Systems Architecting for Survivability: Limitations of Existing Methods for Aerospace Systems

Survivability may be defined as the ability of a system to minimize the impact of a finite disturbance on value delivery. This paper reviews existing methods of specifying, evaluating, and verifying survivability for aerospace systems in order to identify opportunities for improvement. First, the systems architecting methods underlying this research are described. Second, survivability challenges within the domain of space system architecture are analyzed for motivation. Third, five limitations of existing methods are discussed: (1) treatment of survivability as a constraint on design, (2) static system threat assessment reports, (3) assumption of independent disturbance encounters, (4) narrow scope of survivability design and analysis, and (5) lack of a value-centric perspective. In conclusion, prescriptions are offered for improving the practice of systems architecting for survivability. Research Context: System Architecture and Value-Based Design This paper describes ongoing doctoral research for improving the practice of systems architecting for aerospace systems (Richards, Hastings et al. 2007). A standard definition of architecture used by the Department of Defense (2003) is “the structure of components, their relationships, and the principles and guidelines governing their design and evolution over time.” The process of creating and building architectures is referred to as systems architecting and concerns itself most with system conceptualization, objective definition, and certification for use (Maier and Rechtin 2002). Within systems architecting, the research is focused on the application of value-based methods to conceptual design. Value, a subjective measure of benefit from a bundle of consequences that is specified by a stakeholder, provides a fundamental metric for relating system properties to desired stakeholder outcomes (Keeney 1992). Empirical evidence suggests that the lifecycle value delivered by systems is primarily determined at the beginning of development programs (Gruhl 1992), highlighting the criticality of good decision making during conceptual design. Conceptual design includes both concept development (i.e., identification of stakeholders, enumeration and evaluation of design alternatives, and selection of one or more concepts for further development) and system-level design (i.e., definition of the architecture, including subsystem decompositions and functional specifications) (Ulrich and Eppinger 2004). Taking the value-centric perspective during conceptual design empowers decision makers to

[1]  Karl T. Ulrich,et al.  Product Design and Development , 1995 .

[2]  Nancy G. Leveson,et al.  Role of Software in Spacecraft Accidents , 2004 .

[3]  M.A. Harper,et al.  Disaster Tolerant Systems Engineering for Critical Infrastructure Protection , 2007, 2007 1st Annual IEEE Systems Conference.

[4]  M. Elisabeth Paté-Cornell,et al.  Fault Trees vs. Event Trees in Reliability Analysis , 1984 .

[5]  John Haigh,et al.  Probabilistic Risk Analysis: Foundations and Methods , 2003 .

[6]  William F. Ballhaus SUCCESSES AND CHALLENGES IN TRANSFORMING NATIONAL-SECURITY SPACE , 2005 .

[7]  Deborah L Thurston,et al.  Multiattribute utility analysis in design management , 1990 .

[8]  John B. Kidd,et al.  Decisions with Multiple Objectives—Preferences and Value Tradeoffs , 1977 .

[9]  David Jeffcoat The Survivability Versus Quantity Trade-off for Unmanned Aerial Vehicles , 2003 .

[10]  Richard C. Linger,et al.  Survivable Network Systems: An Emerging Discipline. Revision , 1999 .

[11]  Robert Hermann Report of the Defense Science Board Task Force on Acquisition Reform Phase IV , 1999 .

[12]  Seth D Guikema,et al.  On the limitations of redundancies in the improvement of system reliability. , 2004, Risk analysis : an official publication of the Society for Risk Analysis.

[13]  James R. Wertz,et al.  Space Mission Analysis and Design , 1992 .

[14]  Daniel E. Hastings,et al.  Defining Survivability for Engineering Systems , 2007 .

[15]  chearings Report of the Commission to Assess United States National Security Space Management and Organization, Hearing Before the Subcommittee on Strategic of the Committee on Armed Services, United States Senate, First Session, March 28, 2001 , 2002 .

[16]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[17]  M. H. Shellans,et al.  Designing survivable space systems , 1992 .

[18]  J.R. Laracy,et al.  Apply STAMP to Critical Infrastructure Protection , 2007, 2007 IEEE Conference on Technologies for Homeland Security.

[19]  Daniel E. Hastings,et al.  On-Orbit Servicing: A New Value Proposition for Satellite Design and Operation , 2007 .

[20]  J. E. Groves,et al.  Made in America: Science, Technology and American Modernist Poets , 1989 .

[21]  Robert E. Ball,et al.  The fundamentals of aircraft combat survivability analysis and design , 1985 .

[22]  A. T. Young,et al.  Acquisition of National Security Space Programs , 2003 .

[23]  Brook R. Sullivan,et al.  Technical And Economic Feasibility Of Telerobotic On-Orbit Satellite Servicing , 2005 .

[24]  Daniel E. Hastings,et al.  Development of the Quantitative Generalized Information Network Analysis Methodology for Satellite Systems , 2001 .

[25]  Armin P. Schulz,et al.  Design for changeability (DfC): Principles to enable changes in systems throughout their entire lifecycle , 2005, Syst. Eng..

[26]  Joel Moses,et al.  Foundational issues in Engineering Systems: A Framing Paper , 2004 .

[27]  G Gigerenzer,et al.  Reasoning the fast and frugal way: models of bounded rationality. , 1996, Psychological review.

[28]  DOD Needs a Departmentwide Strategy for Pursuing Low-Cost , Responsive Tactical Space Capabilities , 2006 .

[29]  K.-U. Schrogl Buchbesprechung: "Beyond Horizons. A Half Century of Air Force Space Leadership"; David N. Spires , 2001 .

[30]  Hugh McManus,et al.  A framework for understanding uncertainty and its mitigation and exploitation in complex systems , 2006, IEEE Engineering Management Review.

[31]  Daniel E. Hastings,et al.  Assessing Changeability in Aerospace Systems Architecting and Design Using Dynamic Multi-Attribute Tradespace Exploration , 2006 .

[32]  Paul Bracken,et al.  The Command and Control of Nuclear Forces , 1983 .

[33]  David N. Spires,et al.  Beyond Horizons: A Half Century of Air Force Space Leadership , 1998 .

[34]  R. L. Keeney,et al.  Decisions with Multiple Objectives: Preferences and Value Trade-Offs , 1977, IEEE Transactions on Systems, Man, and Cybernetics.

[35]  E. Rechtin,et al.  The art of systems architecting , 1996, IEEE Spectrum.

[36]  John Paterson,et al.  Overview of Low Observable Technology and Its Effects on Combat Aircraft Survivability , 1999 .

[37]  Daniel E. Hastings,et al.  Measuring the Value of Designing for Uncertain Future Downward Budget Instabilities , 2004 .

[38]  Elizabeth C. Hirschman,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[39]  Robert E. Ball,et al.  A History of the Survivability Design of Military Aircraft , 1995 .

[40]  Olivier L. de Weck,et al.  Time‐expanded decision networks: A framework for designing evolvable complex systems , 2007, Syst. Eng..

[41]  Daniel E. Hastings,et al.  New Methods for Rapid Architecture Selection and Conceptual Design , 2004 .

[42]  Yossi Sheffi,et al.  The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage , 2005 .

[43]  F. B. Vernadat,et al.  Decisions with Multiple Objectives: Preferences and Value Tradeoffs , 1994 .

[44]  Joel Williamsen,et al.  Force Protection Evaluation for Combat Aircraft Crews , 2007 .

[45]  Daniel E. Hastings,et al.  Multi-Attribute Tradespace Exploration as Front End for Effective Space System Design , 2004 .

[46]  Nancy G. Leveson,et al.  A Systems Theoretic Approach to Safety Engineering , 2003 .

[47]  Ralph E. Steuer,et al.  Multiple Criteria Decision Making, Multiattribute Utility Theory: The Next Ten Years , 1992 .

[48]  Peter G. Neumann,et al.  Practical Architectures for Survivable Systems and Networks , 1999 .

[49]  Ralph L. Keeney,et al.  Value-Focused Thinking: A Path to Creative Decisionmaking , 1992 .

[50]  Derek Leebaert,et al.  Strategic Command and Control: Redefining the Nuclear Threat , 1985 .

[51]  Albert D. Wheelon,et al.  Corona: The First Reconnaissance Satellites , 1997 .

[52]  Daniel E. Hastings,et al.  Measuring the Value of Flexibility in Space Systems: A Six‐Element Framework , 2007, Syst. Eng..

[53]  Daniel E. Hastings,et al.  A Framework for Incorporating "ilities" in Tradespace Studies , 2007 .

[54]  William Yurcik,et al.  A Survivability-Over-Security ( SOS ) Approach to Holistic Cyber-Ecosystem Assurance , .

[55]  Robert L. Wears,et al.  Resilience Engineering: Concepts and Precepts , 2006, Quality and Safety in Health Care.

[56]  Kevin Otto,et al.  An empirical foundation for product flexibility , 2005 .

[57]  Adam Michael Ross,et al.  Managing unarticulated value : changeability in multi-attribute tradespace exploration , 2006 .

[58]  Peter Neumann,et al.  Safeware: System Safety and Computers , 1995, SOEN.

[59]  M Mowthorpe US Military space policy 1945-92 , 2002 .

[60]  Nikolaos Limnios,et al.  Fault Trees , 2007 .

[61]  Herbert A. Simon,et al.  The Sciences of the Artificial , 1970 .

[62]  Olivier L. de Weck,et al.  Staged Deployment of Communications Satellite Constellations in Low Earth Orbit , 2004, J. Aerosp. Comput. Inf. Commun..