High Assurance Cyber Security

Author: Colin Robbins

What is High Assurance?

As computer security systems have evolved over the years, hackers have become more sophisticated. Their methods have changed, targeting any vulnerabilities to try and find a way into a system. No business is immune from cyber attacks, regardless of any detection software they may have in place. As the network infrastructure of businesses rapidly expands, there are more weak spots for hackers to gain access to your systems, and more critically, your confidential data.

High Assurance products are needed where information or networks need to be protected from high end threat actors, and you need a high level of confidence that the solution will mitigate the risk. This typically applies to:

  • Cryptography Products

  • Network security products

  • Cross Domain Solutions

Larger, high value businesses are likely to come under threat from specific attacks. For high value targets, an attacker may use more sophisticated methods. These targets are described as being subjected to elevated threats. In order to attack such targets, significant investment in skills, resources and capabilities is needed, therefore it is likely that attacks would be carried out by organised crime and state sponsored groups. For example, this threat group is likely to use advanced techniques over a period of time (to avoid detection), they may even exploit a previously unknown vulnerability (so called zero day).

COTS products are often designed robustly, but are not always designed to withstand attacks of this nature. This is where high assurance products come in – they are designed with these threat actors in mind, and use architectural and implementation design choices to reduce the risk of a successful attack to an acceptable level.

Building a High Assurance Product or Solution

High Assurance UK states that high assurance cyber security means “risks & liabilities can be managed with ongoing high confidence, based on strong and verifiable evidence”.
There are two halves of this statement. The first is about understanding the nature of the attacker; anticipating the techniques they will use and designing risk mitigations into the solution. The second part is about being able to demonstrate to the customer or system accreditor how you have achieved this.

So, there are two core aspects to building a high assurance product:

  1. Designing and building the product or solution to mitigate identified risks..

  2. Providing evidence that point 1) has been achieved.

NCSC High Assurance Guidelines

The NCSC has published guidelines on building high assurance products securely. The guidance recommends “approaches to the design, development, and security assessment of products (and systems) capable of resisting elevated threats”. The 6 principles are as follows:

1. Products should be sourced from trusted suppliers with proven high threat domain knowledge

Pedigree is important, the demands of such products require significant investment; beyond a level that many COTS providers chose to adopt. However, this is a thriving UK sovereign capability base, of which Nexor is proud to be.

2. Developers' processes should demonstrably meet all accepted good practice

There are two parts to this. “Meeting accepted good practice” – what is “good practice” and where is this defined? Nexor has chosen to align to the practices described in BS 10754.“Demonstrably” – this requires a level of robustness in processes, with suitable governance, to ensure evidence of suitable quality is produced. Nexor has chosen to align to TickITPlus and are regularly audited against this standard.

3. Products should have clearly defined, specific security functionality, with limitations identified

There is no security silver bullet and high assurance products are no exception. They are designed for a very specific purpose to mitigate specific risks. You need to understand these risks – and more importantly the risks they do not mitigate against. For example, a firewall that does not contain application proxies will mitigate the risk of a direct network attack, but will not mitigate the risk of content-borne viruses.

4. Products should support systematic, independent and evidence-based assessment of claimed security functionality

Assessment of this nature requires significant investment. The most widely recognised approach is a Common Criteria assessment. Where this is not applicable a process of accreditation is often used directly by customers.

5. Products should always operate as intended

This may seem obvious, but the important point is any attack must not be able to get the product to operate in a different way – as by doing so they may be able to subvert the security functions.

6. Products should always be in a trusted state

Similar to above, an attacker must not be able to access the product in an untrusted state – as by doing so they may be able to subvert the security functions. It's important to note this includes when the product is switched off – so many products have anti-tamper controls.

Who Needs High Assurance?

The CloudStrike and SolarBurst security attacks have shown that well-resourced and motivated threat actors are active, as well as a spate of well-resourced Ransomware attacks.

In designing a business to be resilient to such attacks there is no silver bullet. It includes using good architectures, good practices, good governance, and good technology.

High assurance products are designed to give you confidence that your chosen technology is robust in performing its identified role in protecting against such attacks.

SolarBurst will have a significant impact on cyber security, current tools and techniques failed to prevent the attack, which went undetected for a long time.

High Assurance products are not a silver bullet, but they are a piece of the puzzle.

We can predict the wider adoption of high assurance principles based on the historic development of the airbag market. Volvo first installed airbags into their cars to stand out from their competition as the high safety choice. Over time, other companies adopted airbags to close down the competitive gap. It did not take long for airbag installation to become widespread after that point, and their usage is now the industry standard.

We predict a similar trend in high assurance security processes. What is currently a mark of security in high-end products is likely to gain traction in the wider market as its benefits become apparent. Once high assurance security reaches the point where its benefits are recognised by consumers, it is likely to become the industry norm, rather than the specialist practice it is at present.

Nexor’s team of expert security professionals can work with you to create a high assurance solution for your business. Get in touch with us today to arrange your first consultation.

Read more posts on

About the author

Colin Robbins is a Principal Security Consultant, leading customer-funded research activities in secure interoperability and information exchange. He has specific technical interests in the Single Information Environment and Data Centric Security, as well as the processes of security, such as Secure by Design and Information Security Management Systems (ISMS). He is a Fellow of CIISec, and a former NCSC certified Security and Information Risk Adviser (Lead CCP).

Colin Robbins on Linkedin

Read more posts by Colin Robbins