In contrast to the traditional compliance-based approach to protecting space systems using the NIST Risk Management Framework (RMF), a trustworthy secure systems engineering approach as described in the NIST Special Publication 800-160 is proposed as a viable and effective alternative. This paper discusses the issues and concerns with the traditional approach to cybersecurity and how engineering-based approaches measurably improve security, allowing a greater return on investment for mission critical operational environments like those that support space missions. The paper will show that there are several facets to the cybersecurity problem that go beyond the technical to include culture, process, and policy, and explain why a change in strategy and approach is necessary to address the modern sophisticated cyber adversary operating in a world of highly complex and evolving systems. Insights from a project where a NIST SP 800-160-based engineering approach was applied to secure a space mission will be discussed. The early lessons not only illuminate the benefits of security systems engineering, but also the effect of culture, policy and process on building resilience into mission critical systems.
{"title":"Protecting Mission Critical Systems The Need for a Shift in Culture, Strategy, and Process","authors":"Ron Ross, Kymie Tan","doi":"10.1002/inst.12539","DOIUrl":"10.1002/inst.12539","url":null,"abstract":"<div>\u0000 \u0000 <p>In contrast to the traditional compliance-based approach to protecting space systems using the NIST Risk Management Framework (RMF), a trustworthy secure systems engineering approach as described in the NIST Special Publication 800-160 is proposed as a viable and effective alternative. This paper discusses the issues and concerns with the traditional approach to cybersecurity and how engineering-based approaches measurably improve security, allowing a greater return on investment for mission critical operational environments like those that support space missions. The paper will show that there are several facets to the cybersecurity problem that go beyond the technical to include culture, process, and policy, and explain why a change in strategy and approach is necessary to address the modern sophisticated cyber adversary operating in a world of highly complex and evolving systems. Insights from a project where a NIST SP 800-160-based engineering approach was applied to secure a space mission will be discussed. The early lessons not only illuminate the benefits of security systems engineering, but also the effect of culture, policy and process on building resilience into mission critical systems.</p>\u0000 </div>","PeriodicalId":13956,"journal":{"name":"Insight","volume":"28 3","pages":"15-22"},"PeriodicalIF":1.0,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144573343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The INCOSE Systems Security Working Group completed a 2-year project to create a Guide to Security Needs and Requirements targeting both the systems engineering practitioner and the systems security practitioner to help them collaboratively define security needs and requirements that result in a secure system in operation. Starting with a set of anti-patterns for security requirements, we identified existing tactics that have not produced secure systems in the operational environment. The team then identified an approach to perform needs-oriented, loss-driven, capability-based analysis across the systems engineering activities. The result is a set of need statements capturing the stakeholder expectations concerning security and a set of functional requirements defining what the system must do to address those needs. Defining security as a functional requirement helps us design a system that can prepare for, defend against, and recover from adversity to achieve and sustain mission success.
{"title":"Guide to Security Needs and Requirements – Making Security a Functional Requirement","authors":"Beth Wilson","doi":"10.1002/inst.12540","DOIUrl":"10.1002/inst.12540","url":null,"abstract":"<div>\u0000 \u0000 <p>The INCOSE Systems Security Working Group completed a 2-year project to create a Guide to Security Needs and Requirements targeting both the systems engineering practitioner and the systems security practitioner to help them collaboratively define security needs and requirements that result in a secure system in operation. Starting with a set of anti-patterns for security requirements, we identified existing tactics that have not produced secure systems in the operational environment. The team then identified an approach to perform needs-oriented, loss-driven, capability-based analysis across the systems engineering activities. The result is a set of need statements capturing the stakeholder expectations concerning security and a set of functional requirements defining what the system must do to address those needs. Defining security as a functional requirement helps us design a system that can prepare for, defend against, and recover from adversity to achieve and sustain mission success.</p>\u0000 </div>","PeriodicalId":13956,"journal":{"name":"Insight","volume":"28 3","pages":"23-28"},"PeriodicalIF":1.0,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144573344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
While systems security is a quality attribute (previously referred to as specialty engineering), learning systems security is essential for all systems engineers. Learning about system security can be a challenge especially when the focus is on security controls or admiring attack vectors. Case studies are a powerful way to see the real-world application of complex concepts. Reviewing cyber-attack case studies provides a captivating approach to examine security challenges and failures holistically using systems thinking, consider the technical concerns, business decisions, and human behaviors that made the attack possible, and explore systems security concepts from a systems engineering perspective.
{"title":"Illuminating Systems Security Through Case Studies – Much More than Controls","authors":"Beth Wilson","doi":"10.1002/inst.12544","DOIUrl":"10.1002/inst.12544","url":null,"abstract":"<div>\u0000 \u0000 <p>While systems security is a quality attribute (previously referred to as specialty engineering), learning systems security is essential for all systems engineers. Learning about system security can be a challenge especially when the focus is on security controls or admiring attack vectors. Case studies are a powerful way to see the real-world application of complex concepts. Reviewing cyber-attack case studies provides a captivating approach to examine security challenges and failures holistically using systems thinking, consider the technical concerns, business decisions, and human behaviors that made the attack possible, and explore systems security concepts from a systems engineering perspective.</p>\u0000 </div>","PeriodicalId":13956,"journal":{"name":"Insight","volume":"28 3","pages":"48-52"},"PeriodicalIF":1.0,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144573754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Certain commercial operations, their systems, and their employees need to operate in hostile or semi-hostile environments. The physical environment may be challenging, but often an unstable political/social environment may be a greater challenge than any temperature or weather extremes. Such an unstable political environment may present rapidly changing threats to employee security. Even if local citizens in the immediate area are supportive, transnational violent gangs may be operating nearby. How do we design overall technology and human systems that can resiliently persevere in such an unstable environment?
�
Some organizations will reflexively implement a walled-off, fenced, and protected environment for their employees. While this sort of physical protection will be helpful to some extent, if human relationships with the local community are poor or nonexistent, the overall security of the installation will be fragile. Some organizations will deliberately move in the opposite direction, proactively sending their employees out into the community to interact, talk to local citizens, and build human relationships – even when doing so represents a significant degree of physical and personal risk for those employees.
�
How do we support employees that we are deliberately thrusting into such a risky and unstable environment? For their own safety, we want those employees to communicate as much as possible with the local citizens. We want them to be aware of “chatter” in local social media. On the other hand, we want help them keep their actual personal identity details as protected as possible. Failed social interactions can have lethal consequences. Inadvertently leaked personal data about family members could result in those family members being subject to threats and intimidation in their home location.
�
In this article, we examine the design of a digital personal communications device designed to achieve these goals and demonstrate the use of System-Theoretic Process Analysis (STPA) in the analysis of a proposed design. Along the way, we will also demonstrate a model-based approach to the design work which represents the recently released standard SAE J3307 “System Theoretic Process Analysis (STPA) Standard for All Industries” (J3307_202503, 2025) which specifies an auditable workflow for the STPA methodology originally described in the STPA Handbook.
{"title":"A Model-Based Approach for Privacy Risk Mitigation Integrating Systems Engineering with System-Theoretic Process Analysis","authors":"David Hetherington","doi":"10.1002/inst.12542","DOIUrl":"10.1002/inst.12542","url":null,"abstract":"<div>\u0000 \u0000 <p>Certain commercial operations, their systems, and their employees need to operate in hostile or semi-hostile environments. The physical environment may be challenging, but often an unstable political/social environment may be a greater challenge than any temperature or weather extremes. Such an unstable political environment may present rapidly changing threats to employee security. Even if local citizens in the immediate area are supportive, transnational violent gangs may be operating nearby. How do we design overall technology and human systems that can resiliently persevere in such an unstable environment?</p>\u0000 <p>Some organizations will reflexively implement a walled-off, fenced, and protected environment for their employees. While this sort of physical protection will be helpful to some extent, if human relationships with the local community are poor or nonexistent, the overall security of the installation will be fragile. Some organizations will deliberately move in the opposite direction, proactively sending their employees out into the community to interact, talk to local citizens, and build human relationships – even when doing so represents a significant degree of physical and personal risk for those employees.</p>\u0000 <p>How do we support employees that we are deliberately thrusting into such a risky and unstable environment? For their own safety, we want those employees to communicate as much as possible with the local citizens. We want them to be aware of “chatter” in local social media. On the other hand, we want help them keep their actual personal identity details as protected as possible. Failed social interactions can have lethal consequences. Inadvertently leaked personal data about family members could result in those family members being subject to threats and intimidation in their home location.</p>\u0000 <p>In this article, we examine the design of a digital personal communications device designed to achieve these goals and demonstrate the use of System-Theoretic Process Analysis (STPA) in the analysis of a proposed design. Along the way, we will also demonstrate a model-based approach to the design work which represents the recently released standard SAE J3307 “System Theoretic Process Analysis (STPA) Standard for All Industries” <i>(J3307_202503, 2025)</i> which specifies an auditable workflow for the STPA methodology originally described in the STPA Handbook.</p>\u0000 </div>","PeriodicalId":13956,"journal":{"name":"Insight","volume":"28 3","pages":"35-43"},"PeriodicalIF":1.0,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144573346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This first-of-its-kind meta-analysis provides unprecedented insights into systems engineering's evolution through a comprehensive examination of fourteen years of INCOSE International Symposium contributions. By analyzing over 4,000 submissions from nearly 5,000 authors, this study delivers unique value through three interconnected analyses: The Authors Analysis reveals a distinctive “hourglass network” where 10% of contributors generate 43% of intellectual output, alongside a critical 94% first-year attrition rate. This social architecture illuminates both resilience mechanisms and vulnerability points within the knowledge ecosystem, offering stakeholders targeted intervention opportunities for community development. The Topics Analysis documents the discipline's methodological transformation, quantifying the shift toward model-based systems engineering (MBSE) growing from 30% to 40% while revealing persistent knowledge gaps in theoretical foundations and empirical validation. The detailed taxonomic classification exposes high-value research frontiers at disciplinary intersections previously unidentified. The Acceptance Analysis uncovers systematic patterns in knowledge validation, demonstrating how acceptance rates have tightened year-over-year (90% to 40%) while certain submission characteristics significantly impact outcomes. This evidence-based filter mechanism provides contributors with strategic insights for knowledge dissemination. Through synthesizing these analyses, this research provides a cohesive portrait of a discipline at an inflection point—transitioning from practice-driven origins toward greater formalization. For INCOSE leadership, educators, and practitioners, these integrated insights enable data-driven strategies to strengthen community resilience, address knowledge gaps, and enhance systems engineering's capacity to tackle the increasingly complex sociotechnical challenges of the 21st century.
{"title":"The State of the Systems Engineering Discipline: A Longitudinal Analysis of INCOSE International Symposium Contributions (2012–2025)","authors":"Christian Sprague PhD","doi":"10.1002/inst.12534","DOIUrl":"10.1002/inst.12534","url":null,"abstract":"<div>\u0000 \u0000 <p>This first-of-its-kind meta-analysis provides unprecedented insights into systems engineering's evolution through a comprehensive examination of fourteen years of INCOSE International Symposium contributions. By analyzing over 4,000 submissions from nearly 5,000 authors, this study delivers unique value through three interconnected analyses: The Authors Analysis reveals a distinctive “hourglass network” where 10% of contributors generate 43% of intellectual output, alongside a critical 94% first-year attrition rate. This social architecture illuminates both resilience mechanisms and vulnerability points within the knowledge ecosystem, offering stakeholders targeted intervention opportunities for community development. The Topics Analysis documents the discipline's methodological transformation, quantifying the shift toward model-based systems engineering (MBSE) growing from 30% to 40% while revealing persistent knowledge gaps in theoretical foundations and empirical validation. The detailed taxonomic classification exposes high-value research frontiers at disciplinary intersections previously unidentified. The Acceptance Analysis uncovers systematic patterns in knowledge validation, demonstrating how acceptance rates have tightened year-over-year (90% to 40%) while certain submission characteristics significantly impact outcomes. This evidence-based filter mechanism provides contributors with strategic insights for knowledge dissemination. Through synthesizing these analyses, this research provides a cohesive portrait of a discipline at an inflection point—transitioning from practice-driven origins toward greater formalization. For INCOSE leadership, educators, and practitioners, these integrated insights enable data-driven strategies to strengthen community resilience, address knowledge gaps, and enhance systems engineering's capacity to tackle the increasingly complex sociotechnical challenges of the 21st century.</p>\u0000 </div>","PeriodicalId":13956,"journal":{"name":"Insight","volume":"28 2","pages":"9-48"},"PeriodicalIF":1.0,"publicationDate":"2025-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143925848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Systems engineering today faces a wide array of challenges, ranging from new operational environments to disruptive technological — necessitating approaches to improve research and development (R&D) efforts. Yet, emphasizing the Aristotelian argument that the “whole is greater than the sum of its parts” seems to offer a conceptual foundation creating new R&D solutions. Invoking systems theoretic concepts of emergence and hierarchy and analytic characteristics of traceability, rigor, and comprehensiveness is potentially beneficial for guiding R&D strategy and development to bridge the gap between theoretical problem spaces and engineering-based solutions. In response, this article describes systems–theoretic process analysis (STPA) as an example of one such approach to aid in early-systems R&D discussions. STPA—a ‘top-down’ process that abstracts real complex system operations into hierarchical control structures, functional control loops, and control actions—uses control loop logic to analyze how control actions (designed for desired system behaviors) may become violated and drive the complex system toward states of higher risk. By analyzing how needed controls are not provided (or out of sequence or stopped too soon) and unneeded controls are provided (or engaged too long), STPA can help early-system R&D discussions by exploring how requirements and desired actions interact to either mitigate or potentially increase states of risk that can lead to unacceptable losses. This article will demonstrate STPA's benefit for early-system R&D strategy and development discussion by describing such diverse use cases as cyber security, nuclear fuel transportation, and US electric grid performance. Together, the traceability, rigor, and comprehensiveness of STPA serve as useful tools for improving R&D strategy and development discussions. Leveraging STPA as well as related systems engineering techniques can be helpful in early R&D planning and strategy development to better triangulate deeper theoretical meaning or evaluate empirical results to better inform systems engineering solutions.
{"title":"Enhancing Early Systems R&D Capabilities with Systems —Theoretic Process Analysis","authors":"Adam D. Williams","doi":"10.1002/inst.12531","DOIUrl":"10.1002/inst.12531","url":null,"abstract":"<div>\u0000 \u0000 <p>Systems engineering today faces a wide array of challenges, ranging from new operational environments to disruptive technological — necessitating approaches to improve research and development (R&D) efforts. Yet, emphasizing the Aristotelian argument that the “whole is greater than the sum of its parts” seems to offer a conceptual foundation creating new R&D solutions. Invoking systems theoretic concepts of emergence and hierarchy and analytic characteristics of traceability, rigor, and comprehensiveness is potentially beneficial for guiding R&D strategy and development to bridge the gap between theoretical problem spaces and engineering-based solutions. In response, this article describes systems–theoretic process analysis (STPA) as an example of one such approach to aid in early-systems R&D discussions. STPA—a ‘top-down’ process that abstracts real complex system operations into hierarchical control structures, functional control loops, and control actions—uses control loop logic to analyze how control actions (designed for desired system behaviors) may become violated and drive the complex system toward states of higher risk. By analyzing how needed controls are not provided (or out of sequence or stopped too soon) and unneeded controls are provided (or engaged too long), STPA can help early-system R&D discussions by exploring how requirements and desired actions interact to either mitigate or potentially increase states of risk that can lead to unacceptable losses. This article will demonstrate STPA's benefit for early-system R&D strategy and development discussion by describing such diverse use cases as cyber security, nuclear fuel transportation, and US electric grid performance. Together, the traceability, rigor, and comprehensiveness of STPA serve as useful tools for improving R&D strategy and development discussions. Leveraging STPA as well as related systems engineering techniques can be helpful in early R&D planning and strategy development to better triangulate deeper theoretical meaning or evaluate empirical results to better inform systems engineering solutions.</p>\u0000 </div>","PeriodicalId":13956,"journal":{"name":"Insight","volume":"28 1","pages":"75-82"},"PeriodicalIF":1.0,"publicationDate":"2025-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143801853","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper hypothesizes that a system-of-systems (SoS) that is not fit for purpose is so because it cannot implement the correct, timely, and complete transfers of material, energy, and information (MEI) between its constituents and with its external environment that are necessary to achieve a particular result. This research addresses the problem of maintaining a SoS fit for purpose after unpredictable changes in operation, composition, or external factors by creating a method, implemented as an engineering process, and supported by an analysis technique to enhance the affordance {“Features that provide the potential for interaction by affording the ability to do something” (Norman 1999)} of SoS constituents for MEI transfer and reveal potential undesirable transfers.
{"title":"Effective and Efficient Preparation for the Unforeseeable","authors":"S. W. Hinsley, M. J. Henshaw, C. E. Siemieniuch","doi":"10.1002/inst.12523","DOIUrl":"10.1002/inst.12523","url":null,"abstract":"<div>\u0000 \u0000 <p>This paper hypothesizes that a system-of-systems (SoS) that is not fit for purpose is so because it cannot implement the correct, timely, and complete transfers of material, energy, and information (MEI) between its constituents and with its external environment that are necessary to achieve a particular result. This research addresses the problem of maintaining a SoS fit for purpose after unpredictable changes in operation, composition, or external factors by creating a method, implemented as an engineering process, and supported by an analysis technique to enhance the affordance {“Features that provide the potential for interaction by affording the ability to do something” (Norman 1999)} of SoS constituents for MEI transfer and reveal potential undesirable transfers.</p>\u0000 </div>","PeriodicalId":13956,"journal":{"name":"Insight","volume":"28 1","pages":"23-29"},"PeriodicalIF":1.0,"publicationDate":"2025-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143801864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号