6.1.0 Is System Security Engineering Failing? If So, What Can System Engineering Do About It?

Security for systems of all kinds has become an urgent global concern in the face of increasing attack effectiveness and decreasing security effectiveness – measured simply by increasing losses and penetrations unchecked by increasing security expenditures. Is this a problem with security engineering, systems engineering, or the customer? Is system security strategy broken? Where does remedial action need be taken, and what would that be? Some say it is an economic tradeoff imposed by the customer. Some say it is reliance on ineffective security standards, technologies, and strategies. And some say it is a shortfall of system engineering process, knowledge, and priority. Regardless, systems engineering is responsible for life cycle effectiveness and must recognize, address, and solve this problem in some way—- by doing something different. Where is the gap and how does Systems Engineering begin to close it?