Cyber Security Requirements Methodology

Horowitz, Barry; Beling, Peter; Fleming, Cody; Adams, Stephen; Carter, Bryan; Sherburne, Tim; Elks, Carl; Bakirtzis, Georgios; Shull, Forrest; Mead, Nancy R.

Cyber Security Requirements Methodology

Active / Technical Report | Accession Number: AD1057439 |

Open PDF

Abstract:

This report addresses the DoDArmySERC-sponsored, UVA-led 9 month research effort to develop a methodology for establishing cyber security requirements at the preliminary design phase of new physical systems programs. The requirements addressed include the integration of cyber attack defense and resilience solutions, as well as security-related software engineering solutions. Referred to as Cyber Security Requirements Methodology CSRM, the developed process includes six sequential steps conducted by three teams an operationally focused team, a cybersecurity focused team and a systems engineering team. Model-based engineering tools were utilized to support each of the steps. A trial weapon system use case was conducted to gain an initial evaluation of the methodology. The use case system, referred to as Silverfish, was hypothetical, but deemed as a reasonable representation of a possible weapon system. Results of the trial were promising and point to a number of possible paths for follow-on research including implementing the methodology on a real system and building the necessary tools to scale up the methodology to a real system.

Author(s):

Horowitz, Barry ; Beling, Peter ; Fleming, Cody ; Adams, Stephen ; Carter, Bryan ; Sherburne, Tim ; Elks, Carl ; Bakirtzis, Georgios ; Shull, Forrest ; Mead, Nancy R.

Author Organization(s):

Stevens Institute of Technology Hoboken United States

Descriptive Note:

Technical Report

Pagination:

0046

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release;

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

SERC-2018-TR-110

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_3_Force Application; JCA_6_Net Centric; JCA_5.3_Planning; JCA_6.4.1_Secure Information Exchange; JCA_3.1.1_Maneuver to Engage; JCA_3.1_Maneuver; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3.2.2_Non-Kinetic Means; JCA_4.6_Engineering; JCA_5.3.1_Analyze Problem; JCA_2_Battlespace Awareness; JCA_2.1_Planning and Direction; JCA_8.2_Shape; JCA_8_Building Partnerships; JCA_5.2_Understand; JCA_2.1.1_Define and Prioritize Requirements; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_4.6.1_General Engineering; JCA_7.1.2_Prevent Non-kinetic Attack

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

model based systems engineering, software development, situational awareness, risk analysis, infrared detectors, cyberattacks, software prototyping, weapon control, unmanned aerial vehicles, risk, department of defense, command and control, communication systems

Field(s)/Group(s):

Computer Programming and Software, Computer Systems Management and Standards

Keyword(s):

cyber security requirements, physical systems programs

Report Date:

2018 Jul 26

Creation Date:

2018 Aug 07