Putting the Systems in Security Engineering An Overview of NIST

Similar documents
Masao Mukaidono Emeritus Professor, Meiji University

System of Systems Software Assurance

Engineering Autonomy

Proposed Curriculum Master of Science in Systems Engineering for The MITRE Corporation

A FRAMEWORK FOR PERFORMING V&V WITHIN REUSE-BASED SOFTWARE ENGINEERING

Applied Safety Science and Engineering Techniques (ASSET TM )

ASSEMBLY - 35TH SESSION

FSIC FRANCHISE. Frequently asked questions

Model Based Systems Engineering

Software-Intensive Systems Producibility

SAUDI ARABIAN STANDARDS ORGANIZATION (SASO) TECHNICAL DIRECTIVE PART ONE: STANDARDIZATION AND RELATED ACTIVITIES GENERAL VOCABULARY

H5ST 04 (SCDHSC0370) Support the Use of Technological Aids to Promote Independence 1

Smart Grid Maturity Model: A Vision for the Future of Smart Grid

Potential areas of industrial interest relevant for cross-cutting KETs in the Electronics and Communication Systems domain

Revision of C Guide for Application of Monitoring Equipment to Liquid Immersed Transformers and Components. Mike Spurlock Chairman

Policy Perspective: The Current and Proposed Security Framework

Metrology in the Digital Transformation

Fiscal 2007 Environmental Technology Verification Pilot Program Implementation Guidelines

Systems Engineering Overview. Axel Claudio Alex Gonzalez

NCRIS Capability 5.7: Population Health and Clinical Data Linkage

Department of Energy s Legacy Management Program Development

Pan-Canadian Trust Framework Overview

THE UNIVERSITY OF AUCKLAND INTELLECTUAL PROPERTY CREATED BY STAFF AND STUDENTS POLICY Organisation & Governance

Responsible Data Use Policy Framework

WORKING IN PARTNERSHIP TO IMPROVE COMMUNITY ENGAGEMENT: A CASE STUDY FROM THE PROPOSED PETERHEAD CCS PROJECT

DEFENSE ACQUISITION UNIVERSITY EMPLOYEE SELF-ASSESSMENT. Outcomes and Enablers

Testimony of Professor Lance J. Hoffman Computer Science Department The George Washington University Washington, D.C. Before the

Violent Intent Modeling System

A stronger system to protect the health and safety of Canadians. Exploring the Future of the Food Regulatory Framework Under the Food and Drugs Act

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

Enterprise Architecture 3.0: Designing Successful Endeavors Chapter II the Way Ahead

M&S Requirements and VV&A: What s the Relationship?

SPECIFICATIONS SUBJECT TO CHANGE WITHOUT NOTICE

Part 2: Medical device software. Validation of software for medical device quality systems

University of Massachusetts Amherst Libraries. Digital Preservation Policy, Version 1.3

REPORT DOCUMENTATION PAGE

Assist & Assure. Embedding our Safety Agenda

Privacy, Technology and Economics in the 5G Environment

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

An Introduction to a Taxonomy of Information Privacy in Collaborative Environments

Leveraging 21st Century SE Concepts, Principles, and Practices to Achieve User, Healthcare Services, and Medical Device Development Success

Expectations for Intelligent Computing

Brief to the. Senate Standing Committee on Social Affairs, Science and Technology. Dr. Eliot A. Phillipson President and CEO

Rosatom Approach to IPR Management in Collaborative Projects on Innovations

S&T Stakeholders Conference

Dependability in the Information Society: getting ready for the FP6

Lexis PSL Competition Practice Note

Ethics Guideline for the Intelligent Information Society

Score grid for SBO projects with a societal finality version January 2018

Transitioning the Opportune Landing Site System to Initial Operating Capability

ICC POSITION ON LEGITIMATE INTERESTS

FS INVESTMENTS & KKR FORM STRATEGIC PARTNERSHIP. Combining FSIC & CCT platforms to create stockholder value

Please send your responses by to: This consultation closes on Friday, 8 April 2016.

Human-Robot Interaction. Aaron Steinfeld Robotics Institute Carnegie Mellon University

WG/STAIR. Knut Blind, STAIR Chairman

Safety recommendations for nuclear power source applications in outer space

Challenges and Innovations in Digital Systems Engineering

SAFETY CASE ON A PAGE

Implementing the International Safety Framework for Space Nuclear Power Sources at ESA Options and Open Questions

SHELL S MBM PROGRESS AND PLAN

Evolving Systems Engineering as a Field within Engineering Systems

Fault Management Architectures and the Challenges of Providing Software Assurance

VCE Art Study Design. Online Implementation Sessions. Tuesday 18 October, 2016 Wednesday 26 October, 2016

DHS-DOD Software Assurance Forum, McLean VA 6 Oct 2008 Very loosely based on Daniel s 2007 briefing

Building Collaborative Networks for Innovation

Survey of Institutional Readiness

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

Managing Ageing Infrastructure

Expression Of Interest

Assessment of Smart Machines and Manufacturing Competence Centre (SMACC) Scientific Advisory Board Site Visit April 2018.

BEFORE THE ALBERTA ELECTRIC SYSTEM OPERATOR

ENGINEERING INNOVATION

rones-vulnerable-to-terrorist-hijackingresearchers-say/

Section 1: Internet Governance Principles

Models, Simulations, and Digital Engineering in Systems Engineering Restructure (Defense Acquisition University CLE011)

Technology transactions and outsourcing deals: a practitioner s perspective. Michel Jaccard

ECU Research Commercialisation

Stevens Institute of Technology & Systems Engineering Research Center (SERC)

By RE: June 2015 Exposure Draft, Nordic Federation Standard for Audits of Small Entities (SASE)

Understanding STPA-Sec Through a Simple Roller Coaster Example

Information & Communication Technology Strategy

DATA COLLECTION AND SOCIAL MEDIA INNOVATION OR CHALLENGE FOR HUMANITARIAN AID? EVENT REPORT. 15 May :00-21:00

Operational Intelligence to Deliver Smart Solutions. Copyright 2015 OSIsoft, LLC

How do you teach AI the value of trust?

NRC Workshop on NASA Technologies

MISSISSAUGA LIBRARY COLLECTION POLICY (Revised June 10, 2015, Approved by the Board June 17, 2015)

SUBMISSION THE LICENSING EXECUTIVES SOCIETY OF SOUTH AFRICA THE TECHNOLOGY INNOVATION AGENCY BILL

General Education Rubrics

The IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems. FairWare2018, 29 May 2018

What To Do When Project Impacts Are In Dispute? Participatory Monitoring and Joint Fact-finding

European Charter for Access to Research Infrastructures - DRAFT

Developing and Distributing a Model-Based Systems Engineering(MBSE) CubeSat Reference Model Status

Computer Science: Who Cares? Computer Science: It Matters. Computer Science: Disciplines

Committee on Development and Intellectual Property (CDIP)

The Tool Box of the System Architect

ProbabilityTestingaComponentofAdvanceSoftwareTesting

LSCB Pan-Lancashire LSCB Online Safeguarding Strategy

EXECUTIVE SUMMARY. St. Louis Region Emerging Transportation Technology Strategic Plan. June East-West Gateway Council of Governments ICF

Focusing Software Education on Engineering

A Holistic Approach to Systems Development

Transcription:

Approved for Public Release; Distribution Unlimited. 16-3797 Putting the Systems in Engineering An Overview of NIST 800-160 Systems Engineering Considerations for a multidisciplinary approach for the engineering of trustworthy secure systems NDIA 19th Annual Systems Engineering Conference October 24, 2016 Springfield, VA. Michael McEvilley Max Allway Alvi Lim The MITRE Corporation Systems Engineering Technical Center mcevilley@mitre.org 703.983.5951 The author's affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence with, or support for, the positions, opinions or viewpoints expressed by the author.

2 Agenda Trustworthy System Challenges Seven Key Systems Concepts, System, Adequately System Assets, Loss, Context, Consequences Predominate Views of System Differentiating Protection and System System and Failure Modes, s, and Transitions System Trustworthiness Systems Engineering in a Nutshell NIST SP800-160 Way Forward

Trustworthy System Challenges 3 Systems are increasingly complex Dynamicity Interactions, behaviors Composition Uncertainty Emergence is emergent A holistic system property Failures are multifaceted Encompassing both unforced and forced forms Interactions and behaviors Within and between the engineering team and stakeholders Multidisciplinary Challenges Require Multidisciplinary Solutions

4 What is System? Prevailing definitions too narrowly-scoped Data and information, information technology, information systems Associated properties of confidentiality, integrity, availability No definition sufficed for the broad definition of system As used by IEEE and INCOSE Sufficient to address the entirety of today s inherently complex systems

In Search Of System Essentials Behavior, Control, Loss, Context Behavior, interactions, outcomes What the system does and does not do Control objective to address asset loss Prevent, minimize, constrain, and limit the extent of asset loss and adverse consequences Context-driven views Rarely is security a context of itself 5 CONTROL CONTEXT = Adequate FUNCTIONS These essentials form the foundation of secure systems

A Systems-Oriented Way Forward 6 Context-driven control over system behavior, interactions, and outcomes to limit the extent of loss and adverse consequences for stakeholder and system assets Environment Other higher-level systems Other higher-level systems System of Interest Interacting Systems Higher-level System http://systems.hitchins.net/

2.1 What is Safety?, System, NPR 8715.3C and MIL-STD-882D [7] define safety as freedom from those conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or Adequately System damage to the environment. This concept of safety is inclusive of human safety, which includes workers directly involved in system interactions, workers not directly involved in system Adapted from NASA System Safety Handbook interactions, as well as members of the general public. Although this definition is broad, it focuses exclusively on physical, rather than functional, consequences. However, for systems such as non-recoverable spacecraft, damage to or loss of equipment may be meaningful only insofar as it translates into degradation or loss of mission objectives. unacceptable Therefore, consequences for the purposes of this handbook, freedom from conditions that can cause loss of mission (LOM) is also included in the definition of safety. Figure 2-1 illustrates the scope A of stakeholder potentially impacted determination populations to which the concept of safety can apply. Freedom from those conditions that can cause loss of assets with System A system that for all identified states, modes, and transitions is deemed secure i.e., demonstrates freedom from those conditions... Adequately System Adequately secure is an evidence-based determination that weighs system security Figure performance 2-1. Impacted Populations against all within other Scope performance of Safety objectives and constraints 7 Safety Safety is freedom from those conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment. In any given application, the specific scope of safety must be clearly defined by the stakeholders in terms of the entities to which it applies and the consequences against which it is assessed. For example, for non-reusable and/or non-recoverable systems, damage to or loss of equipment may be meaningful only insofar as it translates into degradation or loss of mission objectives.

Relationships Asset, Loss, Context, and Consequence 8 Types of Asset Form of Asset Loss Humans Data and information Sensitive, proprietary, privacy data and information Components, elements Assemblies, subsystems Systems, system-of-systems Infrastructure Capability Processes, procedures Provision of service or function Intellectual property Technological, competitive, combatant advantage Image Reputation Trust CONTEXT CONSEQUENCE Ability, capability Accessibility Accuracy, precision Advantage (combatant, competitive, technological) Assurance Control Correctness Existence Investment Ownership Performance Possession Quality Satisfaction Time Context is at the Core of Interpretation of Loss Correlation between asset and form of loss is necessary to properly differentiate and to reason

Predominate Views of System 9 Function of the System functions that provide system protection capability Mechanisms, safeguards, countermeasures, features, controls, overrides, inhibits of the Intended System Function -driven constraints for all system functions Avoid, eliminate, tolerate defects, exposure, flaws, weaknesses of Life Cycle Assets for data, information, technology, methods, and other assets associated with the system throughout its life cycle

Differentiating Protection and System 10 System Emergent property of the system deemed to be trustworthy and adequate Protection Behavioral & Non-behavioral Aspects Composition of Protections Composition of Protections What the system has or does not have What the system does and does not do Defined and assessed based on concerns of asset loss and the associated consequences

11 System and Failure failure results in asset loss or adverse consequence Exhibiting unspecified behavior or interactions Producing unspecified outcomes Can be forced or unforced Forced security failure results from malicious activities with intent to cause harm Human attacks and abuse Unforced security failure results from non-malicious activities and events Machine and technology errors and faults Incidents and accidents Human errors of omission and commission Human misuse Environmental and disaster events Failure is related to system modes, states, and transitions

12 Modes, s, Transitions A secure system remains secure for all modes, states and transitions To include the halt state/mode Additional states, modes, and transitions reflect concepts of: Failure with preservation of secure state/mode The ability to detect that the system is in a non-secure state/mode or to detect a transition that will place the system in a non-secure state/mode Trusted recovery The ability to effect reactive, responsive, or corrective action to securely transition from a non-secure state/mode to a secure state/mode (or some less insecure state/mode)

Modes, s, and Transitions Example: Idealized System 13 Transition To Maintenance Mode Transition To Alt Mode 2 Maintenance Mode Transition To Alt Mode 1 Normal Mode Initial Alternate Mode 1 Halt Initial Failure Recovery Alternate Mode 2 Halt Initia l Secur e Runtime s Failure Recovery This examples defines distinct system mode of operation where each mode contains multiple states Initi Halt al Sec ure Stat e Secur Runtime e s Failur e Recover y Secu re Halt Sec Runtim ure e Fail s ure Stat Secur e Recov ery Transition To Normal Mode Secur e Runti me s Transition To Normal Mode

14 System Trustworthiness Maintain a statement of trustworthiness across needs and variances All systems do not have the same fidelity and rigor trustworthiness needs Adequate security expressed by security claims Relevant and credible evidence Appropriate fidelity and rigor Valid arguments that relate all evidence to security claims Analyses by subject matter experts Define Objectives Define Life Cycle Concepts Systems Engineering Framework PROBLEM Define Success Measures Define Stakeholder Requirements Define the Aspects of the Solution SOLUTION Realize the Aspects of the Solution System Analyses Produce Evidence for Aspects of the Solution Concepts, Principles, and MPTs (Means, Methods, Processes, Practices, Tools, Techniques) Closed Loop Feedback, Variances, Change, and Continuous Improvement TRUSTWORTHINESS Develop Case for Acceptable Demonstrate Case is Satisfied Enabled by System Analysis Focused on Asset and Loss Consequences

Systems Engineering in a Nutshell 15 Controlling the loss and associated consequences of stakeholder and system assets while realizing stakeholder capability objectives throughout the life cycle Functions Engineers the active and passive protection capability of the system System Functions Engineers the security-driven constraints for the entire system to limit security-relevant defects Life Cycle Assets Engineers the protection for stakeholder and system data, information, technology, and method assets Delivers trustworthy secure systems Develops the design oriented to objectives and success measures Decision-making informed by data and analyses with appropriate fidelity and rigor Constrained by the laws of physics and the laws of computational logic

16 800-160 Way Forward Special Publication 800-160 will become the flagship publication for the NIST Systems Engineering Initiative. Other NIST and Joint Task Force (JTF) publications will leverage 800-160 in future revisions The following supporting NIST publications will be developed and published in 2017 and beyond: Special Publication 800-160A, Systems Engineering: Considerations for System Resilience in the Engineering of Trustworthy Systems Special Publication 800-160B, Systems Engineering: Considerations for Software Assurance in the Engineering of Trustworthy Systems Special Publication 800-160C, Systems Engineering: Considerations for Hardware Assurance in the Engineering of Trustworthy Systems Risk Management Framework interaction with the life cycle processes to be described in future updates to NIST Special Publication 800-37 On-target for December 2016 Release 1 Publication

17 Acknowledgements Motivation for talk Putting the Systems in Engineering: An Examination of NIST Special Publication 800-160, IEEE & Privacy, July/August 2016 Logan O. Mailloux, Stephen Khou, John Pecarina; Air Force Institute of Technology Michael McEvilley; The MITRE Corporation NIST SP800-160 authors appreciate the ongoing support, review, commentary, and wish to thank DASD/SE: Ms. Kristen Baldwin, Ms. Melinda Reed INCOSE, NDIA: SSE WG Chairs and Team Members

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback