Risk Management for System of Systems: A Systematic Mapping Study

Context: System of Systems (SoS) is a set of independent systems that cooperate to achieve an emergent behavior. SoSs have been used in different domains such as defense, transportation, energy, and health care, which directly impact on the society. The critical nature of SoS, in which a failure in one of its Constituent Systems (CSs) may lead to catastrophic damages to the property, environment, injuries or loss of human’s life, demands risk management activities. Existing risk management practices applied to SoS are extensions of risk management techniques at the CS level. Objective: in this paper, we present an overview of risk management approaches and tools for SoS. Method: we performed a Systematic Mapping (SM) study by searching into five databases to identify primary studies. We identified 22 primary studies related to risk management practices for SoS. Results: from the analysis of these primary studies, we identified a set of risks and risk management practices for SoS and their differences to risk management techniques at the CS level. Conclusion: the identified approaches and support tools for risk management in the SoS level are not well established yet.

[1]  Brian J. Sauser,et al.  System-of-Systems Engineering Management: A Review of Modern History and a Path Forward , 2008, IEEE Systems Journal.

[2]  Yacov Y Haimes Systems-based guiding principles for risk modeling, planning, assessment, management, and communication. , 2012, Risk analysis : an official publication of the Society for Risk Analysis.

[3]  Brian J. Sauser,et al.  System of Systems - the meaning of of , 2006, 2006 IEEE/SMC International Conference on System of Systems Engineering.

[4]  Patrick J. Redmond A System of Systems Interface Hazard Analysis Technique , 2007 .

[5]  Ian Sommerville,et al.  Responsibility modeling for identifying sociotechnical threats to the dependability of coalitions of systems , 2011, 2011 6th International Conference on System of Systems Engineering.

[6]  Fábio Luiz Leite,et al.  Dynamic Risk Management for Cooperative Autonomous Medical Cyber-Physical Systems , 2018, SAFECOMP Workshops.

[7]  Ian Sommerville,et al.  Dependability and Trust in Organisational and Domestic Computer Systems , 2006, Trust in Technology.

[8]  W. Duncan A GUIDE TO THE PROJECT MANAGEMENT BODY OF KNOWLEDGE , 1996 .

[9]  Michael Henshaw,et al.  A model based approach to system of systems risk management , 2015, 2015 10th System of Systems Engineering Conference (SoSE).

[10]  Aida Causevic A risk and threat assessment approaches overview in autonomous systems of systems , 2017, 2017 XXVI International Conference on Information, Communication and Automation Technologies (ICAT).

[11]  Edmund H Conrow Risk Management for Systems of Systems , 2005 .

[12]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[13]  Tore Dybå,et al.  Applying Systematic Reviews to Diverse Study Types: An Experience Report , 2007, First International Symposium on Empirical Software Engineering and Measurement (ESEM 2007).

[14]  Russell Lock,et al.  Developing a methodology to support the evolution of System of Systems using risk analysis , 2012, Syst. Eng..

[15]  C. Ariel Pinto,et al.  System of Systems Perspective on Risk: Towards a Unified Concept , 2012, Int. J. Syst. Syst. Eng..

[16]  Yacov Y Haimes,et al.  Risk Modeling of Interdependent Complex Systems of Systems: Theory and Practice , 2018, Risk analysis : an official publication of the Society for Risk Analysis.

[17]  Paul McMahon,et al.  Risk Management Guide for DoD Acquisition , 1998 .

[18]  Shamal Faily,et al.  Assessing System of Systems Security Risk and Requirements with OASoSIS , 2018, 2018 IEEE 5th International Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE).

[19]  Jo Ann Lane,et al.  Systems Engineering for Capabilities , 2008 .

[20]  Jan Peleska,et al.  Systems of Systems Engineering , 2015 .

[21]  D. Procházková Identification and Management of Risks of System of Systems , 2013 .

[22]  Sasikumar Punnekkat,et al.  Analyzing hazards in system-of-systems: Described in a quarry site automation context , 2017, 2017 Annual IEEE International Systems Conference (SysCon).

[23]  Alejandro Salado,et al.  Exile: A natural consequence of autonomy and belonging in systems-of-systems , 2016, 2016 Annual IEEE Systems Conference (SysCon).

[24]  Kenneth H. Rose,et al.  Book Review: A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Fourth Edition , 2001 .

[25]  Alejandro Salado,et al.  Abandonment: A natural consequence of autonomy and belonging in systems-of-systems , 2015, 2015 10th System of Systems Engineering Conference (SoSE).

[26]  Mark W. Maier Architecting Principles for Systems‐of‐Systems , 1996 .

[27]  Jonathan M. Aitken,et al.  A case for dynamic risk assessment in NEC systems of systems , 2010, 2010 5th International Conference on System of Systems Engineering.

[28]  Ian Sommerville,et al.  Responsibility modeling for the sociotechnical risk analysis of coalitions of systems , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[29]  Y. Haimes Modeling complex systems of systems with Phantom System Models , 2012, Syst. Eng..

[30]  Daniel DeLaurentis,et al.  A conditional value-at-risk approach to risk management in system-of-systems architectures , 2015, 2015 10th System of Systems Engineering Conference (SoSE).

[31]  Pearl Brereton,et al.  Performing systematic literature reviews in software engineering , 2006, ICSE.

[32]  Jakob Axelsson,et al.  Towards a risk analysis method for systems-of-systems based on systems thinking , 2018, 2018 Annual IEEE International Systems Conference (SysCon).

[33]  Alex Gorod,et al.  A systemic approach to managing risks of SoS , 2012, IEEE Aerospace and Electronic Systems Magazine.

[34]  Tim Kelly,et al.  A risk modelling approach for a Communicating System of Systems , 2011, 2011 IEEE International Systems Conference.