Insight最新文献

Digital controls and internet connectivity have fostered a hostile predatory environment for modern systems. Organized crime and nation state interests are naturally compelled to exploit these readily accessible opportunities for financial and political advantages. Systems engineering is being called upon to reorient its priorities accordingly. INCOSE's Future of Systems Engineering (FuSE) to realize the Systems Engineering Vision 2035 has a security-focused activity exploring what this reorientation might be. This article shares some of that thinking, exposes some issues in need of more thinking, and suggests why and how all systems engineers could and should be part of this thinking.

The Security in the Future of Systems Engineering (FuSE) team has made significant progress since its launch to realize the INCOSE vision described in Systems Engineering Vision 2035 (INCOSE 2021). The output products to date promote improved systems engineering practices to achieve security as a foundational perspective. The systems thinkers on this team have performed holistic analysis of current practices to expose existing anti-patterns and mental models that informed the transformation to future practices that can yield desired results and achieve the 2035 vision. Needs-oriented, loss-driven, capability-based analysis to define security strategies that become functional requirements promotes stakeholder alignment of the security vision and leads to effective security tactics and techniques that collectively achieve the security strategies. The result is a system that achieves functional perseverance in a hostile predatory environment. The work products completed so far and those in progress reflect our efforts to transition practices to a future where our systems are designed to achieve and sustain security as an intentional capability of the system throughout its lifecycle.

Security in modern engineered systems is not merely an added layer of protection but a prerequisite for system functionality. As systems engineers navigate the evolving security landscape, they must prioritize functional perseverance, the ability of a system to maintain operational integrity despite adversarial threats. This article examines a possible method for using system-theoretic process analysis (STPA) and system dynamics (SD) to enhance security-aware system engineering.

The approach shown is inspired by a 1982 paper called “The Byzantine Generals Problem” and is a peer-to-peer voting design that avoids single points of failure. In particular, we propose a system analysis and design approach that would allow the construction of a system capable of using peer-to-peer self-policing to detect an intruder that has already penetrated the security perimeter of the system and corrupted one or more of the subsystems. This article shows how STPA could inform the design of the peer-to-peer voting system and how SD could be used to examine the tradeoff of investments in redundancy versus the expected level of achieved resilience.

Peter Neumann once noted that complex systems are not like snapping Lego pieces together, rather each piece added can transmogrify its modular interface and upset the existing structure. The effect for security can be a system weaker than its weakest link – moreover, addressing a security concern can disrupt achieving other emergent properties (e.g., safety). The article addresses these challenges by casting security as a system problem, where the security engineering must not be done stove piped from system engineering. The discussion within also addresses the role of systems thinking and the need for evidence-based assurance overseen by systems engineering.

As artificial intelligence (AI) tools have become more popular, industries wrestle with their effective use in the workplace. With promises of increasing efficiency and reducing complexity, it is tempting for systems engineers to use AI tools to quickly generate security requirements and skip engagement with systems security practitioners. The proliferation of AI tools that have been trained with security controls invites misguided approaches that deliver systems that are not secure in the operational environment. AI literacy is important to understand both the benefits and the limitations of AI to use it ethically and effectively.

In contrast to the traditional compliance-based approach to protecting space systems using the NIST Risk Management Framework (RMF), a trustworthy secure systems engineering approach as described in the NIST Special Publication 800-160 is proposed as a viable and effective alternative. This paper discusses the issues and concerns with the traditional approach to cybersecurity and how engineering-based approaches measurably improve security, allowing a greater return on investment for mission critical operational environments like those that support space missions. The paper will show that there are several facets to the cybersecurity problem that go beyond the technical to include culture, process, and policy, and explain why a change in strategy and approach is necessary to address the modern sophisticated cyber adversary operating in a world of highly complex and evolving systems. Insights from a project where a NIST SP 800-160-based engineering approach was applied to secure a space mission will be discussed. The early lessons not only illuminate the benefits of security systems engineering, but also the effect of culture, policy and process on building resilience into mission critical systems.

The INCOSE Systems Security Working Group completed a 2-year project to create a Guide to Security Needs and Requirements targeting both the systems engineering practitioner and the systems security practitioner to help them collaboratively define security needs and requirements that result in a secure system in operation. Starting with a set of anti-patterns for security requirements, we identified existing tactics that have not produced secure systems in the operational environment. The team then identified an approach to perform needs-oriented, loss-driven, capability-based analysis across the systems engineering activities. The result is a set of need statements capturing the stakeholder expectations concerning security and a set of functional requirements defining what the system must do to address those needs. Defining security as a functional requirement helps us design a system that can prepare for, defend against, and recover from adversity to achieve and sustain mission success.

While systems security is a quality attribute (previously referred to as specialty engineering), learning systems security is essential for all systems engineers. Learning about system security can be a challenge especially when the focus is on security controls or admiring attack vectors. Case studies are a powerful way to see the real-world application of complex concepts. Reviewing cyber-attack case studies provides a captivating approach to examine security challenges and failures holistically using systems thinking, consider the technical concerns, business decisions, and human behaviors that made the attack possible, and explore systems security concepts from a systems engineering perspective.

Certain commercial operations, their systems, and their employees need to operate in hostile or semi-hostile environments. The physical environment may be challenging, but often an unstable political/social environment may be a greater challenge than any temperature or weather extremes. Such an unstable political environment may present rapidly changing threats to employee security. Even if local citizens in the immediate area are supportive, transnational violent gangs may be operating nearby. How do we design overall technology and human systems that can resiliently persevere in such an unstable environment?

Some organizations will reflexively implement a walled-off, fenced, and protected environment for their employees. While this sort of physical protection will be helpful to some extent, if human relationships with the local community are poor or nonexistent, the overall security of the installation will be fragile. Some organizations will deliberately move in the opposite direction, proactively sending their employees out into the community to interact, talk to local citizens, and build human relationships – even when doing so represents a significant degree of physical and personal risk for those employees.

How do we support employees that we are deliberately thrusting into such a risky and unstable environment? For their own safety, we want those employees to communicate as much as possible with the local citizens. We want them to be aware of “chatter” in local social media. On the other hand, we want help them keep their actual personal identity details as protected as possible. Failed social interactions can have lethal consequences. Inadvertently leaked personal data about family members could result in those family members being subject to threats and intimidation in their home location.

In this article, we examine the design of a digital personal communications device designed to achieve these goals and demonstrate the use of System-Theoretic Process Analysis (STPA) in the analysis of a proposed design. Along the way, we will also demonstrate a model-based approach to the design work which represents the recently released standard SAE J3307 “System Theoretic Process Analysis (STPA) Standard for All Industries” (J3307_202503, 2025) which specifies an auditable workflow for the STPA methodology originally described in the STPA Handbook.