GINA MIHAJLOVSKA
WHY ZERO TRUST NEEDS SYSTEMS ENGINEERING by Gina Mihajlovska, Cyber Security Manager at EY
The release of NIST publication 800-207 on Zero Trust
between technical and human-centred processes that
Architecture (ZTA) gave the cybersecurity community
have been developed to support the management of
the preliminary systems engineered processes to
engineering disciplines. It ensures all likely aspects of
deliver ZTA. These processes leverage know-how,
a project or system are considered and integrated into
developed over decades, on the design, integration and
a whole.
management of complex systems over their lifecycle. At its core, systems engineering uses systems thinking
NIST Special Publication 800-207 defines ZTA as new
principles to organise this body of knowledge. The
way of developing a security enterprise architecture.
outcome of such efforts is an engineered system
NIST white paper CSWP 20, Planning for a Zero
which combines components that work cooperatively
Trust Architecture: A Planning Guide for Federal
to collectively perform a useful function.
Administrators, focusses on the implementation of the cybersecurity principles to be applied to services
Systems engineering enables organisations to
and data flows. In 2020 NIST introduced an approach
successfully perform the many functions needed
for the implementation of ZTA to assist organisations
for successful system design, implementation
with the complexity of moving their technology and
and, ultimately, decommissioning: engineering,
operational environment from a security model based
reliability assessment, logistics, team coordination,
on protecting the perimeter to a zero-trust model.
testing and evaluation, designing for maintainability,
Implementation of this model requires systems
and many others.
engineering thinking. It enables organisations to thoughtfully and intelligently undertake the definition,
88
Systems engineering also permits the complexities
information capture and risk management of
and difficulties associated with the delivery of large
the complexities and difficulties encountered as
and/or complex projects to be managed successfully.
they transform their technology, resources and
Systems engineering uses work process optimisation
processes from perimeter protection security to
methods to deal with the, often significant, overlaps
zero‑trust security.
W O M E N I N S E C U R I T Y M A G A Z I N E
M A R C H • A P R I L 2023