The National Cyber Security Centre (NCSC) has established a dedicated security architecture team that offers expertise on the design and operation of critical computing systems across the UK. These systems manage the most sensitive information and are vital for the functioning of essential services.
Our current team boasts a remarkable background, continuously enhancing their knowledge and strategies that have evolved over more than a decade.
While we have a clear understanding of what ‘security architecture’ entails, we recognize that perspectives may vary across the industry. This discrepancy can create misalignments, particularly during interviews for security architecture positions.
This blog aims to clarify the NCSC’s interpretation of ‘security architecture’. We respect different viewpoints but are fervent about our practical approach, especially when engaging briefly with system owners.
Our Definition
The NCSC defines security architecture as:
The practice of designing computer systems to achieve security goals.
In most of our engagements, the primary security goals include:
- Making initial compromise of the system difficult
- Limiting the impact of any potential compromise
- Making disruption of the system challenging
- Facilitating the detection of any compromise
Attackers may try to exploit technology, people, and processes to breach security, thus security architecture must account for all aspects related to a computing system.
However, merely achieving security is insufficient. The system must also cater to user requirements, be cost-effective, and consider any relevant constraints. Therefore, we strive to design systems that are ‘secure enough’ while balancing these other factors.
The Role of a Security Architect
Our security architects merge extensive technical and security acumen with strong analytical and communication abilities. This diverse skill set allows them to undertake various activities, such as:
-
Designing or evaluating the adequacy of security controls for a computing system, grounded in an understanding of both usage and context, as well as potential attack vectors.
- Researching and innovating new methods or tools to address broader security challenges.
- Advising technical leaders on cybersecurity strategies during significant decision-making processes.
The role encompasses much more than merely providing security advice; it focuses on making security effective. This involves collaboration with partners and clients, working collectively toward common objectives.
Understanding Vulnerabilities and Their Exploitation
Security architecture is fundamentally a technical discipline. To assess whether a system is resilient against compromises or disruptions, an understanding of potential attack methods is crucial. This requires knowledge of how vulnerabilities are identified and exploited. If an attack appears too uncomplicated, the system may need redesign, reconfiguration, or different operational strategies to mitigate associated risks.
Security architects must be skilled in recognizing known vulnerabilities within technologies and making informed judgments regarding the likelihood of encountering unknown vulnerabilities. At the NCSC, our architects often collaborate with our world-renowned vulnerability research team, allowing them invaluable insights into:
- Identifying why certain technologies make it easier to uncover vulnerabilities.
- Recognizing platform-level defenses that significantly enhance the difficulty of exploiting vulnerabilities.
While individual judgment plays a role in these assessments, the ability to consult our vulnerability research team for additional insights is invaluable.
Furthermore, security architects seek flaws in the utilization, construction, and maintenance of systems. To address identified challenges, we can employ a blend of technical, procedural, or operational controls.
While I’m confident in our capacity to judiciously evaluate the difficulty of discovering and exploiting vulnerabilities, it is important to acknowledge that this process is more of an art than a science at present. Hence, we advocate for academic research to bolster scientific rigor in this realm.
Utilizing Patterns and Principles
In line with other technical fields, we leverage standard design patterns to tackle common challenges. Over the years, we’ve developed various patterns to resolve prevalent security issues, such as safely importing information from untrusted sources and securely exporting data without unintended information leakage.
Some of our preferred patterns are integrated into the guidance available on our website, including our favored remote access architecture outlined in our end user device guidance. In the upcoming months, we plan to unveil more of these patterns.
While patterns efficiently address common scenarios, we frequently encounter unique systems. For such cases, we maintain a collection of design principles that can be creatively applied across various computer systems or industrial control systems. Again, we aim to publish a broader set of security architecture principles later this year.
Based on an article from ncsc.gov.uk: https://www.ncsc.gov.uk/blog-post/how-ncsc-thinks-about-security-architecture
