The National Cyber Security Centre (NCSC) is home to a dedicated security architecture team that plays a crucial role in the design and management of critical computer systems in the UK. These systems manage highly sensitive information and are essential for various vital functions.
This specialized team draws on a rich legacy of expertise, continually enhancing their knowledge and techniques that have evolved over a decade.
While we have a clear definition of ‘security architecture’, we acknowledge that differing interpretations exist within the industry. This divergence can sometimes lead to mismatched expectations, particularly during the recruitment processes for security architecture positions.
This blog aims to clarify the NCSC’s interpretation of ‘security architecture’. While alternate viewpoints are valid, we are devoted to advocating what we see as a pragmatic approach, especially when collaborating with system owners limited by time constraints.
Our Definition
The NCSC defines security architecture as:
The practice of designing computer systems to achieve security goals.
In most cases, these security goals include:
- Making initial system compromise challenging
- Minimizing the impact of any breach
- Complicating system disruption
- Facilitating easy detection of compromises
Attackers may exploit technology, humans, and procedures to compromise security, which necessitates a comprehensive consideration of all relevant components in a computer system.
Moreover, security alone is insufficient; systems must also cater to user requirements, be cost-effective, and comply with other scenario-specific constraints. Our goal is to ensure that designs are ‘secure enough’ while addressing these other factors.
The Role of a Security Architect
Our security architects possess a blend of extensive technical and security expertise alongside robust business analysis and communication skills. This diverse skill set empowers them to engage in a variety of activities, such as:
-
Assessing or refining security controls for computer systems based on an understanding of usage context and potential attack vectors.
- Exploring and innovating new techniques or tools to resolve more widespread security challenges.
- Consulting with technical leaders on cybersecurity during strategic decision-making.
The role extends beyond merely providing security advice; it necessitates making security effective. This involves supporting our partners and customers, collaborating across different professions towards unified objectives.
Understanding Vulnerabilities and Exploitation
Security architecture is fundamentally a technical discipline. To evaluate a system’s resilience against compromise or disruption, one must understand potential attack methods and the nature of vulnerabilities. If a system is too easily attacked, it may require re-design, configuration, or procedural adjustments to mitigate risks.
Security architects must be adept at identifying known vulnerabilities within technologies and possess the ability to form assessments about the likelihood of uncovering previously unknown vulnerabilities. Our security architects benefit from collaboration with our world-class vulnerability research team, which provides them with essential insights into:
- The factors that facilitate the discovery of vulnerabilities in various technologies
- Understanding platform-level mitigations that significantly hinder exploitation of vulnerabilities
While subjective judgments may be involved, accessing our vulnerability research team for second opinions adds immense value.
Security architects also analyze flaws stemming from system usage, construction, and maintenance. When addressing issues identified, we can employ a mix of technical, procedural, or operational controls.
While I’m confident in our general ability to make sound judgments regarding the difficulty of discovering and exploiting vulnerabilities, I recognize that this currently resides more in the realm of art than science. We seek to encourage academic research to enhance scientific rigor in this regard.
Utilizing Patterns and Principles
Similar to other technical fields, we leverage standard design patterns to address common challenges. Over the years, we have developed numerous patterns to tackle frequent security issues, such as the safe import of information from untrusted sources without inadvertently introducing malware, or securely exporting data from systems without overexposing sensitive information.
Our preferred patterns are incorporated into the guidance available on our website, including our favored remote access architecture outlined in our end user device guidance. In the coming months, we plan to release additional patterns on our site.
While patterns are effective for standard problems, we often encounter uniquely complex systems. For such instances, we maintain a portfolio of design principles. With creativity, these principles can be applied to a wide variety of computer systems or industrial control environments. We anticipate publishing a broader set of security architecture principles later this year.
Based on an article from ncsc.gov.uk: https://www.ncsc.gov.uk/blog-post/how-ncsc-thinks-about-security-architecture
