The Three Tenets

System vulnerability is defined by the ATSPI Technology Office's threat model to be the intersection of a system susceptibility or flaw, access to the flaw (threat accessibility), and the capability to exploit the flaw (threat capability). Implementation of the Three Tenets reduces vulnerabilities by reducing any or all of these areas.

System Susceptibility

The capacity of a system to be affected by a threat is reduced by the application of Tenet 1.

Tenet 1: Focus on what's critical

  • Define mission needs
  • Enumerate system access points and associated security elements
  • Reduce access points to only those necessary to accomplish the mission (reduce the attack surface)

Access to the Flaw

The ability of a threat to gain access to a system, either physically or logically (e.g., over the network), is mitigated by the application of Tenet 2.

Tenet 2: Move it "Out of Band"

  • Make critical access points and associated security elements less accessible to adversary

Capability to Exploit the Flaw

The ability of the threat to employ the knowledge and tools necessary to exploit the system to achieve the desired goal is reduced by the application of Tenet 3.

Tenet 3: Detect, React, Adapt

  • Use countermeasures
  • Impose appropriate penalties when attack is detected
  • Reaction occurs inside the threat's OODA loop
  • Fight through the attack!

The Threat, Environment, and Use Case

The Need for TENS's Application of Intellectual Property Centric Security

Secure Collaboration

The TENS Program Office produces secure collaboration products that:
  • Allow the exploration of cyberspace without fear
  • Prevent malware from infecting user systems
  • Provide strong encryption for data at rest and in transit
  • Provide safe collaboration using technology
  • Allow secure connections from potentially insecure end-nodes
  • Mitigate the insider threat through technology not policy