Home
Articles
Resources
FAQ
Members
About
Report Incident
My
Contact

News

Icon representing Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims
Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims

May 24th 2017
Default icon for news items
NCSC: Latest statement on international ransomware cyber attack

May 15th 2017
Icon representing 'Alarming' rise in ransomware
'Alarming' rise in ransomware

May 11th 2017
 

Poll

Have you ever had your email account hacked?


Yes, but only once.
Yes, several times.
No, never.
Not that I know of.
 
 
 

Designing secure digital services

CESG's Lead Security Architect and the launch a set of security principles for systems architecture design. March 2016 
April 5th 2016
CESG's Lead Security Architect and the launch a set of security principles for systems architecture design. March 2016
CESG's Lead Security Architect explains why we're launching a set of security principles for systems architecture design.

Richard Crowther, Lead Security Architect

Against a background of increasing threat, it is essential that the public sector and critical national infrastructure providers can continue to build systems that are robust to attack. Whilst re-use of components and patterns is desirable, often we’re building systems which are unique. Many of these systems really matter. They must be developed from the ground up with security as a central concern.

As of March 2016, CESG is launching a set of security principles intended to inform systems architecture design where there is no precedent or architectural pattern to follow. We hope these principles will be useful to developers, technical architects and security architects in the public sector and elsewhere as they work to secure systems of national importance.

Evolution

As part of GCHQ, we sit alongside world-class experts in areas like vulnerability research, cryptography, product assurance and cyber-defence operations. From them we gain powerful insights into the state-of-the-art, including how our systems are attacked by adversaries from around the globe.

In the past, CESG has responded to these threats by developing and publishing a portfolio of 'architectural patterns' - canned high level system designs which help solve common security problems. These patterns have proven popular, but when it comes to designing systems that don’t fit the pattern – and must be built securely - we need a different approach.

For several years now, the security architecture team at CESG has been helping organisations design and implement systems and services with security integrated at a fundamental level. In this environment we have evolved a set of principles which underpin our thinking on security architecture.

Some of these principles may be familiar to users of our architectural patterns, but there are many being published here for the first time. All of them provide foundation-level guidance on how to secure essential digital services which we will build upon with future publications.

We have produced this guidance in consultation with specialists from government and industry. Particular thanks to technical architects from the Government Digital Service, the Department of Work and Pensions and Home Office.

You can read the paper ‘Security Design Principles for Digital Services’ on the CESG web site, now. Please let us know what you think by sending your feedback to enquiries@cesg.gsi.gov.uk.