Demystifying Cyber Systems Engineering

2024-01-3864

11/15/2024

Features
Event
2020 Ground Vehicle Systems Engineering and Technology Symposium
Authors Abstract
Content
ABSTRACT

As the United States’ (US) Department of Defense (DoD) works to maintain our battlefield superiority in the ground domain, we rapidly integrate new electronic capabilities into vehicles that communicate and cooperate over vehicle-to-infrastructure networks. These new capabilities contribute to increasing the potential attack surface, as described in the 2018 Government Accountability Office (GAO) report on Weapon System Cyber Security [1]. To understand the increasingly complex attack surface and to reduce ground platform exposures through cyberspace, we need new engineering analysis and design techniques.

Today, most engineering methodologies treat cybersecurity as an add-on to traditional process flows. For example, until recently, the International Council on Systems Engineering (INCOSE) gave little attention to cybersecurity in their industry definition of the Vee-Model used widely in defense contracting. We argue that until we give cybersecurity first-class status and give it equal importance to the functional requirements, the products and services delivered may have sub-optimal defensive and resilience properties, making them vulnerable to attack through cyberspace.

This paper introduces BAE Systems’ approach to making cybersecurity and resiliency first-class system properties in the engineering process. Our approach, called Cyber Systems Engineering (CSE), combines best practices from Risk Management Framework (RMF) for defensive design and supplementing methods derived from the application of ‘offensive thinking to solve defensive problems.’ We improve cyber readiness and survivability by combining offensive and defensive techniques throughout the engineering lifecycle. We have already applied CSE (in whole and part) on over 50 DoD programs; our combined approach using defensive and offensive skills strengthen as we identify best practices for DoD programs.

Meta TagsDetails
DOI
https://doi.org/10.4271/2024-01-3864
Pages
12
Citation
Lofy, C., and Vriesenga, M., "Demystifying Cyber Systems Engineering," SAE Technical Paper 2024-01-3864, 2024, https://doi.org/10.4271/2024-01-3864.
Additional Details
Publisher
Published
Nov 15
Product Code
2024-01-3864
Content Type
Technical Paper
Language
English