Summary
The increased use of High Assurance technology across government and the critical national infrastructure has multiple drivers. Within government, classified networks that were once primarily dependent for protection on bespoke technologies (such as High Grade products) today need greater agility and alignment with modern cloud and mobile architectures. Conversely, much of the wider critical national infrastructure is today facing elevated cyber threats that were historically restricted to government.
NCSC’s guidance on High Assurance products is designed for organisations that are at risk from elevated cyber threats, outlining how they can gain confidence that a product or system is capable of resisting such threats.
The principles describe the essential supplier and product characteristics required to ensure multiple High Assurance products can be combined within systems or architectures that support informed risk management in high threat environments.
What is Elevated threat?
Threats to digital systems come from a range of attackers with different capabilities. Much of the NCSC’s guidance is focused on defending organisations against commodity threats that make use of tools and techniques that are openly available, cheap, and simple to apply. Regardless of their technical capability and motivation, attackers will often turn to commodity tools and techniques first.
For targets that are of particular interest to an attacker (and where commodity threats have been resisted), attackers develop more sophisticated methods, typically requiring long term investment and research. In such cases, products are described as being subjected to elevated threats. These can only be realised by large, well-funded groups (such as high-end organised crime and state sponsored groups) as they require significant investment in skills, resources and capabilities.
Test your Suppliers
According to NCSC, suppliers of high assurance products should be able to demonstrate their ability to understand and respond to the unique demands of high threat environments, requiring a deep understanding of the current breadth of capabilities of the most capable threat actors, ensuring that known capabilities will naturally be resisted by design. Suppliers should keep their knowledge and capability relevant to emerging threats to ensure that future capabilities can be resisted; this may necessitate technology, development, and deployment approaches that support regular maintenance and refresh of deployed products.
is Best practice common practice?
All developers of High Assurance products should use NCSC developer guidance to help them make sound decisions covering product design, development processes and practices. This should ensure that developers have measures in place to defeat attacks that take advantage of known vulnerabilities, or use well known methods. Developers of high assurance products should make clear how they have applied NCSC guidance, and provide evidence of security claims made.
know the limitations
Security functionality should be clearly defined and documented. Functionality should be designed to provide protection against clearly defined threat paths, drawing on their domain knowledge of the capabilities of the most sophisticated threat actors. Scenarios where the product cannot provide protection against an identified threat path should be explicitly declared to enable risk owners to make informed decisions when deploying devices, for example by seeking other mitigations, or accepting risk.
don't trust but verify
Products should be designed and implemented in such a way that independent inspectors can test security claims by the gathering of evidence. This can be achieved in a number of ways, for example by having modular designs that enable security functionality to be clearly identified and exercised or inspected in isolation, and by using development technologies that do not obscure functionality. This evidence-based assessment must be repeatable to enable validation of a product’s efficacy throughout its full life-cycle.
As Becrypt focuses on products and services for government and critical national infrastructure organisations, we align our practices to NCSC’s High Assurance principles. We work closely with government assessors, and undertake product and service assurance processes where relevant. Want to find out more? Please get in touch with us today.
