The National Cyber Security Centre (NCSC) has a dedicated security architecture team that consults on the design and management of crucial computer systems throughout the UK. These systems are responsible for managing sensitive information and executing critical functions.
The current team boasts an impressive track record and is continually expanding its expertise, building on innovative knowledge and methodologies developed over the last decade.
While we have a clear definition of ‘security architecture,’ we recognize that opinions vary across the industry. This divergence can create mismatched expectations, particularly evident during interviews for security architecture roles.
This blog post outlines the NCSC’s perspective on ‘security architecture.’ If your understanding differs, we respect that; however, we firmly believe in our practical approach, especially when engaging briefly with a system owner.
Our Definition
The NCSC defines security architecture as:
The practice of designing computer systems to achieve security goals.
For most of our engagements, these security goals include:
- Making initial compromise of the system challenging
- Limiting the effects of any compromise
- Making disruption to the system difficult
- Facilitating easy detection of a compromise
Attackers may exploit technology, people, and processes to breach security, therefore, security architecture must encompass all aspects relating to a computer system.
Importantly, a system must not only be secure but also meet user needs, be cost-effective, and consider any other relevant constraints. As such, our goal is to design a system that is ‘secure enough’ while also balancing these additional factors.
The Role of a Security Architect
Our security architects possess extensive technical and security expertise alongside strong business analysis and communication skills. This unique blend empowers them to engage in various activities, including:
-
Evaluating the adequacy of security controls for computer systems, grounded in a deep understanding of their use and context, as well as potential attack vectors.
- Researching and developing innovative techniques or tools to tackle systemic security challenges.
- Providing guidance to technical leaders on cyber security in the context of strategic decision-making.
The position is not exclusively about offering security advice; it focuses on making security effective. This involves collaborating with our partners and clients and working together toward shared objectives.
Understanding Vulnerabilities and Exploitation
Security architecture is fundamentally a technical discipline. To evaluate a system’s resilience against compromise or disruption, one must comprehend potential attack methodologies. This includes understanding how vulnerabilities arise and how they may be exploited. If a system is too easily breached, it may require a redesign, reconfiguration, or recalibration to reduce risk.
In terms of identifying vulnerabilities, security architects must be adept at sourcing information on known vulnerabilities. They must also exercise sound judgement regarding the likelihood of discovering previously unknown vulnerabilities. Fortunately, many of our security architects collaborate closely with our exceptional vulnerability research team, granting invaluable insights into:
- Which technologies present easier pathways for identifying vulnerabilities;
- Understanding platform-level mitigations that pose significant barriers to successful exploitation.
While subjective factors may influence these assessments, the ability to consult our vulnerability research team for a second opinion is invaluable.
Security architects also investigate flaws in how systems are utilized, constructed, and maintained. For mitigating identified issues, we can employ a blend of technical, procedural, or operational measures.
It is important to note that although we generally make sound assessments about the difficulty of locating and exploiting vulnerabilities, I am aware that this process can resemble more of an art than a science at this time. We actively encourage academic exploration to enhance the scientific rigor in this domain.
Utilizing Patterns and Principles
As with other technical fields, we prefer applying standard design patterns to address common challenges. We have developed numerous patterns over the years to assist with recurring security issues, such as importing data from untrusted sources without inadvertently introducing malware or exporting information from systems without unnecessary release.
Some of our favored patterns are embedded in the guidance available on this website, including our current recommended remote access architecture, which can be found in our end user device guidance. In the coming months, we will unveil additional patterns through our website.
While patterns effectively address frequent concerns, we also encounter unique systems requiring tailored solutions. For these scenarios, we maintain a collection of design principles. Most of these principles can be creatively adapted to apply to various types of computer systems or industrial control systems. We intend to publish a more generalized set of security architecture principles later this year.
Based on an article from ncsc.gov.uk: https://www.ncsc.gov.uk/blog-post/how-ncsc-thinks-about-security-architecture
