PDF - The Journal of Physical Security - Argonne National Laboratory

More documents

Recommendations

Info

Journal of Physical Security 4(2), 30‐34 (2010)3. Misnamed “Vulnerability Assessment” tools that are really techniques forhelping to decide how to allocate security resources, i.e., more like overall RiskManagement than VAs per se: CARVER Method, Delphi Method.4. Tools that (despite the claims) are actually TA methods, not VA methods:Design Basis Threat, Compliance Audits, boilerplate Software Programs.One litmus test to tell if somebody claiming to do a Vulnerability Assessmentis really doing a Threat Assessment is if they have identified a relatively smallnumber of "Threats/vulnerabilities" (which they typically put in a table withmade up rankings or probabilities), and if mitigating them is a majorundertaking. If they are really doing a VA, they will have identified and maybedemonstrated dozens or hundreds of very specific vulnerabilities, and many ofthe countermeasures for mitigating them will be cheap and relatively painless,e.g., install anti-virus software in the Personnel Department computers thatautomatically updates virus definitions.Another sort of related problem commonly found in infrastructure securityassessments is confusing features with vulnerabilities. Thus, a public road thattravels close to the facility is often considered a Vulnerability. It is not,however; it is only an attribute. Only when coupled with an attack scenario(truck bomb, the road makes visual and electronic surveillance easier forespionage, assets can be thrown over the fence by insiders to the bad guy'sparked truck, etc.) does a feature become a Vulnerability. The reason this isimportant is that different kinds of security countermeasures will typically beneeded for different combinations of feature + attack. Without the context ofattack scenarios, the only apparent countermeasure is to eliminate the feature;this may be expensive, impractical, and/or total overkill.Finally, we should not get confused about the purpose of a TA or VA.Neither a Threat Assessment or a Vulnerability Assessment is something wetest against, some kind of “certification”, a standard, a metric for how good oursecurity is, or a technique for finding out if our security mangers or frontlinepersonnel are screwing up. The purpose of a VA is to improve security. Thepurpose of a TA is to help us decide (in conjunction with Risk Management)what and how much security we need. It doesn’t make any sense to talk about“passing” a TA or VA. This certainly cannot mean all Threats have beenrecognized or neutralized, or that there are zero Vulnerabilities or even that allVulnerabilities are known and mitigated. Such things are not possible, and notprovably true even if they were possible.34
Journal of Physical Security 4(2), 35‐47 (2010)Viewpoint PaperChanging Security Paradigms*Roger G. JohnstonVulnerability Assessment Team, Nuclear Engineering DivisionArgonne National LaboratoryAny field is molded and constrained by its paradigms. A “paradigm” can be definedas:(1) a pattern, example, or model;(2) a mode of thought or practice;or(3) an overall concept or strategy accepted by most people in a given field.The field of security relies on a number of paradigms, both stated and unstated.Many of these are in the process of changing—or at least should change—in order toadapt to a rapidly changing world and to improve security effectiveness.This paper offers a brief, bulleted list of some security paradigms that I believe(perhaps currently more out of wishful thinking than empirical evidence) are in theprocess of changing. The new paradigms I identify here will, I believe, ultimately winout in the end over the old paradigms because they will result in better security. In myview, these emerging changes are worth monitoring and even carefully researching.Security Paradigm 1 (The Nature of Security)Old Paradigm:• Security is binary: an asset is either secure or it is not.• Check Box mentality.• There is a minimum level of adequate security and we know what it is.• There’s a right way to do security, and there shouldn’t be a lot of questioning.New Paradigm:• Security is a continuum, not black & white.• Nobody knows how much security is “enough”.• Everything is a tradeoff.• Security should be controversial and open for debate, as should any challenging,complex and important responsibility.________________________________________________* Editor’s Note: This paper was not peer-reviewed. This work was performed under the auspices of theUnited States Department of Energy (DOE) under contract DE-AC02-06CH11357. The views expressedhere are those of the author and should not necessarily be ascribed to Argonne National Laboratory orDOE.35
Page 2 and 3: Table of ContentsJournal of Physica
Page 4 and 5: The Journal of Physical Security 4(
Page 12 and 13: Journal of Physical Security 4(2),
Page 43: Journal of Physical Security 4(2),
Page 57: Journal of Physical Security 4(2),

PDF - The Journal of Physical Security - Argonne National Laboratory

Create successful ePaper yourself

Delete template?

Save as template?