Programming with Security in Mind: Embracing Secure by Design Principles

programming secure design principles

Yet again, the United States government has fallen prey to cyber-attacks. This time several agencies have been breached, as hackers managed to exploit a vulnerability in commonly used software. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a statement, saying that it is already providing support to the affected agencies and urgently undertaking investigative and remedial actions. The CISA adds that more organizations and companies in the US may be affected by the hacking incident.

This incident adds to the unending queue of proofs that show how important it is to make sure that code is secure from the get-go. It may not be possible to have a perfectly secure code, but it is possible to ensure that systems are secure by design. With the current threat landscape, it has become more crucial than ever for developers to prioritize security when building software.

The secure-by-design concept

Embracing secure by design principles means doing software development with security as a priority, putting it at the forefront of the design and implementation process. Security is no longer regarded as a separate phase, let alone an afterthought. Also, patchwork security solutions are minimized as much as possible. Developers bake security measures into every layer of the application they build.

This approach does not only ensure that security is an inherent characteristic of the system, but it is also cost-efficient for development projects. The cost impact may not be immediately observable, but in the long run, organizations will appreciate the savings as they prevent the worst consequences of cyber attacks, do away with most of the software maintenance and patching costs, and avoid the costs of legal and regulatory non-compliance.

Secure by design implementation

How do organizations adopt the secure-by-design concept? It is done by integrating security into the code-building process itself, from the conceptualization phase down to delivery. It is meant to fully intertwine with the code, being an integral part of the development process. Here’s a rundown of the major steps for implementation.

  • Establishing security requirements – At the time a software project is conceptualized, it is vital to define the security objectives and the steps to achieve these objectives. The development team should determine the potential risks and the specific security needs of the users. Also, it helps to be familiar with the relevant security regulation requirements.
  • Building a security architecture – Upon proceeding to the design phase of the software development process,  it is important to develop a security architecture that takes into account the requirements identified during the concept phase. It is at this stage that security controls and mechanisms are selected. For example, the development team has to choose the most suitable encryption technology to use and come up with the appropriate access control schemes and secure communication protocols to implement.
  • Code reviewing and scanning – During the development phase, a code review is undertaken to make sure that the code is properly written and in line with secure coding standards like those set by the National Institute of Standards and Technology in NIST SP 800-160. Static and dynamic code analysis tools are usually employed at this point to spot vulnerabilities, coding errors, and other potential issues.
  • Security validation – At the testing and validation stage, the security controls and mechanisms built during the design phase are examined to make sure that they work as intended. To clarify, the code review and scanning process during the development stage focuses on code accuracy and alignment with guidelines. They are ultimately tested for their efficacy during the validation phase through procedures like vulnerability scanning, penetration testing, as well as security auditing.
  • Security training for users and tech support – The principle of secure-by-design does not end with the delivery of the software. Even during the delivery stage, organizations that seek to ascertain the inherent security of the software they deploy provide security training and technical support for the intended users. The training usually encompasses secure deployment, proper configuration, software security maintenance, and the formulation of effective incident response and management.

Best practices

In addition to the implementation guidelines, organizations that consider embracing the secure-by-design concept also need to integrate best practices. There are four fundamental practices to take into account, namely software supply chain protection, the principle of least privilege, memory integrity checks, and the overestimation of threat actors.

It is crucial to secure the entire software supply chain. This means that all software components should be deemed fully secure and protected from unauthorized access and possible tampering. Many development projects continue to make use of third-party libraries, external APIs, and other third-party components. These pose the risks of having exploitable vulnerabilities and other security weaknesses. Such risks should be identified and rectified promptly.

On the other hand, organizations need to make it a habit to implement the principle of least privilege. This means granting only the minimum access or privileges needed to complete specific tasks. Providing more can result in possible vulnerabilities, so it is important to carefully evaluate the operation of the software to determine the right level of privilege to grant. Even authenticated accounts should never be given full access to the system. This is particularly important when it comes to software used in IoT and embedded devices, which are quite difficult to track and secure.

Additionally, the principle of secure-by-design calls for the ability to run autonomous code and memory integrity checks. The execution of malicious code, for example, can be detected by a standard code check. Memory issues like buffer overflows are common vulnerabilities, which can be avoided by deploying automatic memory integrity testing.

Lastly, it is advisable to never underestimate cybercriminals. They usually possess an enviably cunning combination of ingeniousness, persistence, and aggressiveness. Believing that they are unlikely to understand the underlying implementation of software or be able to figure out passwords or secrets is a serious mistake in cybersecurity. Plus, there is always the possibility that they will connive with insiders.

There is no such thing as security by obscurity or secrecy in the current threat landscape. It is better to presume that threat actors will eventually figure out how they can breach defenses. As such, the code should integrate multiple layers of security controls and mechanisms.

Better, not absolute

To be clear, adopting secure-by-design principles does not automatically result in the invulnerability of software systems. It does not mean that no attack will penetrate the established defenses. The recently reported attack on the United States government does not necessarily mean the failure of newly imposed cybersecurity mandates like the Biden government’s Executive Order for cybersecurity improvement.

The attack may have succeeded, but things could have been worse if there were no new rules in place, especially when it comes to implementing secure by design principles and the compulsory reporting of security compromises. The attack should serve as a guide on how cybersecurity rules and policies can be improved further. The implementation of secure by design principles may have been inadequate and haphazardly done. The government may need to be stricter with the third-party software providers they are working with.

Cover Photo by Lisa Fotios

Leave a Reply