be seen as judgments/predictions—in and of themselves. This is because they are (likewise) human-made/fallible entities that must cope with other (perhaps unknown) entities; specifically ones that may have been designed to nullify said anti-discovery/defensive techniques.
Potentially present also (in the future) are multiple human and machine antagonists who work to sweep-aside any security measures that are put in place.
The question remains—as to how we can possibly achieve adequate protection for our most sensitive information—and by which methods? Well feasibly we can apply a little—deeper theory—and ask what is the nature of protection—or what are the most effective defensive techniques? (i.e. risk-free ones)
We begin with concealment techniques.
Evidently there are any number of different types of concealment defences—depending upon the specific nature of the entry-method/defence-method one is trying to conceal. For example, we can conceal existence by masking structure (in form, location and/or time).
Whereby there are three basic processes:
- Conceal by transformation of form/location/time; or
- Conceal by similarity (equivalency)—that is by hiding an item alongside a large number (of ostensibly identical) items; and
- Conceal by difference (complexity)—or hiding an item amongst a large number of greatly/potentially varying forms/structures.
Fundamentally the process of masking detection—in this manner—requires just the right amount of concealment; and according to the specific capabilities of the penetration method(s) that are likely to be employed.
Likewise there are different types of blocking techniques.
We can block a system entrance pathway by eliminating it all-together (for a particular class of unsafe-actor); or else we can employ navigation complexity and/or movement barriers to make the path difficult to traverse. This can be achieved by filling the path with many false-entrances, or maze-like pathways etc. An example would be distributed data transport, and/or segmented transfer for datagrams.
And to top-it-all, defences can be overlaid—aka defence-in-depth or the CASTLE method.
Real Life Scenarios
But perhaps we have gone about as far as a general theory can take us—in terms of making all-purpose recommendation(s) about how to protect copies existing on primary, secondary and tertiary networks. We simply do not know enough about the real-world systems/attack-methods in question. In any case, listing all of the potential attack/defence techniques used—would prove exhaustive.
By what means then, in a such a short analysis, can we summarise how the system designer/user should go about protecting a data-processing stack from all possible attacks? The answer lies in asking and continually re-asking—the right questions—plus challenging assumptions—in relation to Cybersecurity.
Firstly, we desire to know—what types of data require which types of protection and why—and for how long. In the past (prior to Bradley Manning, the Internet etc); military organisations were very good at this type of thing— categorisation of security access levels etc. That is assigning confidentiality/accessibility levels to every item of data— or individual unit of information/knowledge.
However that was before open-network complexity exploded; and the attackers/attack-vectors multiplied in numbers, types, motivations and capabilities etc. Nevertheless, a good rule-of-thumb—is to consider who needs to have access to the item/system and why. Physical and virtual denial/blocking techniques—to eliminate certain unsafe actors—may be the safest way to proceed.
Patently obvious—at the same time—is that we should involve all partners, stakeholders, and legitimate users in any Cybersecurity analysis or strategy development; plus operation(s). Everyone must be adequately briefed—continually—and on the changing nature of likely threats/responses.
Opportunities and Risks
It is often easier to make recommendations to people—in relation to Cybersecurity—who know a lot about the technical aspects of security; but less-so for less-technical people. This is so partly because less-geeky people (perhaps understandably) have other concerns, and/or they are not interested in all of the (confusing) technical details involved.
Here on this site we have avoided technical details—so far as we were able. Our analysis has charted close-to-the-wind in terms of exploring relationships between a host of technical and human-centric concepts/ principles (hopefully to useful effect). Overall, we sought to unify the technical and human—opportunities and risks—for information security.
As stated—Communications Security is protection of privacy of meaning. However the simple logical clarity of this statement changes in certain subtle and difficult to determine ways— when it crosses-over into the realm of cyber. In particular—in the digital-world—nothing is entirely private—and one must lock/block/conceal all illicit entry-methods for secret/private items. As many as possible of the physical, virtual and meaning gateways must be eliminated and/or protected—and in order to retain any chance of achieving Absolute Security.
It is also my opinion, that attaining Absolute Security—or assured protection—in relation to the privacy of our interpersonal communication(s)—is not some impossible dream—mythical being—or paper-tiger. Rather, socially secure communication demands that the communicants abide by a relatively straight-forward set of principles and systemic/technological theory—and employ communication tools that do the same.
Nobody said it would be easy to communicate privately, safely and with integrity plus assurance; it isn’t; but despite the existence of many risks/dangers/pitfalls, Absolute Security is eminently achievable.