This article was originally published in the June 2023 IAEA Bulletin titled Computer Security in a Nuclear World. The only modification has been to replace the cover image.

Artificial intelligence (AI) and machine learning technologies could potentially revolutionize the world, ushering in unprecedented progress and innovation by transforming how we create, consume and use information. As AI technologies become increasingly sophisticated, they will transform industries, streamline processes and may even impact how we live our lives. The nuclear sector is no exception, and the benefits of AI can be expected in many processes and operations in nuclear and radiological facilities.

At the same time, AI’s rapid advancement also brings with it a multitude of risks. Malicious actors may use AI to launch more advanced and targeted attacks or exploit it to compromise the integrity of networks, systems and sensitive information in nuclear and radiological facilities.

Benefits for information and computer security

The IAEA is preparing for the transformations brought about by AI by fostering international cooperation in the area to ensure all countries can benefit from the opportunities while also preparing to mitigate the risks. Through mechanisms such as Technical Meetings and coordinated research projects (CRPs), the IAEA is supporting the development, awareness and application of AI techniques, as well as countermeasures and defence against malicious actors.

Perhaps the most significant advantage of AI in information and computer security is the reduced reliance on human analysis and intervention. AI-enabled systems can operate 24/7 to monitor networks and systems for threats. By automating these tasks, nuclear security professionals have the time to focus on more strategic tasks and respond more efficiently to incidents when they occur.

“The adaptive learning capabilities of AI can be harnessed to enhance information and computer security by swiftly identifying threats and automatically providing human experts with the information they need to coordinate response activities,” said Fan Zhang, an assistant professor at the Georgia Institute of Technology in the United States of America, who participated in a CRP to support research in strengthening computer security. “It will not replace the workforce, but rather establish resources and insights that will make early detection and response in computer security realistically achievable.”

By leveraging advanced machine learning algorithms, AI may also help nuclear and radiological facilities sharpen their defences against cyberattacks by identifying anomalous data in computer systems. AI-supported security systems can continuously monitor and analyse vast amounts of data to determine if any activity is anomalous to the facility’s normal operation. Cyberattacks may feed fake data to maliciously mislead the operators of nuclear facilities. In this case, AI-supported systems can be harnessed to alert those running a nuclear power plant to even the slightest variation from normal operations. By offering heightened situational awareness, AI also allows for the early detection of criminal actions and prompts the necessary incident response.

Challenges to be addressed

The benefits offered by AI in nuclear and radiological facilities depend greatly on how the AI system has been trained. AI is only as intelligent as the training data it is working with, and it can be manipulated into giving false readings and results if it does not have the correct inputs. This remains a significant barrier to its use for nuclear security. Even with the recent advancements in AI technology, using it as a replacement for a human is not feasible. Physical protection, material accounting and control and direct measurements — essential activities for ensuring nuclear security — require a human input.

An additional challenge with AI with regard to nuclear security is understanding how and why an AI model has made a particular decision or prediction. “Transparency and explainability —where humans can understand the reasoning behind decisions or predictions made by the AI — are among the most significant problems with AI models. It is often challenging to understand how these models arrive at their conclusions, making it difficult to trust and ensure the integrity of their output,” said Scott Purvis, Head of the Information Management Section in the IAEA’s Division of Nuclear Security. “This becomes particularly problematic when these models replace sensors providing direct measurements and human experience gained with the unique characteristics of each facility. It becomes impractical to place any assurance in the system’s integrity unless there is a prior comprehensive advanced understanding of the AI algorithms to recognize how and why decisions are made.”

The IAEA’s guidance on computer security for nuclear security includes best practices on human checks and balances to guide facilities’ awareness of which processes can be automated by AI and which should continue to have human oversight, at least until the risks of this rapidly developing technology are known. They also provide an essential resource that can enable countries to put important computer security measures in place to detect, prevent and respond to cyberattacks.

Additionally, a CRP was developed by the IAEA to support research in strengthening computer security. Entitled “Enhancing Computer Security Incident Analysis at Nuclear Facilities”, the CRP brought together representatives of 13 countries to work on improving computer security capabilities, including AI techniques, at nuclear facilities to detect anomalies indicating targeted cyberattacks.

The race to adopt AI technologies

AI has shown its potential to benefit people who use nuclear technology for peaceful ends. As its use to enhance processes and operations in nuclear and radiological facilities expands, so too must the awareness of the risks associated with its broader adoption. Organizations must maintain a robust computer security programme to assure nuclear security while benefiting from AI.

Doing so requires a fundamental paradigm shift in how trust and sensitivity is viewed. Every potential point of failure in a system must be considered, even those unrelated to its design. Malicious actors can leverage AI to create more sophisticated malware, automate cyberattacks, exploit biases and vulnerabilities within the models, or bypass security measures by mimicking legitimate user behaviour. This ‘arms race’ between defenders and attackers will require constant innovation and adaptation.

Greater use of AI technology to enhance computer security measures at nuclear facilities could offer significant benefits, including enhanced threat detection, proactive security measures, reduced reliance on human intervention and improved incident response. By embracing the benefits of AI while addressing its risks, organizations can significantly enhance their computer security in the face of evolving cyberthreats.

Put down your tar and pitchforks. The activities connotated with “cyber security” are vital to avoid the worst consequences of malicious acts that could target computer-based systems. After all, we live in an era where computers are the predominant means we consume information, forming the basis of our knowledge and subsequent actions.

I have been fortunate to work on nationally significant critical infrastructure where we developed function-centric approaches to computer security. Leveraging that experience, I have spent much of my career either working in support of or directly for an international organisation on the proposal, establishment, drafting, consensus building, and maintenance of internationally recognised consensus guidance documents on “information and computer security”.

But why do we use the terms “information and computer” security rather than “cyber security”? While, as with all things that make international consensus, there are a number of elements at play, I remain a strong proponent in favour of this decision within my individual capacity because I have come to believe that the term “cyber security” is harmful, and at least the recognition of that is needed to move forward into a more mature engineering-inclusive approach to security. Let me explain why.

The Ambiguity of “Cyber”

Computer security is only the desktops, but "Cyber" includes the Cloud, right?

— A Diplomat, 2022

“Cyber” is an abstract concept inconsistently encompassing various digital, virtual, computer-based, or internet-related ideas. When discussing “cyber security,” interpretations can differ significantly among individuals from diverse backgrounds, such as policymakers, regulators, company directors, engineers, security professionals, and average users. This inconsistency poses a challenge when asserting that “cyber security is everyone’s responsibility.”

The ambiguity surrounding “cyber” can result in confusion or misunderstandings about the scope and focus of “cyber security.” Consequently, it may be difficult to establish clear security objectives, making the definition of strategy, policy, programme and assurance mechanisms inconsistent and resulting in potential gaps in implementation that attackers could exploit. Securing an abstract concept with no universally agreed-upon definition is challenging. Establishing specific security objectives and successfully adopting a graded approach requires a more precise focus.

“Computer security” offers a more appropriate emphasis on protecting computer-based systems regardless of any biases towards their form or function. In all “cyber”-relevant technologies, the common element is using computer-based systems, including workstations, servers, networking devices, IoT, cloud computing, information technology, and operational technology. How these systems perform functions is what matters.

A computer-based system contributes to the performance of a function, this contribution is understandable, and a security programme can be oriented to preserve the contribution towards the performance of the function. This approach actively encompasses any digital device with reprogrammable logic, such as CPUs and Programmable Logic Devices, as the scope of a computer is well-defined at a technical level. It also takes into account the potential consequences of compromise.

Engineers know when they use computers. With this perspective, it becomes evident that everyone involved in the system lifecycle has a role in maintaining security rather than assigning the responsibility solely to a “cyber” expert. Adopting a tangible, measurable approach to security with a more understood scope can help reduce ambiguity and foster a better mutual understanding of the responsibilities of securing digital systems.

Overemphasis on Specific Technology

We have some clients installing two data diodes operating in opposite directions. The protocol break protects against cyber-attacks.

— Security Vendor, ~2017

The prevailing focus of “cyber security” governance leans heavily towards securing information-processing systems. This approach influences workforce training, market solutions, and risk assessment. While some practitioners may perceive a broader meaning behind “cyber security,” the widely accepted understanding remains on information protection. This narrow focus leads to a skewed governance model prioritising safeguarding information and normalising detection, delay, and response strategies aimed at information systems rather than preserving the business functions no matter what systems contribute to their performance.

“Cyber security” overemphasises information security and its technological aspects, often overlooking organisational factors contributing to attaining security objectives such as functions, system design, and existing defence-in-depth and other resiliency measures. This results in a less efficient allocation of security resources. Even when venturing into areas like OT security, the fixation on information-processing technology can overshadow the importance of human factors. Both computers and humans can act on malicious information. Still, the cyber-physical actions of computers often receive more attention than the potential for maliciously misleading human operators into causing unintended consequences (phishing attacks to obtain information are the exception). Without investigation, such incidents may be considered accidents, with the operating organisations and vendors likely having no incentive, or even data, for further investigation when it is attributable to user error.

In my experience, I have seen examples of national critical infrastructure regulations that criminalise attacks on information confidentiality while leaving gaps in addressing breaches of integrity and availability, which may be more consequential in malicious acts. Technical resources are often dedicated to protecting against or gaining visibility into internet protocol-based attacks rather than detecting subversion within engineering networks or business functions.

This approach leads organisations to invest heavily in standalone “cyber security” measures while neglecting the integration of security principles into engineering processes. Consequently, this may result in suboptimal solutions that fail to address the root causes of vulnerabilities and risks. We must ask ourselves: are we striving to maintain the proper performance of business functions, or are we mistakenly believing our responsibility ends with protecting computer systems?

Clarity of Roles and Responsibilities

We don't have to worry about "Cyber Security". We are not connected to the Internet.

— Reactor Manager, 2018

A respected industry leader once told me that “cyber security is a solved problem. You can only be attacked through physical access, wired networks, wireless networks, supply chain, portable media and mobile devices. Once you protect against those, you are secure.” But who is doing the work? The engineers or the cyber security professionals? At what point in the engineering lifecycle does it occur? More often than not, “cyber security” is considered after design and development with minimal emphasis on security by design. Is this viewpoint just more of a reactive approach?

The normalised approach to security and safety certifications has been to front-load costs during the initial design and development, with few economic incentives for ongoing support and maintenance. While this has shifted over time, there is still an issue due to ambiguities around “cyber security” the full scope of a function-centric systems engineering approach to protecting computer-based systems is not considered part of, or a requirement within, the engineering design process. Information security is the exception, with resources frequently allocated towards protecting sensitive information. All other aspects are relegated to implementing programmes and measures to build a barrier around what are likely fundamentally insecure systems.

Over consecutive years I witnessed two sales pitches for modernising an extensive distributed control system from the same vendor: the first presented an architecture without security considered. The second, the “high security” variant, provided the same architectural diagram, with the same hardware and software, but with logos of cyber security companies such as “Splunk, Cisco, Juniper, and McAfee” scattered around the periphery of the diagram. It was clear at that point that they didn’t see their product as part of a target set, consigning their concerns to the information technology surrounding it. Maybe things have changed now? But where does the boundary exist between the product’s security, the software and hardware enabling the function, and the surrounding environment? Who should be responsible? Do we rely on the insertion of insecure trust into our secure boundary? It’s not like that hasn’t been exploited before.

What would it be like if we had these clear responsibilities established? We could achieve this by securing “computers” and their functions, which would be considered another aspect of good engineering consistent with engineering ethics. Such an approach would have further benefits as many incidents related to computer systems arise from poor engineering practices. A more robust approach to achieving safety and security assurance by design, where there are more specific responsibilities around the engineering of computer systems, could increase general system resilience and robustness, preventing many safety incidents from occurring altogether.

Simplification of Complex Issues

Can't you just install Anti-virus on the Workstation and call it a day?

— I&C Engineer, ~2017

“Cyber security” simplifies complex and multifaceted issues that cross disciplines, through ambiguity reducing them to a binary concept of secure versus insecure and further positioning the entire profession to be seen through a lens of commodity measures and professional services. I had this experience, attempting to justify the security of a complex operational technology system within a nuclear reactor against a set of government controls primarily intended for application to information processing computers.

The systems we were looking at securing performed functions and had an existing engineered approach to assuring safety and security defence-in-depth. Multiple systems would perform the same function and thus deserve protection from external threats and measures for delay, detection, and response that orient towards reinforcing their reliability and independence. The mandated oversimplification of security hinders nuanced discussions and the development of comprehensive strategies for preserving the performance of these functions. Instead, we were, at best, incentivised to build a common boundary around all such devices and declare them secure.

These are all threat-centric approaches. Without more function-centric approaches, encouraging collaboration and cross-involvement between engineering and computer security to address the preservation of the overall engineered function, we will be stuck securing a set of potentially inconsequential computers in manners that may even degrade security.

Fear-driven Market Economics

Did you read the article in Wired today? You should be more worried. If we are hacked, I’ll cut you loose before they take my head.

— IT Manager, ~2017

Increasing media coverage and public awareness of cyber threats have intensified concerns about the potential consequences of attacks. High-profile incidents, often involving sophisticated and well-resourced threat actors, have spurred organisations to invest in security measures without fully understanding the specific risks they face. This fear-driven demand has led to a proliferation of “cyber” products and services, with vendors capitalising on the anxiety surrounding cyber threats to promote their solutions as essential and establish long-term vendor lock-in.

In this climate, organisations are influenced by the overdramatisation of “cyber” to allocate resources based on fear and ambiguities surrounding the term rather than through rational risk assessment and the potential for actual risk reduction. The fear of becoming a victim of a cyber-attack, combined with the limited cross-disciplinary knowledge of many “cyber security” professionals, can result in a reactive deployment of the latest security technologies or services without considering their effectiveness in addressing the organisation’s unique vulnerabilities and threat landscape. Such reactivity can lead to suboptimal resource allocation, fostering a market that thrives on fear instead of developing and implementing effective, tailored strategies for meaningful risk reduction.

Stifling Innovation in Engineering

If you don't call it "cyber security", I'm not funding it. I don't care about good engineering. That’s their problem.

— IT Manager, ~2016

The trinity of “Cyber security/cyberthreat/cyber-attack” has positioned “cyber” as a threat-focused discipline distinct from engineering, promoting a reactive mindset where security measures are implemented as an afterthought or in response to specific threats. We prioritise resources to detect malicious activity on computer networks with little thought to addressing defensive strategies within the fundamental engineering designs and resulting response procedures. What happens when a threat is detected? Who responds, the engineering team or the computer security incident response team? Who has authority over the equipment?

If a process-aware anomaly detection system has a high-severity trigger, who will be liable when making the call to bring the process to a safe state? These procedures and interfaces likely do not exist or have yet to be considered. Treating “cyber security” as different to the engineering disciplines that develop computer-based systems and the operations teams that use them contributes to a lack of interdisciplinary expertise, where professionals narrowly focus on their respective domains. You will see security functions without communication channels and operations with poor visibility due to a reliance on compromisable digital indicators.

A cyber-attack is not a special snowflake. Conversations need to occur to establish the mechanisms of delay, detection, and response addressed within the engineering design and shared between operations, engineering, and security. There is a misguided view that cyber security incident responders will have complete authority, but that seldom happens.

For the best outcome, we must recognise that many approaches to “cyber security” are just band-aids incentivising the industry to stand in the way of progress. There is a need for real innovation in how we engineer and operate computer-based systems. We can only achieve more effective assurance by recognising that “cyber security” protection is not absolute. Instead, our best approximation will be embedding computer security into the engineering design and building on that to leverage multi-disciplinary approaches to detection, delay, and response.

Conclusion

There are misaligned incentives between engineering and “cyber security”, which I largely attribute to ambiguity in the term “cyber”. Engineering assurance prioritises functionality and cost from the comfort area of existing assessment methodologies, leaving “cyber security” as an exercise for operating organisations. Meanwhile, “cyber security” focuses on defending against cyber threats rather than working to support the assurance of functions those same threats would seek to target.

This misalignment can create tensions and hinder the development of balanced solutions, considering relevant information from both disciplines and meeting engineering needs and security objectives.

Worse still, the symbiotic relationship between first-to-market engineering pressures and the false application of “cyber security”, if oriented to protecting computers rather than preserving functions, will be hugely detrimental to infrastructure security worldwide.

The focus on the robustness and resilience of the performance of functions, understood by both fields and made more tangible with “computer security” rather than “cyber security”, would encourage the adoption of a more holistic systems engineering effort that will go a long way to achieving security by design.

Whichever word, we must recognise that “cyber security” is good engineering. It is not different; it is not unique; it is an assurance function that needs to be considered in the engineering design process, just like safety. After all, when faced with the existence of malicious acts, safety cannot be guaranteed without security.

Artificial Intelligence/Machine Learning (AI/ML) models need more transparency and explainability, the lack of which makes it difficult to understand how they arrive at their conclusions and can degrade security. While achieving transparency and explainability can be challenging, failing to do so can require users of the AI/ML models to place blind trust in their output. When such AI/ML models are relied upon without considering how they can be subverted through a malicious act, there is a risk of weakening overall defence-in-depth.

Deployment concepts integrating AI/ML into decision-making processes are becoming increasingly common with a push to leverage the technology to reduce costs and increase efficiency. Organisations wishing to receive the most benefit from this will follow through with a reduction in the importance of direct sensing and reliance on human training, intuition, authority, and experience. This would then require more trust in the output of AI/ML models as they are leveraged directly within the performance of critical functions.

Before this happens, we should seek to understand how the models could be compromised — no matter how unlikely that compromise might seem. This is a non-exhaustive attempt to brainstorm how this might occur across attacks directed towards training data, supporting computer-based infrastructure, the model and its execution, and the acceptance and standardisation process.

Training Data

Training data is a set of examples used to train a machine-learning model. Training data teaches the model to recognise patterns and make predictions or classifications based on the training data set. Malicious actors might target the training data set to compromise the model’s decision-making.

Malicious mislabelling through attacks against the data set or labelling process for supervised models.

In a supervised AI/ML system, models are trained with labelled data to “learn” the relationship between inputs and outputs.

An example of such a training data set would be many photos of fruit, each with a description or label noting its type, such as apple or orange. These images and labels would then be loaded into the model and used to compute patterns visible within all photos of a common type. The model learns to recognise patterns in the fruit images during training, associate them with the labelled category, and then use that knowledge to identify new unlabelled fruit images it hasn’t seen before.

Suppose the training data set or the labelling process is compromised, and these labels can be manipulated. In that case, the model could be trained to return wrong decisions on wide-ranging or specific inputs.

Injection of adversarial examples into the training data set.

Similarly, a malicious actor could intentionally manipulate the training data set by injecting adversarial examples, which may be indistinguishable from regular inputs in review but are designed to mislead the model. This could later be combined with adversarial inputs to increase the reliability in which they can subvert the model once it is deployed.

Undermining the statistical assumptions of the model by silently manipulating training datasets.

An AI/ML model is designed to learn from the statistical patterns and trends in the training data set. A malicious actor could manipulate the training data set to undermine the statistical assumptions of the model, resulting in a model that does not accurately represent the data and is not fit for purpose. This may be particularly relevant for models running on limited datasets, for example, a model designed to support the calculation of flow rate at a specific point in an industrial process without a sensor.

Deliberate manipulation of captured data to affect the fit of the model during retraining.

AI/ML models are retrained over time with new data; a malicious actor could manipulate the captured data, combined with one or more of the above techniques, to affect the fit of the model during retraining.

Unauthorised access to retraining data compromising confidentiality.

The training data may be fundamentally sensitive, revealing flaws or limits of performance in a model or the function it is designed to support. A malicious actor may be able to utilise this in preparing an attack against the model or the supported function.

Supporting Computer-based Infrastructure

AI/ML models do not work alone; they are surrounded by supporting infrastructure such as servers, databases, storage systems, networking equipment, and software tools to support the training and execution of the model. Malicious actors may target these to compromise the model’s output indirectly.

Compromise of supporting software in the input/output chain of the model.

It will likely be uncommon to directly provide input or receive output from the exact process of training or executing the model. Instead, various supporting software may provide web and network services, inter-process communication, and loading input and output data in and out of pre- and post-processing functions.

A malicious actor may attempt to compromise any part of this infrastructure to manipulate the integrity of the data loaded into the model, or the output returned (e.g., through a man-in-the-middle attack). This can be done in a way undetectable by the system or user of the model, exploiting any implicit trust at play.

Compromise of operating system functions leveraged by the model for interaction with data sets.

An AI/ML model may use many features the operating system provides. A malicious actor may seek to exploit vulnerabilities in the operating system’s system calls, file handling, shared libraries, and memory management to inject malicious data sets into the model.

This is noteworthy as without explainable models, or within models that are considered proprietary, there is an implicit trust required that may outweigh the authority, intuition, and experience of personnel in a decision-making process, e.g., the AI/ML model is provided by a vendor, the model is accurate, but through such a compromise its decision-making ability is compromised. An operator notices this, but the model will pass all integrity checks. Who would you trust?

Manipulation of input order through the randomiser function.

During the training process of AI/ML models, the data is often randomised to reduce biases that might be generated towards a particular subset of data. A malicious actor might seek to compromise the randomiser function used to load the training data into the model, allowing them to manipulate the order of the inputs. This could lead to incorrect relationships between inputs and outputs or be used to magnify the reliability of adversarial examples and inputs.

Manipulation of test input/output through pre- and post-processing functions.

Pre- and post-processing functions can be used to manipulate training and input data and the resulting outputs from the model. A malicious actor might seek to compromise one of both sets of functions to allow undetected subversion of the model while outputting data that either deceives systems and personnel or holds up to interpretation standards; however, the model has been silently compromised.

The Model and its Execution

AI/ML models are fundamentally computer programs. They are represented in code that is executed by a computer-based system. A malicious actor may seek to compromise either the code itself or its interpretation by computers.

Compromising the programming or code of the model itself.

A malicious actor may seek to modify or inject malicious code into any processes that form part of the model. This would allow any form of tampering to occur to subvert the model. Such an attack, however, should be readily detected through existing means of integrity checking.

Exposure of the model code in either source or object code form.

The source code or compiled version of the model may contain confidential information that, if accessed by a malicious actor, could be used to identify vulnerabilities or extract sensitive information that could support another attack.

Compromise of operating system functions leveraged in the execution of the model.

The object code for an AI/ML model needs to be loaded for execution by the operating system and potentially a series of interpreters. A malicious actor may seek to exploit vulnerabilities in the operating system’s system calls, file handling, shared libraries, and memory management to inject malicious code into the execution of the model itself.

Compromise of serialisation functions or storage used for persistence of model state.

Some AI/ML models use serialisation functions to provide for state persistence. These functions generate a representation of the state of the complex data structures within the model and store it in a form that is easily saved into a file or transmitted. When this data is again loaded (deserialised), the model resumes executing from its previous state. A malicious actor could compromise the functions or the stored serialised form to tamper with the model and subvert its subsequent reload and execution.

Acceptance and Standardisation

AI/ML models will take time and resources to develop. Like with conventional computer modelling codes, some will become more prevalent than others. A malicious actor may exploit this natural filtering.

Deliberate promotion of vulnerable models that can be exploited with specific knowledge.

There is a risk of deliberately vulnerable AI/ML models being published, which may appear complete but contain weaknesses that can be exploited with specific knowledge. A similar situation would be the allegations that a backdoor allowing an actor with knowledge of the backdoor to decrypt affected communications was crafted into the Dual EC DRBG pseudorandom number generator during the standardisation process.

A well-resourced malicious actor may publish a model that achieves a desired goal but embeds an element that can be exploited later. Such an attack can be supported by proxies and unwitting advocates, leading to the widespread adoption of the compromised model. This could be occurring now.

Conclusion

A malicious actor will constantly attempt new attacks to achieve their intentions and seek to subvert functions and the systems that perform them by intelligently triggering the worst impacts at the most vulnerable moments. We must consider every potential point of failure in a system, even those unrelated to its design. This requires examining every aspect from multiple angles, building an understanding of how it could be exploited, and securing it according to how the technology will be used and the unacceptable consequences of compromise of its misuse. This is a brief attempt to consider how that exploitation might arise for AI/ML.

The concept of security is highly subjective and varies greatly depending on individual perceptions of the functional space and its known threats; this does not need to be the case. Physical security, personnel security, insider threat mitigation, information and computer security, engineered systems and business process design all contribute to a comprehensive security framework. Experts from each area may unintentionally prioritise the importance of their specific expertise — protection against known threats will always seem more critical than unknown ones.

My understanding of security was shaped by reading Security Engineering by Ross Anderson. From this book, I took the idea that safety and security combine to protect against the effects of events arising from error, mischance, and malicious action. Safety and security might be the same concept and share the same word in some languages. However, when a distinction is made, it is apparent that error and mischance are addressed by well-established processes in safety, leaving malice, or the protection against the effects of malicious action, as the domain of security.

Protecting against malice is incredibly complex. It requires defending against adversaries intending to cause harm and with the cognitive ability to develop or obtain the necessary resources and information to achieve it. The challenge is ongoing as adversaries develop additional capabilities, refine their tactics, techniques, and procedures, gather data to target any possible vulnerability and learn from successive attempts or attacks against similar targets, allowing them to reorient their approach. In the field of cyber security, this challenge is even more apparent due to the instantaneous nature of cyber capabilities, which can be weaponised with just a few lines of code and proliferate rapidly. Unlike the production and use of automatic weapons, which took several decades to spread from military to organised crime, cyber-capable adversaries can almost instantaneously copy and distribute information on vulnerabilities or tools to enable their exploitation.

These factors make applying a threat-centric approach, where it is assumed you have a fully comprehensive understanding of the threat capabilities, increasingly more challenging to achieve if possible. But what do we control? The business functions and the organisational systems that perform them. We can engineer reliability and defence in depth, taking a multidisciplinary approach to anticipate the consequences of compromise before discovering any threat capability.

Security, particularly information and computer security, should be seen through the lens of the degree of trust one maintains in the dependability of a function to continue to be performed correctly despite a malicious act against any system supporting its performance. This is not a random failure in safety; adversaries will constantly attempt new attacks to achieve their intentions and seek to subvert the targetted function by intelligently triggering the worst impacts at the most vulnerable moments. The only reasonable response is to orient security as a state, representing an objective that allows the specification of an engineering effort to achieve it.

The degree of trust that given systems will continue to provide a desired function despite a malicious act.

If security protects systems and preserves functions, responsible engineers and business processes, owners must also be involved. To achieve this approach, we must identify an organisation or facility's critical functions and the systems delivering them, then collaborate across disciplines to assess the possible means and consequences of compromise. We must perform this analysis thoroughly and across disciplines and recognise that much of this information will not exist within any system design. If that is not the case, we will unknowingly implement a lesser security state. Each represented discipline will offer a unique perspective that contributes to a comprehensive understanding of the potential impacts, allowing for effective and targeted protective measures and approaches to detection and response to be implemented, delivering genuine risk reduction rather than just a simulation of it.

Demonstrating absolute or probabilistic protection against malicious acts might not be possible, but reducing the consequences of compromise, and implementing defence in depth to facilitate detection, response, and mitigation of consequences before they can be realised, is within our control. Employing this function-centric multidisciplinary approach is the best approach to maintaining a state of security that is adaptable into the future.