Shostack + Friends Blog

 

Risk Talk at JPL

My talk at JPL The Mars Yard at JPL

Before Thanksgiving, I was in Southern California, and I was honored to be able to give a talk at the Jet Propulsion Lab. The talk is titled “Threat Modeling: Engineering and Science.” The first part of the talk puts threat modeling in context for engineering secure systems, while the second part considers why we do what we do and asks some questions about how we think about risk.

The biggest of those questions starts from the observation that many of the ways we’ve learned to use math in risk involve iteration. That is, we measure probabilities across many instances of games of chance or insuring ships at sea, or using the stock market. In fact, as the book Against the Gods discusses, folks like Pascal and Fermat had an extended conversation about the interrupted game problem.

At JPL they do amazing things, many of them one offs. How should we think about the risk of a unique event? Note that this isn’t a coin flip, where we can measure across many events, and use those flips to test our theories. Consider the Sky Crane. As my guide described to me, it’s the least crazy way to safely put a large payload on Mars. The combination of entry into the Martian atmosphere and a parachute don’t slow a craft enough. The early Mars Rovers landed in airbags, but the newest rovers are lager and would bounce too much. So they built a rocket to slow the final descent. (If you haven’t seen it, Seven Minutes of Terror is a great overview.) And as they say, “if any one thing doesn’t work just right, it’s game over.”)

How should we quantify the risk associated with the Sky Crane? It’s two for two on landings, and we can argue about the number. I argue that the number is highly uncertain, and we spend a lot of energy trying to determine it and rely on it. That might not be the best use of our energy.

The deck is here, and some of the photos I took on my tour are on Flickr. If you're internal, you can see a recording of the talk (Nov 19, “Cybersecurity Threat Modeling & Risk Management”, and you may be able to find it through the Space Intranet site, under events.)

Originally published by Adam on 29 Nov 2024
Categories:   science   security