{"id":58093,"date":"2025-02-02T17:26:08","date_gmt":"2025-02-02T17:26:08","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/what-does-it-mean-to-build-in-security-from-the-ground-up\/"},"modified":"2025-02-02T17:26:08","modified_gmt":"2025-02-02T17:26:08","slug":"what-does-it-mean-to-build-in-security-from-the-ground-up","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/what-does-it-mean-to-build-in-security-from-the-ground-up\/","title":{"rendered":"What does it mean to build in security from the ground up?"},"content":{"rendered":"

Systems Approach<\/span> As my Systems Approach co-author Bruce Davie and I think through what it means to apply the systems lens to security, I find that I keep asking myself what it is, exactly, that\u2019s unique about security as a system requirement?<\/p>\n

That question takes me back to a time before security became such a mainstream news topic; before security breaches were so common that we\u2019ve become desensitized to the news of another one. Believe it or not, there was a time when Internet security was not on the public\u2019s mind, and the task at hand was to raise awareness of the security risks the internet posed.<\/p>\n

This was well after the Morris Worm<\/a> made it painfully obvious how impactful a security incident could be. That was a wakeup call for the research community (myself included<\/a>), who were at the time the only serious internet users. That experience (and others) eventually led to a concerted effort to educate the public about security. Two personal opportunities in the mid-2000s to get on a soapbox and talk about security come to mind.<\/p>\n

\n

The echo on the line was so bad it was hard to keep your wits about you<\/p>\n<\/blockquote>\n

The first was an invitation to be a guest on Ira Flatow\u2019s Science Friday<\/a>. I haven\u2019t been able to reconstruct the details \u2014 there were other \u201cfuture of the internet\u201d experts on the show \u2014 but I do remember my role was to talk about the risks of security incidents, and how we needed to rethink the internet architecture from the ground up to make it more secure. (This was at a time when PlanetLab<\/a>, a networking research hub of which I was director, was getting a lot of press coverage as a laboratory for reinventing<\/a> the internet.)<\/p>\n

My only vivid memory of the experience is that I called into the Science Friday show<\/a> over an ISDN line terminated in a sound recording room at Princeton, and the echo on the line was so bad it was hard to keep your wits about you.<\/p>\n