Related Posts
- Advertisement -
The Ministry of Defense (MOD) recently published a document about ‘Secure by Design’ -challenges that represent something that we rarely see in the government cyber security: a transparent recognition of the complexities involved in the implementation of security from first principles.
Secury by Design is a fundamental approach that is included in systems in systems from the start of the design process in contrast to treatment as a Bolt-on function later in development.
After years of arguing for the human element in safety, it is refreshing to see an official recognition that technical checks are only as effective as the people they implement.
Lead for lawyer for security awareness at Knowbe4.
Tackling the challenge for security skills
The first identified problem of the mod is: “How do we increase UK defense in ‘Secure by Design’?”
Their recognition that effective implementation requires a “one team” approach in the British defense, reflects the reality that security cannot be silent within technical teams.
This fits in perfectly with what I have observed in organizations with adult security cultures – Security becomes the responsibility of everyone, not just the care of the security department.
The problem of the knowledge division
Perhaps the most intriguing problem is two: “How explains” protected by design “unevenly distributed information and knowledge?”
The MOD correctly identifies that information -axle -metry exists for various legitimate reasons. What makes this assessment valuable is the recognition that not all barriers for sharing information arise from a poor safety culture; Some exist through design and necessity.
Imagine a family plan for a surprise party for their grandmother. Different family members have different pieces of information that they deliberately do not share with everyone:
The daughter knows the guest list and has sent invitations directly to each person, and is asked not to openly discuss it on family group chats,
The son has arranged the location and catering, with specific nutritional needs for certain guests,
The grandchildren use decorations and have a theme on which they work,
And more importantly – Nobody tells grandmother about this.
This is not because the family has poor communication skills or does not trust each other. These information bars exist through design and necessity to achieve the goal of surprising grandmother. If everyone would share everything with everyone else, the surprise would be ruined.
The approach of the mod
In the security context of the mod, this is comparable to how:
Certain threat information cannot be shared with all suppliers, because this can reveal that collecting intelligence, possibilities,
Suppliers cannot share all their own technology data, even with customers like the MOD, because they have to protect their competitive advantage,
Specific security checks can be held confidentially by general staff to prevent those checks from being circumvented.
These are not errors of safety culture – they are intentional compartmentalization that sometimes makes security work possible. The challenge does not eliminate these barriers, but the design of systems that can function effectively despite them.
This reflects the nuanced reality of human behavior in safety contexts. People don’t remember security information exclusively due to territoriality or negligence; Often legitimate restrictions prevent the ideal level of transparency. The challenge becomes the development of systems and practices that can function effectively despite these inherent limitations.
The early design challenge
The third problem deals with a well -known paradox: how to implement security in the earliest stages of capacity acquisition when the possibilities themselves are hardly defined.
In other words, it is as if you are trying to build a high -tech security system for a house when you only have a rough sketch of what the house could ultimately look – you know that you need protection, but it is difficult to plan specific security measures when you still decide how many doors and windows will be stored in, or even where the house will be established. As the MOD says, there can be a possibilities at this stage “little more than a single explanation of user needs”.
This directly connects how people approach risk management. When primary objectives (supplying military capacities) compete with secondary care (security), practical compromises are inevitable. The candid recognition of the mod that “cyber protection will always be a secondary goal” reflects a pragmatic understanding of how priorities function in complex organizations.
Living through security
Problem Vier is perhaps the most demanding human aspect of safety: maintaining the reasoning of safety and practice for decades of the life of a capacity. With defense platforms that may remain operational for more than 30 years, today’s security decisions must be logical for tomorrow’s engineers.
The issue of continuous risk management becomes particularly relevant as organizations encounter new threats about their extensive lifespan. How human operators interpret and respond to evolving risk landscapes determines the long -term safety attitude of these systems.
A cooperation culture in the field of cooperating security building
The MOD acknowledges that the implementation of ‘Secure by Design’ is not only a technical challenge, but fundamental about it cooperation Among people about organizational, disciplinary and national borders.
The approach to the MOD suggests a shift for a more mature safety culture – one that recognizes limitations, seeks external expertise and recognizes the complex interplay between human factors and technical checks. Their openness about needing help from the academic world and industry shows a cooperation mentality that is essential for tackling complex security challenges.
This cooperation approach to safety culture is in stark contrast to the traditional tendency to government for self -supply. By explicitly inviting external external perspectives, the mod shows a concept that different points of view strengthen security attitude instead of endangering it.
Security is not about having all the answers it is about creating the conditions in which people can develop cooperating answers to ever-changing threats.
We have put together a list with the best identity management software.
This article is produced as part of the TechRadarpro expert insight channel, where today we have the best and smartest spirits in the technology industry. The views expressed here are those of the author and are not necessarily those of TechRadarpro or Future PLC. If you are interested in contributing to find out more here: https://www.techradar.com/news/submit-your-story-techradar-pro
- Advertisement -
