Before You Learn How to Fly, Learn How to Fall

Have you ever had a cooking disaster at home? It’s safe to say that most of us have. A minor mistake, such as overcooking rice, can result in a smoke-filled room and a ruined dish. More severe blunders, such as heating oil to the flashpoint, or adding water to hot oil, can result in dangerous consequences.

Considering everything that can go wrong while cooking, it is curious that recipes don’t offer preliminary guidance on handling hazards that can occur.

For many years, this was also true of certain aspects in information technology. Fortunately, from the efforts of organizations that promote cybersecurity, and regulatory action, this has changed. However, for many organizations, a critical piece of the cybersecurity puzzle is still missing; a fail-safe posture.

From Cooking to Cybersecurity

Failing safe is not a new concept. It has existed in the industrial world for many years. For example, something simple like a pre-action fire suppression system has fail-safe mechanisms to prevent unnecessary activation in the event of a false alarm. Larger, more sophisticated industrial control systems include automated fail-safe mechanisms in their design. When functioning correctly, fail-safe is the reason that power plants operate safely. However, this does not mean that accidents do not happen. Even the simplest search reveals that these accidents happen more often than one would initially suspect.

Many network administrators will shrug at the idea of a fail-safe design, comfortably stating that their firewall contains all that they need. After all, this has existed since the days of stateful inspection. From a firewall perspective this is correct, however, other areas of the environment appeal for a similar fail-safe design.

Candidates who are studying the Security Architecture and Engineering domain of the CISSP exam will be familiar with the 1975 report by Saltzer and Schroeder, “The Protection of Information in Computer Systems”, which includes the concept of fail-safe defaults. This causes one to wonder…why this is not better documented in many current incident response plans? Think of the rising number of ransomware incidents over recent years. While some very good mechanisms warn of file tampering, what is your fail-safe posture when an event surpasses a threshold? More importantly, is that all carefully documented?

What is Failing Safe, and Failing Secure?

The simplest way to remember the difference between fail-safe, and fail-secure is to use the locksmith’s approach, whereas a fail-safe method places a door into an unlocked position when an event occurs. A fail secure attitude renders the door locked. Can you think of instances where each of these methods are both good, and bad? Think of an electronic hotel room door during a fire; then think of a safety air-lock mechanism on a submarine. Two different approaches to two daunting problems. Hopefully, your network security should not involve such life or death considerations.

Committing it to Paper is So Important

Why is it important to document your fail-safe posture? Not only does it serve to keep everyone abreast of a potentially disruptive policy, but as memorialized in policy, it shows that it has been reviewed and adopted at the highest levels of the organization. The policy also serves to define whether your organization takes a fail-safe or a fail secure approach to certain incidents. This becomes important, not only from a regulatory but also from an audit perspective.

What is Your Disruption Appetite?

What is the potential for disruption through a fail-safe or fail-secure tactic? The problems are not only procedural but, if done wrong, can also have legal implications. For example, when we consider ransomware, the encryption engine is installed on the originating machine, so if you notice a threshold-violating file encryption process originating from a remote machine, you could engage your fail secure setting to terminate the VPN connection. This would be mildly disruptive. You could not, however, reasonably reach into that remote machine in an employees’ home, and lock it down, unless that machine is 100% under your company’s ownership.

Similarly, if ransomware is somehow installed on a corporate server, could you take a fail secure stance, locking the server down, or would a fail-safe method, such as switching to a clean image be the wiser option? As you can see, these are not trivial decisions. They should be discussed, tested, and documented.

How the CISSP Certification Can Help You to Succeed

There are so many aspects of cybersecurity that need to be carefully deliberated. From secure design considerations to disaster recovery, and even fire-suppression in a data center, the topics are vast, requiring not only technical knowledge but managerial wisdom as well. Fortunately, a thoughtful examination of these topics is achievable through the CISSP Common Body of Knowledge (CBK). Candidates for the CISSP credential are exposed to a broad range of subjects and scenarios, all geared towards effecting a well-rounded cybersecurity knowledge set. This gives assurance to employers that the organization’s network is in good hands.

ISC2 was the first information security certifying body to meet the requirements of the American National Standards Institute (ANSI) ISO/IEC Standard 17024 and the CISSP certification has met Department of Defense (DoD) Directive 8570.1

Read More

To discover more about CISSP read our whitepaper 9 Traits You Need to Succeed as a Cybersecurity Leader.

Read the White Paper