Security engineering in a system of systems environment

Systems engineering (SE) of defense systems and critical infrastructure must incorporate consideration of threats and vulnerabilities to malicious subversion into the engineering requirements, architecture, and design processes. Recognizing this need, the United States Department of Defense recently revitalized its system security engineering (SSE) efforts by extending its program protection processes to apply SSE principles and body of knowledge to defense acquisition programs [1]. At the same time, a growing number of military capabilities are being fielded through system of systems (SoS) approaches which are not necessarily managed under formal acquisition processes. This trend is expected to continue. Recognizing this trend, several years ago the DoD undertook an initiative to develop initial guidance on the system engineering of SoS [3]. In the ensuing years, a companion body of knowledge has been developed [4]. More recently, the importance and the challenges of applying SSE beyond individual systems to SoS has been recognized [4]. The question arises, “what does or should SSE look like in an SoS environment?” This paper presents the results of an exploratory investigation of SSE as an integral element of SoS SE. Defense-based approaches to SoS SE are reviewed and logical extensions to address SSE for SoS and program protection are described within an SoS SE framework. The results of case studies exploring how SoS currently address security at the SoS level are presented. Finally, observations and challenges are discussed, including whether and how guidelines and practices for SSE at the individual or constituent system level can be extended to the ensemble of systems that collectively create an SoS capability.