ABSTRACT
All digital things are conglomerations of components. Those components implement every conceivable function. And those functions underwrite a society that is radically different from the world that any person over the age of 40 grew up in. The cybersecurity problem lies in the fact that the architecture of digital components is becoming increasingly complex and, as a result, much more vulnerable. Moreover, as new functionality is added to the growing list of component capabilities, the out-of-control growth of component architectures poses new problems for our society. This is a valid concern, because our way of life is almost totally dependent on the security of the components in our digital technologies.
In that respect, the CSEC's Component Security knowledge area introduces the necessary process considerations, design concepts, and common development ideas for a curriculum that is devoted to ensuring trust in digital components. Moreover, the fact that an entire knowledge area is devoted to Component Security also represents a departure from current curricular models. In that the focus on components expands general cybersecurity education into the hardware realm. Thus, this new area also offers a necessary and proper adaptation to the genuine problems that are associated with complex component architectures. In this chapter, readers will understand the practical role and relationship of design concepts in Component Security as well as the threat issues that impact component design. The reader will see the design principles and practices associated with secure components as well as the principles and practices that are part of supply chain risk management. This area overviews the knowledge elements associated with recognized design concepts as well as the knowledge elements of secure component design. Finally, the reader will be exposed to the knowledge elements associated with ensuring trusted sourced components, component testing and assurance, as well as the practice of reverse engineering.
