Framework for Operational Resilience in Engineering and System Test (FOREST) Part I: Methodology – Responding to “Security as a Functional Requirement”

Abstract

ABSTRACTAn end‐to‐end methodology for addressing cyber resilience as a development and test philosophy in a system is described. Although focused on cybersecurity, the methodology applies to any resilience concerns and features of a system. Resilience is a functional characteristic of a system, requiring a process to evaluate the function of different aspects of a system under attack or disruption. The result of this process is a set of functional requirements and functional views of cyber resilience processes in a model‐based systems engineering tool. The methodology consists of a meta‐process model called the Framework for Operational Resilience in Engineering and System Test (FOREST) and a reference architecture metamodel called Mission Aware. In practice these are used to make security and related resilience decisions in capability development using a standard, risk‐based approach for cybersecurity requirements development. Part I of this article describes the methodology and Part II presents its use in a case study of a fictional weapon system called Silverfish.