We’re really excited to announce our upcoming Capella webinar on March 30th, featuring Juan Navas & Sophie Plazanet from Thales. Their presentation will focus on DARC, a Capella add-on which enables organizations to identify and prevent cyberattacks. DARC allows collaboration between system and cybersecurity engineers through asset identification, trust boundaries and security needs characterization.
Register now to attend the webinar: https://bit.ly/webinar_capella_230330_register
Along with the video that will be uploaded on YouTube, every question left unanswered will be transmitted to the speakers. You will find their answer directly below this blog post, so feel free to carry out the discussion!
We look forward to your presence!
here are the answers to the questions left by @JNavas and myself:
Q: Do you use this approach to derive physical features to counter threats and add them into the physical architecture diagrams ?
→ A: How to do PVMT Countermeasures library is illustrated in the webinar. It can be displayed in Physical Architecture diagrams with Diagram Styler.
Q: Filtering & Darc
→ A: Cybersecurity modelling elements are identified by Filtering extension
Q: Do you know whether DARC would support the creation of catalogues of reusable controls that provide solutions to common security scenarios (aka pattern), e.g. through Capella’s REC/RPL model reusability features)?
→ A: Cybersecurity Elements can be included in REC/RPL
Q: You mentioned cybersecurity by design as the guiding approach that motivates DARC. this concept is quite close to the Privacy by Design / Data protection by design that is embedded in modern legal regulations (incl. GDPR). Do you consider that DARC might also be applicable to privacy and personal data protection?
→ A: Yes. But keep in mind that DARC introduces generic concepts that shall be customized/tailored to specific usages such as the Privacy by Design you mention
Q : There is no separation between the different kind of assets ? for example:tangible assets (physical items) and non tangible asset (data)?
→ A: IMHO what you call “tangible assets” is what is called in DARC “supporting assets”. Please note that non tangible assets are not only Data, but also services provided by the system.
Q : Will annotation of the DARC VP extended to distinguish Data-at-Rest, Data-In-Use, Data-in-motion ?
→ A: DARC is open source, it can be extended and adapted to support other use cases in demand
Q: Some standards (GDPR), (HIPAA) have specific user info to protect. May we use DARC or further work to identify and check information to assess the correct protection of these data at a system level ?
→ A: This requires further study