Systems Theory and Physical Security - Term Paper Example

Systems Theory and Physical Security Name Institution Date Introduction Traditional safety mechanisms have been rendered less effective by changes in engineering. The reason behind their failure is the fact that these mechanisms were put in place way back when various systems were made up of electromechanical components whose orders were of less complex magnitude as compared to the current software-intensive system (Siponen, 2005). Consequently, modern and high-tech safety analysis techniques that are based on system theory have found their way. The system theory-based techniques have been used successfully on various systems today (Leveson, 2012). These techniques have been applied on systems such as; nuclear power plant, space craft, aircraft, automobiles and medical devices. System theory plays a significant role in that they offer security and can therefore be used to offer both safety and security (Schultz et al, 2001). The focus of this paper is to discuss systems approach to physical security and why it is necessary for the protection of assets. Systems-Theory The new Systems-Theory was developed immediately after the Second World War as a result of emergency of increasingly complex systems. This theory provides an intellectual and philosophical foundation upon which engineering and the modern accident causality model known as System-Theoretic Accident Model and Processes (STAMP) are founded (Siponen, 2005). The traditional causality models that were used to ensure safety attributed accidents to human error or initial component of failure that flows through various components (Tudor, 2001). This can be envisioned through considering a set of dominoes. In this case one domino stands at one end and it represents a single component or human error. The initial error is considered as the root cause. This initial error spreads through the system resulting in failure of other system components making the last domino to fall and eventually causing loss. In this model, the fall of the last domino is caused by the fall of the first domino. Moreover if one of the intermediate dominoes were to be removed, the chain or the system would be no more. This model is therefore a representation of a linear interaction or simple cause-and-effect linkage which has limited complexity (Gasser & Haeusermann, 2007). The modern soft-ware-intensive-system is complex and it exhibits alternative causes of losses. These may include: accidents resulting from unsafe interactions occurring among different components which may not have necessarily failed in any way; design and system requirements errors as well as systemic factors and indirect interactions that leads to unknown common-cause failures of protection device and barriers (Siponen, 2005). Differences Between Safety and Security Traditionally, Safety and security have been viewed as two different entities of system properties (Straub et al, 2008b). When it comes to safety, the specialists play the role of preventing losses resulting from unintentional actions performed by benevolent actors. On the other hand, security experts play the role of preventing losses that result from intentional actions performed by malevolent actors (Tudor, 2001). This means that the difference is merely on the intent of the actor who caused the loss. However, it may be quite difficult to determine the intent and therefore, techniques that prevent loss irrespective of the intent are more adequate. The techniques that prevent loss emanating from system design of which can be controlled can play a significant role in preventing loss. This approach is more advantageous bearing in mind that it is much difficult to identify all the potential threats that originate from outside the system. The importance of developing system based techniques is to help in accomplishing the intended mission and at the same time enforcing constraints on unintended missions (Straub et al, 2008a). Take for instant, the mission to be accomplished when developing a nuclear power plant is to produce power and the other mission is to put constraints on the release of radio activity. It is important to understand that a nuclear power plant may fail to produce power or may release radioactivity as a result of malicious acts or accidental acts. Consequently, the goal should be to prevent any of these acts altogether as the end result is the same (Tudor, 2001). Application of System Theory Application of system engineering and system theory to security involves focusing security on advanced strategy instead of focusing on immediate tactics problem (Straub et al, 2008b). This approach is more critical while addressing security and at the same time hindering intentional losses. As such, the goal of security is to ensure critical functions of the system and eventually the services provided by the system and the network in the likelihood of disruptions. In other words, the security does not serve the role of guarding the physical network and that of preventing intrusions which is the focus on threat (Tudor, 2001). System based techniques embrace a strategic viewpoint that instead of focusing on tactics, they proactively shape the situation through identifying and controlling the vulnerability of the system rather than focusing on defending the system from the position of reacting to monovalent threats that are continuously changing as well as from various environmental disruptions(Leveson, 2012). The field of security has the tendency of relying heavily on metaphors, language and models that are based on military operations. Consequently, lots of cyber-security is usually perceived as a battle between the adaptive adversaries, intelligent and the defenders (Eloff & Solms, 2000). Security tries to help the defenders prevent loopholes on their networks which can be targeted by adversaries to gain access and cause disruptions. Defenders therefore make use of the best tactics as a means of protecting information assets as well as the network (Straub et al, 2008b). Tactics Versus Strategies Tactics and strategies are quite different in that strategies are regarded as the means of developing and maintaining continuous advantage, while tactics are practical means of accomplishing a particular action. Tactics is therefore dedicated to managing physical threats while strategies focus on abstract outcomes (Young & Leveson, 2014). In the model of tactics, losses incurred on systems are conceptualized as particular events resulting from threats. For instant, a security occurrence that consist of data breach that results to loss of customer PII (personally identifiable information), is perceived as a single incidence in which an adversary successfully initiates a chain of events that results into loss. This particular chain of events translates into several layers of defence such as encryption and firewalls being successfully negotiated (Straub et al, 2008b). The security analysts in such situations try to find out the proximate cause that would have served as the last line of defence or barrier. In such a situation, if only the barrier had been in place, the attack would not have succeeded. Although threats normally exploit vulnerability of the system that results to loss, the tactics models assume the threat as the cause of the loss (Giffiths et al, 2011). Prevention of loss is therefore heavily reliant on the level at which security analysts can accurately identify the potential attackers’ motives, targeting as well as their capabilities. When security experts are fully equipped with the above information, they are therefore able to analyse their systems and determine the causal chain that may have led to an attack. Resources can therefore be allocated to put in place a ‘defence in depth’ as a means of preventing losses (Young & Leveson, 2014). Challenges can be experienced when threat is prioritized because of the big volume of threats (McKinsey, 2007). For instant, if defence was to be optimized against the wrongly identified threat, the planted barrier will definitely be ineffective. In some cases, assumption may be made that mechanisms put in place to defend sophisticated threats would also be effective against lesser threats but this may not be the case. The adoption of operational procedures or simple requirements errors may allow sophisticated or unsophisticated attacks originating from lower-level or previously ignored adversaries to thrive (Coole & Brooks, 2011). A top-down systemic approach unlike the bottom-up tactic approach starts by pointing out the unacceptable system losses and against which protection of the system must be considered. Consequently, there is a smaller number as well as more manageable potential losses that are stated at a sophisticated abstraction (McKinsey, 2007). These types of losses are likely to extend beyond the logical and physical system entities into the sophisticated services offered by these entities. A strategic approach is concerned with identifying the essential service as well as the functions that need protection against disruptions and that may represent an unacceptable loss. The identified services or functions are later used to reason out deeply about the means through which particular undesirable outcomes can result (Goebel et al, 2009). The analysis is therefore not general but specific, moving from abstract to concrete. Focusing on strategic rather than tactics approach can be achieved through adoption of a new causality of systems-theoretic model that has been developed recently and that offers a more powerful approach to ensuring safety (Gupta et al, 2001). System-Theoretic Accident Model and Processes is a modern systems-theoretic model that presents causality linked to evolving system properties. Initially, it was developed to serve as a foundation for high-tech approaches to safety. Additionally, Systemic-Theoretic Accident model and processes and its linked analysis tools are also applicable to security (Siponen, 2005). The theory envisions losses as emanating from interactions of physical system components, humans and environment leading to violation of safety restraints. The focus is therefore not on failure prevention but on enforcing safety constraints within the system. Even though enforcing safety entails handling components failures, it also involves controlling advertent and inadvertent causes (Goebel et al, 2009). System behaviour is constrained through controlling in a hierarchical structure in which every level of the structure imposes the essential constraints on the lower level component’s behaviour (Siponen, 2005). In control and systems theory, all levels of controllers possess a process model that they control. The specific model for every controller serves the purpose of determining the essential control actions. As such, many accidents linked to human operators or software are not caused by human operator or software failure but by inconsistencies between the controlled process’ controller models and the real process state (Turle, 2009). New and high-tech techniques for design and safety analysis have been developed based on the system theory (Walters, 2007). For instant there is a new hazard analysis technique referred to as System-Theoretic Process Analysis (STPA) which is based on causality model of System-Theoretic Accident Model and Processes. The analysis is carried out on the functional control structure of the system (Turle, 2009). The functional control model in this system contains social aspects, physical aspects, information and logic aspects, as well as management and operational aspects. Therefore performing safety (Hazard) or security (vulnerability) analysis on this type of a model enables the analyser to get a bigger picture of the potential causes of a loss (Eloff & Solms, 2000). Advantages of Using System Theory In the contemporary world, cybercrime has impacted in a broad way a cross-section of the modern society including businesses, governments and individuals. Increasingly, people’s lives are tightly influenced by internet through multiple devices as a result of an ever evolving Web 2.0 ecosystem (Goebel et al, 2009). It is evident that people’s personal information including financial, shopping behaviours, medical, emails and photos are stored electronically (McKinsey, 2007). With cloud computing, people are not able to understand where their confidential information is kept or even how safe or secure that information is. Web 2.0 is developing at a high rate as people continue to get connected in an ever increasing number leading to complexity which involves sophisticated hardware and software (Goebel et al, 2009). Consequently, the chance of hackers getting the opportunity to exploit new vulnerability is growing at an equal rate. Companies are spending dollars in terms of millions to defend themselves from such hackers. Despite the effort put in place to protect information, there are several breaches which include Target, TJX, and Hannaford Brothers as well as Heartland Payment Systems which poses challenges to protecting cyber-attack (McKinsey, 2007). South argues that organizations are resource constrained and as a result criminals deploy innovative techniques and resources to introduce cyber-attacks developing an irregularity. Cyber insecurity falls into different categories which have unique implications (Goebel et al, 2009). For instant, there can be unauthorized access where an individual or many people gain access to business systems that are meant to be private. As a result, an organization can lose data, account identification and intellectual property (Coole & Brooks, 2011). Similarly, there is a different category of insecurity referred to as denial of services (Dos). In this case, a cyber-attack makes a business website inaccessible to the business owner. This may occur when a victim’s network get overloaded with many web requests causing a high volume of traffic and overloads the victim’s network. Similarly, unauthorized software can be installed on the system of the cyber-attack’s victim. This activity referred to as malicious code may lead to inconveniences such as infecting systems with viruses, recording keyboard strokes and stealing data (Turle, 2009). Technical approaches are not as a result of inherent shortcomings with these approaches, but due to the fact that technical approaches address just a part of the cyber security risks. Savage and Schneider (2009) argue that cyber security has inherent challenges because unlike hardware and software it is not a commodity which can be scaled with the common technology add-ons. Therefore cyber security requires a holistic approach which is beyond security technology to address non-technical threats that contribute to insecurity. There is a need therefore to include a proactive approach that complements the traditional approach for addressing cyber security risks as well as other technical risks (Savage & Schneider, 2009; Walters, 2007). System theory was established to address issues associated with organized complexity. System theory consists of concepts of communication and control as well as emergency and hierarchy (Gupta et al, 2001). The concept of emergency and hierarchy refers to a system that depicts an organized complexity and that can be demonstrated by levels of hierarchy. Different levels in a hierarchy have different complexity and their emergent properties are unique for every level and are only relevant for each level. The communication and control concept can be understood by considering an example such as password selection (Siponen & Oinas-Kukkonen, 2007). The rule of selection is a control mechanism which encourages users to develop strong passwords. This has the effect of changing the state of the system in that the level of security is enhanced in the perspective of the user (Gupta et al, 2001). In other words, when a user develops a strong password, the system becomes less vulnerable to attacks. In addition, selection rules impose constraints on choosing password so that the goal of creating a strong password is achieved. Constraints may be inform of specifying the least number of characters to be used, use of both numerals and alphabets, use of both upper and lower case letters or even prohibiting the use of certain characters (Da-Veiga & Eloff, 2007). System-Theoretic Accident Model and Processes (STAMP), helps to understand the causal factors that lead to loss. STAMP prevents loss through application of concepts such as safety constraints, process model and hierarchical safety control. Safety constraints are key in STAMP because it is assumed that the absence of constraints and/or lack of enforcement of significant constraints results in elevated threats which may lead to loss. Therefore, identifying the appropriate constraints is essential in restricting cyber-crime (Savage & Schneider, 2009). The concept of hierarchical safety control structures assumes that the constraints in higher levels control the behaviour at lower levels. Inadequate control at each level may result from four factors namely; inadequate safety control command, missing constraints, and inappropriate execution of commands or inadequate communication. Communication channels connect all levels within the control structure. The communication channels are important in that they enforce constraints at levels that are hierarchically lower and receive feedback in regard to the effectiveness of the constraints (Van Bon & Verheijen, 2006). A system suffers loss when the control processes become ineffective in impacting control on lower level processes (Gupta et al, 2001; Savage & Schneider, 2009). The third concept of STAMP is the process model. As discussed earlier, four conditions are necessary in controlling a process. The first condition is goal and it serves the purpose of identifying the safety constraints enforced by every controller. The second condition is that of action condition. This is implemented through a downward control channel and in the context of STAMP, communication occur between hierarchical control structures. The third condition is that of observeability condition which is implemented in an upward feedback channel. Lastly there if the condition of model condition which should be effective in controlling processes of lower level. A controller who may be a human being, a mental model or an automated logic uses a model of a process that is being controlled (Webster & Watson, 2002). Generally, System-Theoretic Accident Model and Processes plays a crucial role in reducing the level of insecurity in different ways. For a financial manager who perceives security in terms of financial loss or threats has found a solution of his problems through application of STAMP (Baskerville & Siponen, 2002). A sales manager, who sees security as minimizing all chances of interfering with sales efforts and target achievement, gets solace in the application of STAMP. The legal department that perceives security in terms of compliant to regulations also has his challenges addressed by the STAMP (Leveson, 2012). Constantly evolving organizational risks profiles requires a more effective technoligical approach to deal with the challenges posed by external and internal threats. The approach of system thinking helps in fostering the ability of understanding the interactions as well as the consequences resulting from addressing a specific situation. As a result, problems that are greater than the targeted one are avoided. This approach also helps in ensuring that departmental isolation is lowered so that the manager of information security gains a broader picture of informational threat and how it is associated with the overall enterprise risk (Webster & Watson, 2002). The success brought about by the use of system approach can be estimated by analysing the benefits it has brought to physical security. The dramatic failures of enterprises in addressing security issues adequately can be blamed on their inability to define security and put it in a comprehensible manner relevant to all the stakeholders (Gantz et al, 2008). The application of systems thinking approach in management of security will help managers of information security in addressing dynamic and complex environments. This will eventually lead to a generation of beneficial effect on adapting operational change, navigating strategic uncertainty, collaborating within the enterprise and tolerating the impact of external factors (Atlas, 2008). Even though system theory has the above advantages, it has been realized that information security based on business model should be treated as a component of the strategic plan for the program of information security, and not as an immediate fix solution for non-functional program. System theory is a long- term application that helps the enterprise to achieve business goals. It can be regarded as a key to the maturity of an organization. Maturity of an enterprise is as a result of maturity in information security program. As such, systemic approach paves way for systemic processes (Straub et al, 2008a). There are several benefits that are associated with the approach of top-down system to system’s safety and security. One of the advantages is that the whole social-technical system associated with causes of safety and security losses are taken care of and not just operator behaviour or low-level hardware. Another advantage is that it allows the inclusion of more efficient use of resources as well as the likelihood of resolving differences between security and safety at the time the system is being developed (Gasser & Haeusermann, 2007; Tudor, 2001). Conclusion System theory evolved as a result of the challenges that were experienced due to inadequacy of the old techniques that were used to addresses security. The system theory views a system in a holistic way rather than as a sum of its parts. It therefore examines the system as a one complete unit. Similarly, system theory assumes that one part of a system helps the analysers to understand all other parts of the system. This is because constraints put on one level are seen to affect other levels of the system. The system theory approach addresses both security and safety challenges hence ensure safety and security of information. Organizations are able to address the challenges of cyber-attacks when they use system theory approach because the threat is calculated and constraints installed in the system to limit the chances of attack. The system theory approach is more effective as compared to the tradition techniques in that it does not target preventing attacks but targets the mechanism through which attack can be made impossible. References Atlas, R. I. (2008). 21st Century security and CPTED: Designing for Critical Infrastructure Protection and Crime Prevention. Boca Raton: CRS Press. Baskerville, R., & Siponen, M. T. (2002). An Information Security Meta-Policy for Emergent. Risk Management. Research Publication, No. Vol.3. 2007-3 Coole, M., P., & Brooks, D., J. (2011). Mapping the Organizational Relations within Physical Security’s Body of Knowledge: A Management Heuristic of Sound Theory and Best Practice. Proceedings from the fourth Australian Security and Intelligence Conference. Perth: Western Australia. Da-Veiga, A., & Eloff, J. H. P. (2007). An Information Security Framework. Information for Research and Practice. European Journal of Information Systems, Vol 14. Eloff, M. M. & Solms, S. H. V. (2000). Information Security Management: An Approach to Combine Process Certification and Product Evaluation. Computer and Security, Vol. 19, No.3. Eloff, M. M., & Solms, S. H.V. (2000). Information Security Management: An Approach to Combine Process Certification and Product Evaluation. Computers and Security, Vol. 19, No. 3. Gantz, J. F., Chute, C., & Manfrediz, A. (2008). The Diverse and Exploding Digital. Policy, Processes and Practices. New York: Sharpe Publishers. Gasser, U., & Haeusermann, D. M. (2007). E-Compliance: Towards a Roadmap for Effective Practices. New York: Sharpe Publishers. Giffiths, M., Brooks, D., & Corkill, J. (2011). Defining the Security Professional: Definition through a Body of Knowledge. Perth: Secau Security Research Centre. Goebel, R., Sanfelice, R., & Teel, A. (2009). Hybrid Dynamical Systems. IEEE Control System, Vol. 29, No. 2 Gupta, M., Charturvedi, A. R., Metha, S., & Valeri, L. (2001). The Experimental Analysis of Information Security Management Issues for Online Financial Services. ICIS 2000. June 14-20, 10 Leveson, N. G. (2012). Engineering a Safer World. MIT Press. Literature Review. MIS Quarterly, Vol. 27, No. 2. McKinsey Quarterly. McKinsey. (2007). How Businesses are Using Web 2.0: A McKinsey Global Survey. The Organisations. Logistics Information Management, Vol. 15, No. 5 Savage, S., & Schneider, F. B. (2009). Cyber Security. Retrieved October 6, 2015 from http://www.cra.org/ccc/files/docs/init/Cybersecurity.pdf Schultz, E. E., Proctor, R. W., & Lien, M. C. (2001). Usability and Security: An Appraisal of Usability Issues in Information Security Methods. Computer and Security, Vol. 20, No. 18. Siponen, M. (2005). An Analysis of the Traditional IS Security Approaches: Implications Risk Management. Research Publication, No. Vol.3. 2007-3 Siponen, M. T., & Oinas-Kukkonen, H. (2007). A Review of Information Security Issues and Risk Management. Research Publication, No. Vol.3. 2007-3. Straub, D. W., Goodman, S., & Baskerville, R. L. (2008). Information Security Systems, Vol.38, No.1, pp 60-80. Straub, D. W., Goodman, S., & Baskerville, R. L. (2008a). Framing the Information Security Systems Management, Vol. 24, 361-372. Tudor, J. K. (2001). Informational Security Architecture. Boca Raton: CRC Press. Turle, M. (2009). Data Security: Past, Present and Future. Computer Law & Security Universe. IDC White Paper. Van Bon, J., & Verheijen, T. (2006). Frameworks for IT Management: itSMF ed. Zaltbommel: Van Haren Publishing. Walters, K. (2007). Data Security Lapse Exposes Private Details. Business Review Weekly Webster, J., & Watson, R. T. (2002). Analysing the Past to Prepare for the Future: Writing a Respective Research Contributions. The DATA BASE for Advances in Information Review, Vol. 25, pp. 51-58. Young, W., & Leveson, N. G. (2014). Inside Risks: An Integrated Approach to Safety and Security Based on Systems Theory. Communications of the ACM, Vol. 57, No. 2 Read More