Cybersecurity Architectural Analysis for Complex Cyber-Physical Systems

In the modern military’s highly interconnected and technology-reliant operational environment, cybersecurity is rapidly growing in importance. Moreover, as a number of highly publicized attacks have occurred against complex cyber-physical systems such as automobiles and airplanes, cybersecurity is no longer limited to traditional computer systems and IT networks. While architectural analysis approaches are critical to improving cybersecurity, these approaches are often poorly understood and applied in ad hoc fashion. This work addresses these gaps by answering the questions: 1. “What is cybersecurity architectural analysis?” and 2. “How can architectural analysis be used to more effectively support cybersecurity decision making for complex cyber-physical systems?” First, a readily understandable description of key architectural concepts and definitions is provided which culminates in a working definition of “cybersecurity architectural analysis,” since none is available in the literature. Next, we survey several architectural analysis approaches to provide the reader with an understanding of the various approaches being used across government and industry. Based on our proposed definition, the previously introduced key concepts, and our survey results, we establish desirable characteristics for evaluating cybersecurity architectural analysis approaches. Lastly, each of the surveyed approaches is assessed against the characteristics and areas of future work are identified

Conceptual Systems Security Analysis Aerial Refueling Case Study

In today’s highly interconnected and technology reliant environment, systems security is rapidly growing in importance to complex systems such as automobiles, airplanes, and defense-oriented weapon systems. While systems security analysis approaches are critical to improving the security of these advanced cyber-physical systems-of-systems, such approaches are often poorly understood and applied in ad hoc fashion. To address these gaps, first a study of key architectural analysis concepts and definitions is provided with an assessment of their applicability towards complex cyber-physical systems. From this initial work, a definition of cybersecurity architectural analysis for cyber-physical systems is proposed. Next, the System Theory Theoretic Process Analysis approach for Security (STPA Sec) is tailored and presented in three phases which support the development of conceptual-level security requirements, applicable design-level criteria, and architectural-level security specifications. This work uniquely presents a detailed case study of a conceptual-level systems security analysis of a notional aerial refueling system based on the tailored STPA-Sec approach. This work is critically important for advancing the science of systems security engineering by providing a standardized approach for understanding security, safety, and resiliency requirements in complex systems with traceability and testability

A Governance Reference Model For Service-oriented Architecture-based Common Data Initialization A Case Study Of Military Simulation Federation Systems

Military simulation and command and control federations have become large, complex distributed systems that integrate with a variety of legacy and current simulations, and real command and control systems locally as well as globally. As these systems continue to become increasingly more complex so does the data that initializes them. This increased complexity has introduced a major problem in data initialization coordination which has been handled by many organizations in various ways. Serviceoriented architecture (SOA) solutions have been introduced to promote easier data interoperability through the use of standards-based reusable services and common infrastructure. However, current SOA-based solutions do not incorporate formal governance techniques to drive the architecture in providing reliable, consistent, and timely information exchange. This dissertation identifies the need to establish governance for common data initialization service development oversight, presents current research and applicable solutions that address some aspects of SOA-based federation data service governance, and proposes a governance reference model for development of SOA-based common data initialization services in military simulation and command and control federations

Security architecture methodology for large net-centric systems

This thesis describes an over-arching security architecture methodology for large network enabled systems that can be scaled down for smaller network centric operations such as present at the University of Missouri-Rolla. By leveraging the five elements of security policy & standards, security risk management, security auditing, security federation and security management, of the proposed security architecture and addressing the specific needs of UMR, the methodology was used to determine places of improvement for UMR --Abstract, page iii

Ethical Control of Unmanned Systems: lifesaving/lethal scenarios for naval operations

Prepared for: Raytheon Missiles & Defense under NCRADA-NPS-19-0227This research in Ethical Control of Unmanned Systems applies precepts of Network Optional Warfare (NOW) to develop a three-step Mission Execution Ontology (MEO) methodology for validating, simulating, and implementing mission orders for unmanned systems. First, mission orders are represented in ontologies that are understandable by humans and readable by machines. Next, the MEO is validated and tested for logical coherence using Semantic Web standards. The validated MEO is refined for implementation in simulation and visualization. This process is iterated until the MEO is ready for implementation. This methodology is applied to four Naval scenarios in order of increasing challenges that the operational environment and the adversary impose on the Human-Machine Team. The extent of challenge to Ethical Control in the scenarios is used to refine the MEO for the unmanned system. The research also considers Data-Centric Security and blockchain distributed ledger as enabling technologies for Ethical Control. Data-Centric Security is a combination of structured messaging, efficient compression, digital signature, and document encryption, in correct order, for round-trip messaging. Blockchain distributed ledger has potential to further add integrity measures for aggregated message sets, confirming receipt/response/sequencing without undetected message loss. When implemented, these technologies together form the end-to-end data security that ensures mutual trust and command authority in real-world operational environments—despite the potential presence of interfering network conditions, intermittent gaps, or potential opponent intercept. A coherent Ethical Control approach to command and control of unmanned systems is thus feasible. Therefore, this research concludes that maintaining human control of unmanned systems at long ranges of time-duration and distance, in denied, degraded, and deceptive environments, is possible through well-defined mission orders and data security technologies. Finally, as the human role remains essential in Ethical Control of unmanned systems, this research recommends the development of an unmanned system qualification process for Naval operations, as well as additional research prioritized based on urgency and impact.Raytheon Missiles & DefenseRaytheon Missiles & Defense (RMD).Approved for public release; distribution is unlimited

Exploratory Inquiry: Disparate Air Force Base Area Network Architectures

Joint Vision 2020, the Department of Defense (DoD) blueprint for development and transformation, identifies information and technology as critical enablers for our nation\u27s military and calls for the development of a joint force capable of integrated information sharing to provide decision superiority, the ability to make and implement better decisions before enemies can react (DoD, 2000). Networks have been identified as the single most important element for transforming our current military forces. Ironically, Air Force base-level communications networks have been identified as a weakness. This research follows the qualitative approach to increases the current understanding of base level communications networks by conducting a multiple site comparative case study that includes practitioner interviews at four locations and the examination of existing literature and documented trip reports. This study determines if base- level networks are disparate, isolates sources of disparity, identifies advantages and disadvantages of disparity, and recommends an appropriate course of action. This research is significant for members of the Air Force, DoD, and private citizens. Air Force networks support close to three-quarters of a million users, including active duty service members, Air Force Reserves, Air National Guard, civilians, and embedded contract employees (McCarter, 2003). In addition to potentially affecting many people and the larger DoD network, base-level networks provide support to deployed warfighters and provide the environment to train, organize and equip our forces. Additionally, these networks provide critical information to key decision makers

Applying model-based systems engineering to architecture optimization and selection during system acquisition

2018 Fall.Includes bibliographical references.The architecture selection process early in a major system acquisition is a critical step in determining the overall affordability and technical performance success of a program. There are recognized deficiencies that frequently occur in this step such as poor transparency into the final selection decision and excessive focus on lowest cost, which is not necessarily the best value for all of the stakeholders. This research investigates improvements to the architecture selection process by integrating Model-Based Systems Engineering (MBSE) techniques, enforcing rigorous, quantitative evaluation metrics with a corresponding understanding of uncertainties, and stakeholder feedback in order to generate an architecture that is more optimized and trusted to provide better value for the stakeholders. Three case studies were analyzed to demonstrate this proposed process. The first focused on a satellite communications System of Systems (SoS) acquisition to demonstrate the overall feasibility and applicability of the process. The second investigated an electro-optical remote sensing satellite system to compare this proposed process to a current architecture selection process typified by the United States Department of Defense (U.S. DoD) Analysis of Alternatives (AoA). The third case study analyzed the evaluation of a service-oriented architecture (SOA) providing satellite command and control with cyber security protections in order to demonstrate rigorous accounting of uncertainty through the architecture evaluation and selection. These case studies serve to define and demonstrate a new, more transparent and trusted architecture selection process that consistently provides better value for the stakeholders of a major system acquisition. While the examples in this research focused on U.S. DoD and other major acquisitions, the methodology developed is broadly applicable to other domains where this is a need for optimization of enterprise architectures as the basis for effective system acquisition. The results from the three case studies showed the new process outperformed the current methodology for conducting architecture evaluations in nearly all criteria considered and in particular selects architectures of better value, provides greater visibility into the actual decision making, and improves trust in the decision through a robust understanding of uncertainty. The primary contribution of this research then is improved information support to an architecture selection in the early phases of a system acquisition program. The proposed methodology presents a decision authority with an integrated assessment of each alternative, traceable to the concerns of the system's stakeholders, and thus enables a more informed and objective selection of the preferred alternative. It is recommended that the methodology proposed in this work is considered for future architecture evaluations

Value-Driven Enterprise Architecture Evaluation for the Joint Force Protection Advanced Security System

The U.S. military has placed a strong focus on the importance of operating in a joint environment, where capabilities and missions are shared between service components. Protecting U.S. forces is a major consideration in the joint environment. The Joint Force Protection Advanced Security System (JFPASS) architecture has been created to fill a critical gap in Joint Force Protection guidance for systems acquisition. The systems engineering (SE) field has made wide use of system architectures to represent complex systems. As fundamental SE principles become more widespread, analysis tools provide an objective method for the evaluation of the resulting architectural products. This study used decision analysis to develop a standardized, yet adaptable and repeatable model to evaluate the capabilities of the JFPASS for any installation or facility belonging to the United States Department of Defense (DoD). Using the Value-Focused Thinking (VFT) methods, a value hierarchy was created by consulting with subject matter experts. The resulting model, named Value-Driven Enterprise Architecture (VDEA) score, provides an analysis tool, which enables DoD decision-makers to use JFPASS architecture products to quickly and easily evaluate the value provided by the system; VDEA provides insight into the overall quality and capability of the system. Through the scoring and sensitivity analysis functions, capability gaps and potential improvements can be identified. Future studies in this area will provide a vehicle for rating not only operational level systems, but also individual functional projects against other alternatives

Unattended network operations technology assessment study. Technical support for defining advanced satellite systems concepts

The results are summarized of an unattended network operations technology assessment study for the Space Exploration Initiative (SEI). The scope of the work included: (1) identified possible enhancements due to the proposed Mars communications network; (2) identified network operations on Mars; (3) performed a technology assessment of possible supporting technologies based on current and future approaches to network operations; and (4) developed a plan for the testing and development of these technologies. The most important results obtained are as follows: (1) addition of a third Mars Relay Satellite (MRS) and MRS cross link capabilities will enhance the network's fault tolerance capabilities through improved connectivity; (2) network functions can be divided into the six basic ISO network functional groups; (3) distributed artificial intelligence technologies will augment more traditional network management technologies to form the technological infrastructure of a virtually unattended network; and (4) a great effort is required to bring the current network technology levels for manned space communications up to the level needed for an automated fault tolerance Mars communications network