Law 9 – Quis custodiet ipsos custodes?

This post is the ninth post in a series of ten posts. The previous post explored the eighth law: If You Watch the Internet, the Internet Is Watching You. This Roman sentence from poet Juvenal can be translated as “Who will guard the guards themselves?” Every element of a system should be monitored. This also includes the monitoring functions. As often some parts of the security model rely on the detection of anomalies, it is key that this detection is efficient and faithful.

Any security process should always have one last phase that monitors the efficiency of the implemented practices. This phase creates the feedback loop that regulates any deficiency or inefficiency of the security process. The quality and probity of this last phase have a strong influence on the overall robustness of the security. For instance, the COBIT framework has one control point dedicated to this task: ME2 – monitor and evaluate internal control.

The beauty of Bitcoin’s model is that every user is the ward that surveys the other users. The Bitcoin system assumes that a majority of users will operate faithfully. The Proof Of Work is the consensus mechanism that enforces, in theory, this assumption. Mining is costly and managing the majority of the hashing power may be impossible for one actor. This assumption may be questionable with new cryptocurrencies that do not have a significant number of users and with the advent of mining pool.

Separate the roles; Divide and Conquer. The scope of controlling and managing roles should be kept as small as possible. Guards should have a limited scope of surveillance and restricted authority. This reduces the impact of a malicious insider or the influence of an attacker who hijacked an administrator or controller account. Where possible, the scope of roles should partly overlap or be redundant between several individuals. This trick increases the chances to detect an error or a mischief from an insider as success would require collusion.

For instance, reduce the scope of system administrators as they have the keys to the kingdom. Nobody should have all the keys of the kingdom. After the Snowden incident, NSA drastically reduced the number of its system administrators.

Read the logs; logfiles are an essential element for monitoring and auditing the effectiveness of the security. They will be useful to detect and understand security incidents. Nevertheless, their optimal efficiency is reached only when they are regularly analyzed to detect anomalies. Ideally, they have to be proactively analyzed. Applying only a-posteriori log analysis is a weak security stance. Logfiles are not to be used only for forensics purpose.

If you find this post interesting, you may also be interested in my second book “Ten Laws for Security.”  Chapter 10 explores in details this law. The book is available for instance at Springer or Amazon.


Leave a Reply

Your email address will not be published. Required fields are marked *