Security as a Foundational Perspective in Systems Engineering: Engineering Trustworthy Secure Systems

Mark Winstead (The MITRE Corporation)

Keywords
Systems Security Engineering;Assurance;Trustworthy Systems;Systems Principles;Loss Driven Engineering;System Design;Trustworthy Secure Systems;Secure and Resilient Systems;Secure Design;NIST SP 800-160 Volume 1
Abstract
Security should be as foundational a perspective as system performance and safety (INCOSE SE Vision 2035), as engineering of systems cannot assume benign environments for development, operations, maintenance, and support. Systems engineering must think and execute to properly employ principles, concepts, and methods to coordinate, orchestrate, and direct the activities to deliver assured trustworthy secure systems in and for contested environments. This tutorial overviews the needed security proficiency elements for systems engineering with alignment to many of the concepts of INCOSE’s security in the future of systems engineering efforts (INCOSE Insight June 2022).

Meeting stakeholder needs within constraints of cost, schedule, and performance must include meeting the security protection needs derived from those stakeholder needs. Activities address loss concerns associated with the system-of-interest throughout its lifecycle, considering potential adversities. This includes developing an inherently assured trustworthy secure design that 1) avoids loss from occurring, 2) minimizes effects of loss that does occur and 3) is intrinsically easier to analyze for vulnerabilities and hazards during upgrades.

The tutorial presents a principled strategic approach focused on designing an intrinsically assured trustworthy design. This approach aids in realizing an intrinsically trustworthy secure system to help in prioritizations, reduce workload, and mitigate concerns of “unknowns” with assurance and thus producing trustworthiness in the system. This approach contrasts with widespread tactical risk-based approaches.

This tutorial targets the experienced systems engineer who is a novice in Systems Security Engineering as a specialty discipline of systems engineering.