Insight最新文献

A systems governance approach emphasizes a holistic perspective that identifies and navigates the interdependencies and conflicts between security and operational needs. Governance is defined as a collection of metasystems that provide the necessary constraints and processes to support, steer, adapt, transform, and sustain a system (Keating et al. 2022). Utilizing the Cynefin framework, which distinguishes between simple, complicated, complex, and chaotic environments (Snowden and Boone 2007), the article highlights the challenges faced by nuclear power plants in predatory contexts and the importance of integrating security objectives into governance frameworks.

By incorporating security as a fundamental aspect of governance, the article underscores its significance for persistence, adaptation, and transformation in the face of uncertainty. Additionally, it introduces key heuristics of systems security, such as the importance of context, knowledge-based decision-making, and organization-specific sociological factors (Williams and Caskey 2024). Ultimately, this work provides valuable insights into enhancing resilient operations in complex environments by reinforcing the connection between effective governance and security in systems engineering.

Digital controls and internet connectivity have fostered a hostile predatory environment for modern systems. Organized crime and nation state interests are naturally compelled to exploit these readily accessible opportunities for financial and political advantages. Systems engineering is being called upon to reorient its priorities accordingly. INCOSE's Future of Systems Engineering (FuSE) to realize the Systems Engineering Vision 2035 has a security-focused activity exploring what this reorientation might be. This article shares some of that thinking, exposes some issues in need of more thinking, and suggests why and how all systems engineers could and should be part of this thinking.

The Security in the Future of Systems Engineering (FuSE) team has made significant progress since its launch to realize the INCOSE vision described in Systems Engineering Vision 2035 (INCOSE 2021). The output products to date promote improved systems engineering practices to achieve security as a foundational perspective. The systems thinkers on this team have performed holistic analysis of current practices to expose existing anti-patterns and mental models that informed the transformation to future practices that can yield desired results and achieve the 2035 vision. Needs-oriented, loss-driven, capability-based analysis to define security strategies that become functional requirements promotes stakeholder alignment of the security vision and leads to effective security tactics and techniques that collectively achieve the security strategies. The result is a system that achieves functional perseverance in a hostile predatory environment. The work products completed so far and those in progress reflect our efforts to transition practices to a future where our systems are designed to achieve and sustain security as an intentional capability of the system throughout its lifecycle.

Security in modern engineered systems is not merely an added layer of protection but a prerequisite for system functionality. As systems engineers navigate the evolving security landscape, they must prioritize functional perseverance, the ability of a system to maintain operational integrity despite adversarial threats. This article examines a possible method for using system-theoretic process analysis (STPA) and system dynamics (SD) to enhance security-aware system engineering.

The approach shown is inspired by a 1982 paper called “The Byzantine Generals Problem” and is a peer-to-peer voting design that avoids single points of failure. In particular, we propose a system analysis and design approach that would allow the construction of a system capable of using peer-to-peer self-policing to detect an intruder that has already penetrated the security perimeter of the system and corrupted one or more of the subsystems. This article shows how STPA could inform the design of the peer-to-peer voting system and how SD could be used to examine the tradeoff of investments in redundancy versus the expected level of achieved resilience.

Peter Neumann once noted that complex systems are not like snapping Lego pieces together, rather each piece added can transmogrify its modular interface and upset the existing structure. The effect for security can be a system weaker than its weakest link – moreover, addressing a security concern can disrupt achieving other emergent properties (e.g., safety). The article addresses these challenges by casting security as a system problem, where the security engineering must not be done stove piped from system engineering. The discussion within also addresses the role of systems thinking and the need for evidence-based assurance overseen by systems engineering.

As artificial intelligence (AI) tools have become more popular, industries wrestle with their effective use in the workplace. With promises of increasing efficiency and reducing complexity, it is tempting for systems engineers to use AI tools to quickly generate security requirements and skip engagement with systems security practitioners. The proliferation of AI tools that have been trained with security controls invites misguided approaches that deliver systems that are not secure in the operational environment. AI literacy is important to understand both the benefits and the limitations of AI to use it ethically and effectively.

In contrast to the traditional compliance-based approach to protecting space systems using the NIST Risk Management Framework (RMF), a trustworthy secure systems engineering approach as described in the NIST Special Publication 800-160 is proposed as a viable and effective alternative. This paper discusses the issues and concerns with the traditional approach to cybersecurity and how engineering-based approaches measurably improve security, allowing a greater return on investment for mission critical operational environments like those that support space missions. The paper will show that there are several facets to the cybersecurity problem that go beyond the technical to include culture, process, and policy, and explain why a change in strategy and approach is necessary to address the modern sophisticated cyber adversary operating in a world of highly complex and evolving systems. Insights from a project where a NIST SP 800-160-based engineering approach was applied to secure a space mission will be discussed. The early lessons not only illuminate the benefits of security systems engineering, but also the effect of culture, policy and process on building resilience into mission critical systems.

The INCOSE Systems Security Working Group completed a 2-year project to create a Guide to Security Needs and Requirements targeting both the systems engineering practitioner and the systems security practitioner to help them collaboratively define security needs and requirements that result in a secure system in operation. Starting with a set of anti-patterns for security requirements, we identified existing tactics that have not produced secure systems in the operational environment. The team then identified an approach to perform needs-oriented, loss-driven, capability-based analysis across the systems engineering activities. The result is a set of need statements capturing the stakeholder expectations concerning security and a set of functional requirements defining what the system must do to address those needs. Defining security as a functional requirement helps us design a system that can prepare for, defend against, and recover from adversity to achieve and sustain mission success.

While systems security is a quality attribute (previously referred to as specialty engineering), learning systems security is essential for all systems engineers. Learning about system security can be a challenge especially when the focus is on security controls or admiring attack vectors. Case studies are a powerful way to see the real-world application of complex concepts. Reviewing cyber-attack case studies provides a captivating approach to examine security challenges and failures holistically using systems thinking, consider the technical concerns, business decisions, and human behaviors that made the attack possible, and explore systems security concepts from a systems engineering perspective.