Sami Saydjari has been a visionary thought-leader in cybersecurity for over three decades, working for elite organizations, including the Defense Advanced Research Projects Agency (DARPA), National Security Agency, and NASA, among others. He has published more than a dozen landmark papers in the field, provided consultation to national leadership on cybersecurity policy, and educated the public through interviews with major media such as CNN, ABC, the New York Times, the Wall Street Journal, and Time Magazine.
In his new book, Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time, Saydjari lays out a concise set of best practices and best theories that can be applied to real security design problems. The book provides never-before-published design principles and detailed examples, which span the entire spectrum of today’s cyberattacks.
Q: Sami, what inspired you to publish Engineering Trustworthy Systems?
A: Cyberattacks pose an existential threat to our entire society; addressing this problem has been a lifelong passion of mine. My career has spanned a good portion of the cybersecurity field. Much of the field grew and evolved as I was learning and applying it. There are many good books on particular aspects of cybersecurity, but there are none that really address the problem holistically, practically, and in an organized manner that starts with a foundational understanding of the problem. I feel it is important and urgent to confer this essential knowledge to the next generation so they can use timeless principles, developed over three decades, to solve important, emerging, and future problems.
Q: What gaping holes in cybersecurity literature are filled by your book?
A: The first gap is in the union between cybersecurity theory and practice. Although there are good books on theory and on practice, there are none on applying theory in practical situations. The second gap is in the systematic and holistic way of addressing the architecture of cybersecurity. Cybersecurity must be thought of as orchestration and integration of many different moving parts to effectively defend against the entire spectrum of attacks. The third gap is taking an attacker’s perspective. It’s important for people designing cybersecurity systems to understand fundamentally how attackers can succeed. The designer’s job is to make the attacker’s life miserable. If the attacker can easily get around a defense, the defense is useless.
Q: What trends are you seeing today when it comes to the newest threats in cybersecurity?
A: Cyberattacks are becoming more frequent, complex, sophisticated, purposeful and targeted. The sheer volume of attacks is increasing exponentially. It is only a matter of minutes between when a computer is first connected to the network and the first attack on that computer. Attacks are now more complex–they employ more steps, and those steps attack more fundamental layers, such as operating systems. They are more sophisticated–they leverage knowledge of flaws in systems design and of the defense systems themselves, steering around and underneath protections. They are more purposeful and targeted—when they attack, it is to gain some effect, such as ransomware to gain money, or Stuxnet to destroy centrifuges.
Q: What could global-scale cyberwarfare look like in a decade?
A: Imagine a world without electrical power, telecommunications, money, and oil and gas to run essential machinery. That is what global-scale cyberwarfare looks like. Our society depends heavily on computers to run these critical infrastructures. Cyberwarfare is capable of not only short-term disabling of these infrastructures, but actually physically damaging infrastructure such as electrical generators and transformers, for which there are no easy replacements. The effect is the reduction of humanity back to a pre-modern world. We must do everything possible to create a safer and more secure cyberspace to reduce the probability of an all-out global cyberwar because these consequences are as serious and significant as nuclear warfare.
Q: What does the cybersecurity solution landscape look like?
A: We are used to thinking in only three dimensions. Cyberspace is hyper-dimensional, with hundreds of dimensions. The cybersecurity solution landscape is thus equally complicated. An attacker can get from one side of the world to the other in minutes, and a cyber weapon that costs a few dollars to create can cause millions of dollars of damage. If an attacker has a zero-day attack (i.e., one that has never been seen before) in the operating system, the attacker comes from underneath, as if reaching out from underground and grabbing your feet. If we do not foresee such attacks, it’s hard to defend against them. This book helps cybersecurity professionals to appreciate required solution space against the complex attack space.
Q: Do today’s business leaders and entrepreneurs have a proper foundation of understanding what needs to be done to protect their company’s transactions, data, and consumer privacy?
A: Given the number of recent major breaches in supposedly well-defended systems, the answer is clearly no. Business leaders today are ill-equipped to understand threats to cybersecurity, the gravity of the consequences, or to distinguish good solutions crafted by experts from snake oil talismans sold by charlatans. In the same way that they must manage risk for their company’s funds, stock values, and vulnerability to competition, today’s leaders must broadly understand cybersecurity risk to make intelligent decisions to protect their companies. This book is written in such a way that company leadership can easily understand the broad concepts, while professional cybersecurity engineers can grasp the depths of how to design effective systems.
Q: You were mentored by Brian Snow, the former National Security Agency Technical Director of National Cryptologic School. Who mentors those seeking to crack the cybersecurity of corporations, governments, or individuals?
A: There are two cyberattacker worlds: informal hackers, who hack for fun and mischief, and professional (including military) attackers who attack for high stakes. The hacker community has a hierarchy in which position is established by the coolness and difficulty of various attacks demonstrated to their colleagues. The best of the best, the so-called “uber hackers,” become mentors for the hackers who then create tools for what we call the “script kiddies”—those who attack using pre-made scripts, which they tailor without understanding what they’re doing. Professional attackers, on the other hand, have a normal organizational infrastructure in which experts rise up to the become mentors. Those cyberattackers are dangerous and capable of major destruction of cyberspace.
Q: Does the publishing of your book give insight and ammunition to the very thieves you seek to help others defend against?
A: Certainly. Any good book on cybersecurity defense is also a book that informs offense. Cybersecurity is inherently a double-edged sword. It is the same in the physical world for defense and strategy books as well. On the other hand, cyberspace currently is highly vulnerable and unsafe, without my book being published. Any increased threat from knowledge in my book will be overwhelmingly offset by people designing, operating, and building better systems that make it more difficult for cyberattackers to succeed. So, overall, cyberspace will become more secure as a result of my book, even though some attackers may gain some insights they did not have before.
Q: What should an organization do once it discovers its systems have been compromised?
A: The first priority is to stop further compromise. This involves a diagnostic process to discern the source, the nature of the attack, and close the avenues of those attacks before further damage occurs. Then a damage assessment—what was lost, what was damaged, what was compromised—and how to recover from that damage. The organization must then analyze how the attack succeeded so that it can improve its system to ensure that such attacks don’t succeed in the future. That requires an open-minded view of these attacks, and not one that closes down, shuts off, and covers up the fact that the attack occurred. That sort of culture needs to be the norm.
Q: What advice do you have for aspiring cybersecurity professionals about the industry they are about to enter?
A: The first thing is to develop an understanding of the nature, mechanisms, and methods of cyberattack. One cannot successfully defend a system without a mindset of how systems are attacked. Second, cyberspace defenders must understand the nature of the technology that they are defending. No matter how narrow their interest area, they must understand the basics of how applications, operating systems, device drivers, and hardware work. They need to understand the nature of novel and complex attacks, because attacks will constantly evolve. Lastly, they need to understand and adapt the principles behind cybersecurity, not just the facts and the mechanisms.
Q: How does human psychology stand in the way of resisting changes to cybersecurity?
A: Organizations, including nations, are like people. We tend to think better of ourselves than the harsh reality of who we really are. Organizations develop blind spots and an unwillingness to consider significant vulnerabilities such as the possibility that it could die—overnight—as a result of a misstep. If one has not seen a bad event recently, then it’s not real; for example, healthy people sometimes choose not to buy health insurance because they’ve been healthy during the last ten years. Organizations act this way with respect to cyberspace threats. We resist change because it is hard. Organizations sometimes cannot hear cybersecurity experts when they say an organization is vulnerable and action is required.
For more information on Sami Saydjari and his new book visit: www.engineeringtrustworthysystems.com