RMAI BULLETIN APRIL - JUNE 2022




                     WHY THREAT MODELING IS NOW A



                              CRITICAL BUSINESS SKILL













             C         oncerns about software security have been  complete understanding of our systems. Our monolithic


                                                              applications were delivered over longer development
                       with us since the early days of modern
                                                              cycles. Today, however, the threat actors are not always
                       computing. Within software security, we
                       have used threat modeling as a security
                                                              become more complex, and it is difficult even for a
             activity to analyze meaningful threats and recommend  immediately apparent. Furthermore, our software has
             appropriate mitigations. Many of our modern software  modest-sized team to understand how all components
             threat modeling approaches, in fact, have their roots  integrate together. On top of that, our delivery cycles
             back where our systems and threat actors were well  have shrunk.
             understood. Corresponding mitigations, derived from
             threat modeling, would be stated as requirements for  Thankfully, threat modeling is evolving to keep up. No
             the system developers to complete. Examples include  longer do we assume that we can stop our delivery cycle
             enumeration of threats and corresponding impacts,  to threat model our systems. Organizational leaders
             analysis of threat actors and their intentions and  across many different verticals expect continuous
             prioritized mitigations. The longevity of threat modeling  delivery, after all. That means threat modeling must
             and its procedures testifies to its ongoing importance.  respond by evolving to produce threat analysis in a
                                                              shorter time frame and with greater frequency.
             Much has changed since the early days of threat
             modeling. For example, monolithic systems and    To achieve this, threat modeling is fast becoming a
             architectures have given way to distributed systems and  cross-functional activity that is increasingly automated
             microservices. Siloed development, operations and  and driven by an underlying knowledge base. One way
             security teams have given way to cross-functional teams  this is operationalized is through the introduction of a
             with a shared knowledge base. Longer software    security champion who helps to integrate threat
             development life cycles have given way to shorter ones.  modeling with DevOps workflows. Another way is to
             Changes such as these continue to be driven by   break threat modeling into discrete scope elements to
             organizational needs. Governments, for instance, want  provide mitigations as incremental work. This evolution
             to provide secure e-government services to their  does not imply that security is compromised. On the
             citizens, and commercial organizations want to release  contrary, it brings security into the delivery process
             secure features quickly in order to gain market share.  rather than remaining as an outsider.

             The Evolution Of Threat Modeling                 Becoming More Cross-Functional

             Looking back at the history of threat modeling, the focus  It is no longer possible for a single threat modeler, or
             was on trying to identify threats to a system where we  even a modestly sized group of threat modelers, to
             understood who the threat actors were, and we had a  anticipate all threats to a system. New attacks emerge


                                                           34