Hi All
Rather historic perspective, but still relevant even today:
"The lack of transparency and visibility into the hardware, software, and firmware components produced by industry can be a nightmare for systems engineers who must build systems to carry out critical organizational missions, many of which are part of the U.S. critical infrastructure. I have characterized this as the “black box” problem. This a significant problem related to "assurance” in the systems and system elements being developed.
Systems engineers need assurance evidence to determine the trustworthiness of individual system elements as they make their trade space decisions during the system development life cycle process. Many of these system elements are commercial products that are needed to take advantage of innovation and produce the most effective (and cost effective) solutions and systems possible.
So, why is assurance a central issue in the protection of critical systems today?
To understand the significance of this problem, take a look at the following excerpt from an oral history interview of Dr. Roger Schell (available online at the University of Minnesota).
On page 127, there is a discussion regarding the use of commercial products and the need for assurance in those products.
“And the DoD directive that set up the center [referring to the National Computer Security Center] said that its goal was to encourage the easy availability of secure products. And so, it was understood that it would work with industry to get secure products; encourage secure products; evaluate them; and make them available for DoD use. You know, sort of the informal characterization that my boss gave me was; he essentially said, look, we’ve always built all of our own hardware and software here at NSA; which was true. But, he said, we can no longer; our systems are too complex. We cannot build from scratch everything that we need to field that needs security. We’re going to have to use products that are commercial products. And if a commercial product is built out there anywhere, as far as we’re concerned, it could be built by the FSB/KGB previously. And so, he said, since we’re going to have to use those commercial products, your job is to be able to take a commercial product and evaluate it and know that I can use that commercial product to manage my most sensitive data without fear of it being compromised...”
While this discussion focused on the high assurance requirements in the Trusted Computer System Evaluation Criteria (a.k.a. Orange Book), it illustrates the transparency and visibility issues and lack of substantiated trustworthiness in commercial products.
If systems engineers cannot determine the trustworthiness of the individual systems elements they are considering for their respective systems-of-interest, then it will be very difficult to apply the appropriate risk mitigation measures to reduce the uncertainty associated with the behaviors of those systems to an acceptable level."
https://conservancy.umn.edu/items/2ff042e5-8e4d-483f-82cc-12b7e4579242
Well worth reading or listening to this post. It is still relevant even today.
Regards
Caute_Cautim