DigitalSE Logo

The “Mission Aware” Concept for Design of Cyber-Resilience

Abstract

This chapter introduces the Mission Aware framework, which is a proactive, model-based, and strategic approach to cybersecurity. Mission Aware is an outcome of work in the SERC's Trusted Systems research area with the aim of creating tools and methods to support engineering and testing of cyber-resilient cyber-physical systems. Mission Aware aims to provide a framework for designing systems that are resilient against cyberattacks. The framework focuses on the use of engineered mechanisms for detecting and responding to potential cyberattacks. During the early conceptual and requirements phases, patterns for these engineered mechanisms can be specified using model-based systems engineering (MBSE) techniques and used as a basis for requirements, architecting, design, and provisioning for verification and validation activities. This approach is primarily applied in cyber-physical systems, such as vehicles and weapons systems, rather than pure cyber and networking systems. Mission Aware is meant to be used in concert with the System Theoretic Processes Assessment (STPA) and variants from the safety community, as well as the Cyber Security Requirements Methodology (CSRM) and Framework for Operational Resilience in Engineering and System Test (FOREST) developed by SERC. Each of these companion methodologies are covered by a chapter in this cluster.

Leads

Peter A. Beling

Virginia Polytechnic Institute and State University

Megan M. Clifford

Stevens Institute of Technology

Tim Sherburne

Stevens Institute of Technology

Tom A. McDermott

Stevens Institute of Technology

Barry M. Horowitz

University of Virginia

Publications

  1. Adams , S. , Carter , B. , Fleming , C. , and Beling , P.A. ( 2018 ). Selecting system specific cybersecurity attack patterns using topic modeling . In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE) , New York (1-3 August 2018), 490 – 497 . IEEE .

  2. Babineau , G.L. , Jones , R.A. , and Horowitz , B. ( 2012 ). A system-aware cyber security method for shipboard control systems with a method described to evaluate cyber security solutions . In: 2012 IEEE Conference on Technologies for Homeland Security , Waltham, Massachusetts, USA (13–15 November 2012), 99 – 104 . IEEE .

  3. Bakirtzis , G. , Sherburne , T. , Adams , S. et al. ( 2022 ). An ontological metamodel for cyber-physical system safety, security, and resilience coengineering . Software and Systems Modeling 21 ( 1 ): 113 – 137 .

  4. Beling , P. , Horowitz , B. , Fleming , C. , et al. ( 2019 ). Model-Based Engineering for Functional Risk Assessment and Design of Cyber Resilient Systems . University of Virginia Charlottesville United States, Technical Report .

  5. Beling , P. , McDermott , T. , Sherburne , T. , et al. ( 2021 ). Developmental Test and Evaluation and Cyberattack Resilient Systems . Systems Engineering Research Center, Technical Report .

  6. Beling , P. , Sherburne , T. , and Horowitz , B. ( 2023 ). Sentinels for cyber resilience, in autonomous intelligent agents for cyber defense . Springer 87 : 425 – 444 . [forthcoming].

  7. Biesecker , C . ( 2017 ). Boeing 757 testing shows airplanes vulnerable to hacking, DHS says .

  8. Carter , B. , Adams , S. , Bakirtzis , G. et al. ( 2019 ). A preliminary design-phase security methodology for cyber–physical systems . Systems 7 ( 2 ): 21 .

  9. Department of Defense ( 2014 ). Cyber security .

  10. Fleming , C.H. , Elks , C. , Bakirtzis , G. et al. ( 2021 ). Cyber-physical security through resiliency: a systems-centric approach . Computer 54 ( 6 ): 36 – 45 .

  11. Horowitz , B.M. ( 2020 ). Cyberattack-resilient cyberphysical systems . IEEE Security & Privacy 18 ( 1 ): 55 – 60 .

  12. Horowitz , B. , Beling , P. , Skadron , K. , et al. ( 2014 ). Security Engineering Project-System Aware Cyber Security for an Autonomous Surveillance System on Board an Unmanned Aerial Vehicle . Systems Engineering Research Center, Hoboken, NJ, Technical Report .

  13. Horowitz , B. , Beling , P. , Humphrey , M. , and Gay , C. ( 2015a ). System Aware Cybersecurity: A Multi-Sentinel Scheme to Protect a Weapons Research Lab . Stevens Institute of Technology, Hoboken, NJ, Technical Report .

  14. Horowitz , B. , Beling , P. , Skadron , K. , et al. ( 2015b ). Security Engineering Project . Systems Engineering Research Center, Hoboken, NJ , Technical Report .

  15. Horowitz , B. , Beling , P. , Fleming , C. , et al. ( 2017 ). Security Engineering FY17 Systems Aware Cybersecurity . Stevens Institute of Technology, Hoboken, United States, Technical Report .

  16. Horowitz , B. , Beling , P. , Fleming , C. , et al. ( 2018 ). Cyber Security Requirements Methodology . Stevens Institute of Technology, Hoboken, United States, Technical Report .

  17. Horowitz , B. , Beling , P. , Clifford , M. , and Sherburne , T. ( 2021 ). Developmental Test and Evaluation (DTE&A) and Cyber Attack Resilient Systems - Measures and Metrics Source Tables . Systems Engineering Research Center, Technical Report .

  18. Leveson , N.G. and Thomas , J. ( 2018 ). STPA handbook .

  19. Leveson , N.G. and Young , W. ( 2014 ). An integrated approach to safety and security based on systems theory . Communications of the ACM 57 ( 2 ): 31 – 35 .

  20. McDermott , T. , Fleming , C. , Clifford , M.M. et al. ( 2020 ). Methods to Evaluate Cost/Technical Risk and Opportunity Decisions for Security Assurance in Design . Stevens Institute of Technology, Systems Engineering Research Center Hoboken United States .

  21. McDermott , T. , Clifford , M.M. , Sherburne , T. et al. ( 2022 ). Framework for operational resilience in engineering and system test (FOREST) Part I: methodology–responding to “security as a functional requirement” . Insight 25 ( 2 ): 30 – 37 .

  22. Scott , Z. and Long , D. ( 2018 ). One model, many interests, many views . Vitech Corporation , Technical Report .

  23. Young , W. and Leveson , N.G. ( 2013 ). Systems thinking for safety and security . In Proceedings of the Annual Computer Security Applications Conference (ACSAC 2013), New Orleans, LA (9 December 2013). ACM .

  24. Young , W. and Porada , R. ( 2017 ). System-theoretic process analysis for security (STPA-Sec): cyber security and STPA . In 2017 STAMP Conference (27–30 March 2017). MIT Press .

SERC Logo

The Systems Engineering Research Center (SERC) was established in the Fall of 2008 as a government-designated University Affiliated Research Center (UARC). The SERC has produced 15 years of research, focused on an updated systems engineering toolkit (methods, tools, and practices) for the complex cyber-physical systems of today and tomorrow.


Follow us on

LinkedIn