Techno‐Social Contracts for Security Orchestration in the Future of Systems Engineering

Dove, Rick; Willett, Keith

doi:10.1002/j.2334-5837.2020.00799.x

Cited by 7 publications

(9 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One attempt at modeling these interactions is addressed in another fundamental element of systems security engineering-techno-social contracts. As discussed by Dove and Willett (2021), techno-social contracts for systems security is an "approach to explicitly encode technology-to-technology rules of intra-protection and inter-protection as part of security orchestration." While a good first step, this approach does not entirely address the lack of coordination across domain-specific security strategies.…”

Section: Categorymentioning

confidence: 99%

“…The resulting multi-domain security approaches should include the design and evaluation of the interactions within domains (e.g., ensuring sufficient cyber security architectures) and between disparate domains (e.g., ensuring coordination between digital controllers and physical processes). Such multi-domain approaches to security would support "dynamic security decisions in operations resulting in fast, relevant, and adaptable system defense" (Dove, et al 2021). By extension, systems security performance would also be further enhanced with coordination with non-security elements in the broader facility or system.…”

Section: Introductionmentioning

confidence: 99%

“…A multilayer network-based approach, however, is not a silver bullet solution for all thirteen fundamental elements for the future of systems security engineering (Dove, et al 2021). Yet, based on the conceptual similarities provided in (Williams, A.D. et al 2021a), a multilayer network-based solution can directly support several of these fundamental elements-most notable element no.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Multilayer Network Models for Coordinating Orchestration of Systems Security Engineering

Williams

Birch

Caskey

et al. 2022

INCOSE International Symp

View full text Add to dashboard Cite

Systems security engineering (SSE) faces new internal (e.g., increased digitization) and external (e.g., adversary capabilities) obstacles as systems increase in complexity and are deployed to increasingly challenging operating environments. Legacy approaches heavily rely on individual, physical, digital, or personnel domain‐specific strategies for security. Such segmented responses helped initiate efforts by the INCOSE systems security working group to identify fundamental elements of SSE. One of these fundamental elements is security orchestration, where the SSE goal is to coordinate between previously disparate security solutions. Multilayer network‐based approaches seemingly provide the logical structure and mathematical foundation to conduct security orchestration for “tightly coupled coordinated system defense in cyber‐relevant time.” Within multilayer networks, the ability to identify and manipulate cross‐domain (e.g., intralayer) connections that influence security performance measures demonstrates an enhanced level of security orchestration. As such, multilayer networks support the future of SSE efforts to mitigate real‐world complexities, innovative adversaries, and disruptive technologies. After describing security orchestration as a concept and foundational element, this paper explores how multilayer network models can enhance orchestration systems security engineering. Additionally, a demonstration case of systems security for a high consequence facility (as a complex system) is followed insights and implications for incorporating orchestration in the future of systems security.

show abstract

Section: Categorymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Multilayer Network Models for Coordinating Orchestration of Systems Security Engineering

Williams

Birch

Caskey

et al. 2022

INCOSE International Symp

View full text Add to dashboard Cite

show abstract

“…Innovative techniques are being proposed and studied. Dove & Willett (2020) suggested a new approach in a paper entitled "Techno-Social Contracts for Security Orchestration in the Future of Systems Engineering". (Dove, Willett, 2020) "The cyber-physical-social aspects of systems engineering are gaining attention in the social dimension principally for human-human and human-technology interaction.…”

Section: Introductionmentioning

confidence: 99%

“…Dove & Willett (2020) suggested a new approach in a paper entitled "Techno-Social Contracts for Security Orchestration in the Future of Systems Engineering". (Dove, Willett, 2020) "The cyber-physical-social aspects of systems engineering are gaining attention in the social dimension principally for human-human and human-technology interaction. This paper suggests that systems and systems of systems can be viewed as social communities of technical elements, where security of the community and its technical members can benefit from collective and distributed mutual protection behaviors."…”

Section: Introductionmentioning

confidence: 99%

Using the Security Views in UAF

Hause¹,

Kihlström²

2021

INCOSE International Symp

View full text Add to dashboard Cite

Architectures, systems, subsystems, and the data that they contain, are valuable assets. Systems engineers and architects must plan for system security from concept inception to retirement to ensure that security is embedded into every part of every process, procedure, system and component as well as in the mindset of the people in the enterprise. While the various DoDAF views contain attributes of security, there are no views for defining system security goals, threats, risks, mitigating elements, etc. and demonstrating how these are integrated and implemented into the operational, system, standards and services views. The Unified Architecture Framework (UAF) has integrated a set of security views that provide engineers a means of defining security goals and requirements and demonstrating how these are implemented throughout the architecture.

show abstract

Security Issue Detection and Mitigation Patterns for Product Line Resource Variation

Dove¹

2020

INSIGHT

Self Cite

View full text Add to dashboard Cite

Product Line Engineering (PLE) builds upon an Agile Architectural Pattern—with reusable resources, evolving resource variations, and a standardized interconnect and sustainment infrastructure. Commercial PLE systems attract alternative resource suppliers, such as automotive parts. Defense PLE systems typically result from acquirers encouraging Open System Architectures to enable alternative resource suppliers. Alternative resource suppliers are a major resource variation source in product line engineered systems. Product line engineered systems are systems of systems with potential for complex interactions and unintended emergent behaviors. This article focuses on PLE cyber‐physical‐social system products, the security issues resource variation can introduce, and security patterns for detecting and mitigating these security issues. Resource variations may cause security issues unintentionally, but intentional introduction is also possible by malicious alternative resource suppliers, supply chain interdiction, and insiders. This article assumes malicious intent in resource variation as its security issue base line, as patterns for effective detection and mitigation of malicious variation intent encompass unintentional occurrences.

show abstract

Techno‐Social Contracts for Security Orchestration in the Future of Systems Engineering

Cited by 7 publications

References 4 publications

Multilayer Network Models for Coordinating Orchestration of Systems Security Engineering

Multilayer Network Models for Coordinating Orchestration of Systems Security Engineering

Using the Security Views in UAF

Security Issue Detection and Mitigation Patterns for Product Line Resource Variation

Contact Info

Product

Resources

About