Model‐Based Cyber Security at the Enterprise and Systems Level

Abstract

AbstractModel‐Based Engineering (MBE) has transformed the worlds of mechanical, electrical, chemical, software, systems engineering, and now cybersecurity. Model based cybersecurity allows this concern to be addressed as an integrated part of the solution as opposed to being a separate solution. To best take advantage of this, we must examine which modeling practices, languages, and standards are best suited to handle cybersecurity. Currently, UAF is the most effective tool being used to provide Model‐Based Cyber Security at the Enterprise and Systems Level. It achieves this largely through its integrated security viewpoint as well as by facilitating capability‐based engineering. Furthermore, it allows modelers to integrate with other cybersecurity‐focused modeling tools to include cybersecurity in the digital thread. The INCOSE Future of Systems Engineering (FuSE) Initiative defined 12 key concepts including “Capability‐Based Security Engineering” and “Security as a Functional Requirement.” This paper discusses these FuSE concepts and demonstrates how they can be effectively realized via the use of UAF and shows how UAF coupled with complementary tools and standards provides powerful verification and validation capabilities. Note that this paper is derived from INCOSE Insight articles Brooks, Hause (2022) and Hause, Brooks (2022) published in a special issue on FuSE Security. References are included below.