CYBERATTACKS ARE INCREASING in frequency, severity,
and sophistication. Target systems are becoming
increasingly complex with a multitude of subtle
dependencies. Designs and implementations
continue to exhibit flaws that could be avoided with
well-known computer-science and engineering
techniques. Cybersecurity technol-
ogy is advancing, but too slowly to
keep pace with the threat. In short,
cybersecurity is losing the escala-
tion battle with cyberattack. The re-
sults include mounting damages
in the hundreds of billions of dollars,
4
erosion of trust in conducting busi-
ness and collaboration in cyberspace,
and risk of a series of catastrophic
events that could cause crippling
damage to companies and even entire
countries. Cyberspace is unsafe and is
becoming less safe every day.
The cybersecurity discipline has
created useful technology against aspects of the expansive space of possible cyberattacks. Through many
real-life engagements between cyberattackers and defenders, both sides
have learned a great deal about how to
Engineering
Trustworthy
Systems:
A Principled
Approach to
Cybersecurity
DOI: 10.1145/3282487
Cybersecurity design reduces the risk
of system failure from cyberattack, aiming
to maximize mission effectiveness.
BY O. SAMI SAYDJARI
key insights
Cybersecurity must be practiced as
a principled engineering discipline.
Many principles derive from insight into
the nature of how cyberattacks succeed.
Defense in depth and breath is required to
cover the spectrum of cyberattack classes.