System of Systems Characterisation assisting Security Risk Assessment

System of Systems (SoS) is a term often used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, clarity is needed when using this term given that operational areas may be unfamiliar with the terminology. In this paper, we present an approach for refining System and SoS descriptions to aid multistakeholder communication and understanding; building on previous work, we illustrate an example of characterising a likely SoS. By identifying key stakeholders, systems, management and control, this approach supports the initial steps of a SoS security risk assessment approach using a tool-supported framework that supports operational needs towards requirements engineering.

[1]  Radu Calinescu,et al.  Large-scale complex IT systems , 2011, Commun. ACM.

[2]  Shamal Faily,et al.  Re-framing “the AMN”: A case study eliciting and modelling a System of Systems using the Afghan Mission Network , 2017, 2017 11th International Conference on Research Challenges in Information Science (RCIS).

[3]  Judith Dahmann,et al.  Systems of Systems and Security: A Defense Perspective , 2011 .

[4]  Philippe Aniorte,et al.  Challenges in Security Engineering of Systems-of-Systems , 2014 .

[5]  Suzanne Garcia,et al.  Limits to the Use of the Zachman Framework in Developing and Evolving Architectures for Complex Systems of Systems , 2009 .

[6]  R. Staker Decision Support for Complex Systems-of-Systems , 2022 .

[7]  Jan Peleska,et al.  Systems of Systems Engineering , 2015 .

[8]  Paul Davidsson,et al.  IoT-based Systems of Systems , 2016 .

[9]  R. Ackoff Towards a System of Systems Concepts , 1971 .

[10]  Donald Firesmith Analyzing and Specifying Reusable Security Requirements , 2003 .

[11]  A. Jones,et al.  A framework for the management of information security risks , 2007 .

[12]  Mark W. Maier,et al.  Architecting Principles for Systems‐of‐Systems , 1996 .

[13]  Dennis Longley,et al.  Security Risk Analysis for Complex Systems , 2006, ISSA.

[14]  Neville A. Stanton,et al.  Safety in System-of-Systems: ten key challenges , 2014 .

[15]  Jo Ann Lane,et al.  What is a System of Systems and Why Should I Care , 2013 .

[16]  Huseyin Dogan,et al.  SmartPowerchair: Characterization and Usability of a Pervasive System of Systems , 2017, IEEE Transactions on Human-Machine Systems.

[17]  Istvan Mate Borocz Risk to the Right to the Protection of Personal Data , 2016 .

[18]  Brian J. Sauser,et al.  System of Systems - the meaning of of , 2006, 2006 IEEE/SMC International Conference on System of Systems Engineering.

[19]  Shamal Faily,et al.  Persona-centred information security awareness , 2017, Comput. Secur..

[20]  Michael Henshaw,et al.  The role of human factors in addressing Systems of Systems complexity , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[21]  Steven C. Currall,et al.  Measuring trust between organizational boundary role persons. , 1995 .

[22]  Paulo F. Pires,et al.  On the Development of Systems-of-Systems based on the Internet of Things: A Systematic Mapping , 2014, ECSAW '14.

[23]  Dale E. Zand Trust and Managerial Problem Solving , 1972 .

[24]  James Stevens,et al.  Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process , 2007 .

[25]  Shamal Faily,et al.  From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems , 2017, 2017 IEEE 25th International Requirements Engineering Conference Workshops (REW).

[26]  Michael Jackson,et al.  Towards a System of Systems Methodologies , 1984 .

[27]  Eugene Miya,et al.  On "Software engineering" , 1985, SOEN.

[28]  Jo Ann Lane,et al.  Systems Engineering for Capabilities , 2008 .

[29]  Michael J Meier A Provider's Perspective: Utilizing Deployed Information Technology to Care for Our Wounded Warriors , 2011 .

[30]  J.S. Dahmann,et al.  Understanding the Current State of US Defense Systems of Systems and the Implications for Systems Engineering , 2008, 2008 2nd Annual IEEE Systems Conference.

[31]  Judith Dahmann,et al.  Systems of Systems and Net-Centric Enterprise Systems , 2009 .

[32]  N. L. Chervany,et al.  THE MEANINGS OF TRUST , 2000 .

[33]  Christopher John Richardson,et al.  Bridging the air gap : an information assurance perspective , 2012 .

[34]  George B. Dyson Darwin among the Machines: The Evolution of Global Intelligence , 1997 .