Why Threat Modeling, and why now?
Choosing not to threat model is no longer an option. There are multiple mandates and frameworks in place to increase overall cybersecurity. The OMB has mandated that Federal Agencies must follow the NIST SSDF framework when building software.
The NIST SSDF states that you have to "Produce Well-Secured Software" under task PW.1.1. and that stipulates that you have to do threat modeling. PW.2.1. states that you have to review the software design for compliance. Find full details here.
Responding to the Executive Order, the National Institute of Standards and Technology (NIST) published an interagency/internal report NISTIR 8397, Guidelines on Minimum Standards for Developer Verification of Software. The report provides eleven recommendations for software verification techniques, and ‘Threat modeling to look for design-level security issues’ is highlighted as number one.
How can threat modeling support Federal organizations?
NIST references it as the first step in their Recommended Minimum Standard for Developer Verification of code
Increases security efforts and remediation, with built-in Security Standard such as FedRamp, NIST and Mitre ATT&CK
NIST Rev 5: Security and Privacy Controls for Information Systems and Organizations
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign intelligence entities, and privacy risks.
Security within the Supply Chain
Threat Modeling the Supply Chain
Increased cybercrime, complex attacks across entire software and cloud supply chains, more informed and ever-evolving cyber crime organizations keeps businesses under threat. In particular, critical infrastructure is getting targeted to maximize impact and potential damage. ‘Executive Order 14028 establishes that the Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to malicious cyber campaigns and their actors through bold changes and significant investments in cybersecurity.’
Medical Devices Playbook
Playbook for Threat Modeling Medical Devices (with the FDA)
To increase adoption of threat modeling throughout the medical device ecosystem, the United States Food and Drugs Administration (FDA) engaged with the Medical Device Innovation Consortium (MDIC), the MITRE Corporation and Adam Shostack & Associates to conduct threat modeling bootcamps. The resulting playbook discusses best practices for applying modern threat modeling techniques within the medical industry.
Secure Design at Scale
Whether implementing threat modeling from scratch, or scaling-up an existing manual approach, learn how we enable collaboration across security and development teams, and avoidance of costly security design flaws.
If you would like additional advice from others experiencing the same challenges, why not head over to Threat Modeling Connect, a global community where threat modeling practitioners collaborate, share, and grow. Here you will find some conversations have already begun regarding secure software best practice.