The Need for a Secure Modular Open Systems Approach (MOSA): Building the Case Using Systems Thinking Methodologies

Abstract

A broad survey of available publications indicates that security is still regarded as an unknown in Modular Open Systems Approach (MOSA) architectures. Additionally, open security approaches for modular systems can be seen as a barrier to successful MOSA implementations, given that vulnerability discovery by attackers may be aided by open security architectures and standards. Modular Open architecture security requirements such as those for Anti-Tamper and Cybersecurity need to be an integral part of the MOSA lifecycle. Also, a primary concern of businesses is to maintain competitive advantage by means of protecting their proprietary data. In essence, MOSA systems are characterized by defining common interfaces and not the functionality within the system itself, maintaining proprietary data protected within the boundaries of each module. Is this sufficient to provide horizontal protection across plug-and-play MOSA systems? To begin studying questions such as this, this paper utilizes Systems Thinking methodologies to explore the US Department of Defense (DoD) method to MOSA and Systems Security Engineering (SSE). The authors introduce several systems thinking methodologies to scope the problem and identify the benefits of incorporating SSE into the MOSA lifecycle. Using systemic tools, the authors identify the stakeholders that influence and are affected by both MOSA and SSE, determine the system boundary, describe the relationships between all components within the system, explore several shaping forces that have brought MOSA to its present state and determine the proposed value added by designing a trusted and secure MOSA.