DigitalSE Logo

The “FOREST” Concept and Meta-Model for Lifecycle Evaluation of Resilience

Abstract

This chapter introduces the Framework for Operational Resilience in Engineering and System Test (FOREST), a comprehensive approach to enhancing cyber resilience as part of system development and testing. This methodology is applicable to any system-level resilience concerns, not just cybersecurity. Resilience is a critical aspect of a system's functionality and thus requires a systematic evaluation of the system's various components under attack or disruption. This evaluation leads to the development of functional requirements and functional views of cyber resilience processes, expressed in a model-based systems engineering tool. The methodology consists of two main components: the FOREST meta-process model and Mission Aware, a reference architecture meta-model. These elements are used in the decision-making process for security and related resilience in capability development, utilizing a standard risk-based approach for cybersecurity requirements development. The chapter provides a detailed explanation of the methodology, while a later chapter in this cluster showcases its application in a case study of a hypothetical weapon system called “Silverfish.” FOREST can help engineers enhance the resilience of their systems and improve their ability to withstand cyberattacks and disruptions.

Leads

Megan M. Clifford

Stevens Institute of Technology

Tim Sherburne

Stevens Institute of Technology

Barry M. Horowitz

University of Virginia

Tom A. McDermott

Stevens Institute of Technology

Peter A. Beling

Virginia Polytechnic Institute and State University

Publications

  1. Adams , S. , Carter , B. , Fleming , C. , and Beling , P.A. ( 2018 ). Selecting system specific cybersecurity attack patterns using topic modeling . In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE) (1–3 August 2018), 490 – 497 . New York : IEEE .

  2. Beling , P. , Horowitz , B. , Fleming , C. , et al. ( 2019 ). Model-Based Engineering for Functional Risk Assessment and Design of Cyber Resilient Systems . University of Virginia Charlottesville United States, Technical Report .

  3. Beling , P. , Horowitz , B. , Beling , P. , et al. ( 2021 ). An Agile Engineering Framework to Support the Development of Sustainable and Resilient DoD Systems , Technical Report SERC-2021-TR-015 V2 .

  4. CAPEC - Common Attack Pattern Enumeration and Classification (CAPECTM) (n.d.). MITRE . Boca Raton, FL : IEEE .

  5. Department of Defense ( 2014 ). Cyber security .

  6. Fleming , C.H. , Elks , C. , Bakirtzis , G. et al. ( 2021 ). Cyber-physical security through resiliency: a systems-centric approach . Computer 54 ( 6 ): 36 – 45 .

  7. Horowitz , B. , Beling , P. , Skadron , K. , et al. ( 2014 ). Security Engineering Project-System Aware Cyber Security for an Autonomous Surveillance System on Board an Unmanned Aerial Vehicle . Systems Engineering Research Center Hoboken NJ, Technical Report .

  8. Horowitz , B. , Beling , P. , Fleming , C. , ( 2017 ). Security Engineering FY17 Systems Aware Cybersecurity . Stevens Institute of Technology Hoboken United States , Technical Report .

  9. Horowitz , B. , Beling , P. , Fleming , C. , et al. ( 2018a ). Cyber Security Requirements Methodology . Stevens Institute of Technology Hoboken United States, Technical Report .

  10. Horowitz , B. , Beling , P. , Fleming , C. , et al. ( 2018b ). Cyber-Security Requirements Methodology . Systems Engineering Research Center, Technical Report .

  11. Horowitz , B. , Beling , P. , Clifford , M. , and Sherburne , T. ( 2021 ). Developmental Test and Evaluation (DTE&A) and Cyber Attack Resilient Systems - Measures And Metrics Source Tables . Systems Engineering Research Center, Technical Report .

  12. Leveson , N.G. and Young , W. ( 2014 ). An integrated approach to safety and security based on systems theory . Communications of the ACM 57 ( 2 ): 31 – 35 .

  13. Reed M ( 2016 ). DoD strategy for cyber resilient weapon systems . Paper presented at the National Defense Industries Association, Annual Systems Engineering Conference , Alexandria VA , October 2016.

  14. Ross , R. S. ( 2022 ). Engineering Trustworthy Secure Systems .

SERC Logo

The Systems Engineering Research Center (SERC) was established in the Fall of 2008 as a government-designated University Affiliated Research Center (UARC). The SERC has produced 15 years of research, focused on an updated systems engineering toolkit (methods, tools, and practices) for the complex cyber-physical systems of today and tomorrow.


Follow us on

LinkedIn