mining the metaphors of change
In many ways, the NIST development of the Cyber Physical System model anticpated many things we now find in cloud-native devsecops programs. Below is the CPS development flow which begins with three tiers of stakeholder requirements, passes through a framework for integration and test, and then delivers an outcome based on what the NIST defines as Aspects and Concerns.
Source: NIST Special Publication 1500-201 Framework for Cyber-Physical Systems: Volume 1, Overview
In work on the cloud-native marketplace, when provided with sets of three phased development, we have been applying it across organizations by size in terms of micro-, meso-, and macro level considerations. An example of a micro-level transition from an as-built versioning system to one that is integrated in the devsecops flow is provided below.
Process views from the Open Group IT4IT program; rights reserved to the Open Group.
For purposes of this Note, we should begin to apply the micro-, meso-, and macro- analysis model to the task of developing cloud-native services derived from NIST CPS foundations. For the reader’s information, some of this has been done in prior work and published in academic journals. Some of the same concepts have been applied to emerging technology devsecops in edge development platforms. All that needs to be done to complete the cycle of applying the CPS value through to cloud-native catalogs is to provide a mapping between the CPS material and the consumption requirements for inputs (or in-feed) to a cloud-native service delivery system.
The consumption requirements consist of providing: microservices, API’s, operators, pipelines, and integrations between each and all. In an initial implementation, the integration can be a service bus through a service mesh to enable the scope, scale, and scenario (or use case) catalog development process to take place. For CPS-centric solutions, the development process components needed to be supported are listed below.
Source: NIST Special Publication 1500-201 Framework for Cyber-Physical Systems: Volume 1, Overview
The nine Concerns defined in the Volume I of the CPS program are listed below. Cloud-native componentry for each of the Concerns and their sub-categories would define the outcome requirements for a project of this type.
Source: NIST Special Publication 1500-201 Framework for Cyber-Physical Systems: Volume 1, Overview
Using a generative AI platform to set the stage for such a confluence of concepts, the following prompt was put to ChatGPT, version 3.5.
“For a cloud-native project, how would you use microservices, API's, operators, pipelines, and a service mesh to generate NIST CPS relevant solutions for data management?”
[Begin System Response:]
Creating NIST CPS (Cyber-Physical Systems) relevant solutions for data management in a cloud-native project involves leveraging various technologies and concepts. Here's a step-by-step approach:
Microservices Architecture: Break down your application into smaller, loosely coupled microservices. Each microservice should handle a specific business capability. This promotes scalability, maintainability, and agility.
APIs (Application Programming Interfaces): Design APIs to enable communication and data exchange between microservices. Use RESTful or GraphQL APIs to provide well-defined interfaces for different parts of your application.
Operators: Operators are software extensions that automate the management of applications on Kubernetes. They can be used to deploy, configure, and manage complex applications like databases or message queues. You might use operators to manage databases, caches, or other data storage systems.
Pipelines (Continuous Integration and Continuous Deployment): Implement CI/CD pipelines to automate the build, testing, and deployment of your microservices. This ensures that new features or fixes are deployed rapidly while maintaining quality and stability.
Service Mesh: A service mesh like Istio or Linkerd can help manage communication between microservices, handle traffic routing, and enforce security policies. This is especially crucial in a CPS environment where communication and data integrity are critical.
Now, let's focus on generating NIST CPS-relevant solutions:
Security (NIST Special Publication 800-183): Implement strong authentication, authorization, and encryption mechanisms for APIs and communication between microservices. Employ security practices like least privilege access, data encryption, and continuous monitoring.
Interoperability (NIST Special Publication 800-183): Ensure that microservices can communicate seamlessly using standardized APIs and data formats. Use well-defined protocols and standards to promote interoperability among different components.
Real-time and Closed-loop Control (NIST Special Publication 800-183): Leverage microservices and the service mesh to enable real-time data processing and feedback loops. This is critical in CPS where timely data processing and control actions are required.
Data Management (NIST Special Publication 800-183 and NIST Special Publication 800-207): Use a combination of microservices and databases to manage CPS data. Implement data storage and retrieval mechanisms that align with CPS requirements. Implement data lifecycle management practices, ensuring data integrity and availability.
Resilience and Reliability (NIST Special Publication 800-183): Implement fault tolerance, graceful degradation, and self-healing mechanisms within microservices. Use Kubernetes features like replication controllers and readiness/liveness probes to ensure the system's reliability.
Risk Management (NIST Special Publication 800-183 and NIST Special Publication 800-184): Continuously assess and mitigate risks associated with data management in your CPS. Regularly update security controls, monitor for vulnerabilities, and have a robust incident response plan.
Modeling and Simulation (NIST Special Publication 800-183): Utilize microservices and APIs to integrate modeling and simulation tools. This can be valuable for predicting system behavior and testing scenarios without affecting the actual CPS.
Data Privacy and Integrity (NIST Special Publication 800-183 and NIST Special Publication 800-183A): Implement encryption mechanisms, access controls, and auditing to ensure the privacy and integrity of sensitive data within your CPS.
System and Network Behavior Monitoring (NIST Special Publication 800-183): Integrate monitoring tools and services to track the behavior of your microservices, APIs, and overall CPS. Use anomaly detection to identify unusual patterns that might indicate a security breach or performance issue.
By following these guidelines and integrating microservices, APIs, operators, pipelines, and a service mesh, you can create a cloud-native CPS solution that aligns with NIST recommendations for data management and cybersecurity. Always keep in mind that CPS environments require a holistic approach to security, reliability, and performance due to their intricate nature.
[End system response]
Free Research Preview. ChatGPT may produce inaccurate information about people, places, or facts. ChatGPT August 3 Version; accessed 16 august 2023
This seems to be a fine overview of how the cloud-native in-feed requirements could be used to design, develop, and deploy a data-centric catalog. The NIST CPS Data Aspect has six sub-characteristics which would need to be developed using microservices, API’s, operators, pipelines, and integration elements.
Source: NIST Special Publication 1500-201 Framework for Cyber-Physical Systems: Volume 1, Overview
Along with that, the proposed methodology for using CPS archetypes as building blocks for cloud-native systems would require support for the three Facets n the CPS Framework. The Facets are shown in the graphic below:
Source: NIST Special Publication 1500-201 Framework for Cyber-Physical Systems: Volume 1, Overview; repeated from above.
From the perspective of cloud-native development, we think of the Conceptualization to Realization transition as a way to build minimum viable products which contain some value metric for demonstration purposes. Should there be a time when NIST CPS components, supported as cloud-native consumption capable products, systems, and services, we can see how minimum viable products could be constructed from these components.
Some of this work is now seen in drag-and-drop solution development kits for IoT designs and robotic process automation solutions. The low-code, no-code trend in the software development market indicates that sooner, rather than later, the democratization of software development will make more teams within organizations, and more team members, solution delivery providers. The sustainability of emerging technologies now, (and certainly as ever) depend on those now not involved with designing systems o become at least acquainted with the process of building solutions rather than simply experiencing them once delivered.
Certainly, this is a race where everyone who participates, wins. Putting the integration of CPS archetypes into cloud-native composites can provide another path to bringing conceptualization, realization, and assurance functions to a wider set of catalog buildings and a much wider potential audience for the catalogs themselves.