Re-framing “The AMN”: A Case Study Eliciting and Modelling a System of Systems using the Afghan Mission Network

The term System of Systems (SoS) is often used to classify an arrangement of independent and interdependent systems delivering unique capabilities. There appear to be many examples of SoSs, but the term has become a source of confusion. While many approaches have been proposed for engineering SoSs, there are few illustrative examples demonstrating their initial classification and resulting SoS structure. This paper presents an approach for framing a candidate SoS using the Afghan Mission Network defined as an Acknowledged SoS, and presents issues associated with SoSs stakeholders, human factors and interoperability considerations resulting from such an approach

Assessing Security Risk and Requirements for Systems of Systems

A System of Systems (SoS) is a term used to describe independent systems converging for a purpose that could only be carried out through this interdependent collaboration. Many examples of SoSs exist, but the term has become a source of confusion across domains. Moreover, there are few illustrative SoS examples demonstrating their initial classification and structure. While there are many approaches for engineering of systems, less exist for SoS engineering. More specifically, there is a research gap towards approaches addressing SoS security risk assessment for engineering and operational needs, with a need for tool-support to assist modelling and visualising security risk and requirements in an interconnected SoS. From this, security requirements can provide a systematic means to identify constraints and related risks of the SoS, mitigated by human-user and system requirements. This work investigates specific challenges and current approaches for SoS security and risk, and aims to identify the alignment of SoS factors and concepts suitable for eliciting, analysing, validating risks with use of a tool-support for assessing security risk in the SoS context

Assessing System of Systems Security Risk and Requirements with OASoSIS

When independent systems come together as a System of Systems (SoS) to achieve a new purpose, dealing with requirements conflicts across systems becomes a challenge. Moreover, assessing and modelling security risk for independent systems and the SoS as a whole is challenged by a gap in related research and approaches within the SoSs domain. In this paper, we present an approach for bridging SoS and Requirements Engineering by identifying aligning SoSs concepts to assess and model security risk and requirements. We introduce our OASoSIS approach modifying OCTAVE Allegro for SoSs using CAIRIS (Computer Aided Integration of Requirements and Information Security) with a medical evacuation (MEDEVAC) SoS exemplar for Security Requirements Engineering tool-support. Index Terms—System of Systems, Security, Risk, Human Factors, Requirements Engineering, CAIRIS

System of systems characterisation assisting security risk assessment.

System of Systems (SoS) is a term often used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, clarity is needed when using this term given that operational areas may be unfamiliar with the terminology. In this paper, we present an approach for refining System and SoS descriptions to aid multistakeholder communication and understanding; building on previous work, we illustrate an example of characterising a likely SoS. By identifying key stakeholders, systems, management and control, this approach supports the initial steps of a SoS security risk assessment approach using a tool-supported framework that supports operational needs towards requirements engineering

Security risk assessment in systems of systems.

A System of Systems (SoS) is a set of independent systems that interoperate to achieve capabilities that none of the separate systems can achieve independently. The component systems may be independently operated or managed, and this may cause control problems. An area of particular concern is managing security of the large complex system that is the SoS, because development and operation of component systems may be done independently. Security vulnerabilities may arise at the SoS level that are not present or cannot be determined at the component system level. Security design and management processes typically operate only at component system level. Within this thesis, the problem of security risk assessment at the SoS level is examined by identifying factors specific to SoSs, formulating a framework through which it can be managed, and creating a process with visualisation to support risk managers and security experts in making assessment of security risks for a SoS. Humans must be considered as part of the SoS and feature in risks associated with security. A broadly qualitative methodology has been adopted using interviews, case studies, and a scenario method in which prototype framework elements were tested. Two SoS examples, including the Afghan Mission Network (AMN) as a SoS, and a SmartPowerchair SoS were used to identify, combine, and apply relevant elements in a SoS context towards addressing the research problem. For the AMN, this included interviews and focus groups with stakeholders experienced in NATO security, risk, and network-based roles. Whereas, the SmartPowerchair SoS was based on interviews and on-going communication with a single stakeholder representative as the owner and user of the SoS. Based on the findings, OASoSIS has been developed as a framework combining the use of OCTAVE Allegro and CAIRIS to model and assess Information Security risk in the SoS context. The process for applying OASoSIS is detailed within the thesis. The first contribution of OASoSIS introduces a SoS characterisation process to support a SoS security risk assessment. The second contribution modifies a version of the OCTAVE Allegro Information Security risk assessment process to align with the SoS context. Risk data captured during a first-stage assessment then provides input for a third contribution that integrates concepts, models, and techniques with tool-support from CAIRIS to model the SoS information security risks. Two case studies relating to a Military Medical Evacuation SoS and a Canadian Emergency Response SoS were used to apply and validate the contributions. These were validated through input from expert Military Medical stakeholders experienced in NATO operations, and key Emergency Response SoS stakeholders with further input from an expert Emergency Management stakeholder. To further strengthen the validity of the end-to-end application of OASoSIS in future work, it would benefit from being implemented within the SoS design process for other SoS scenarios

Assessing system of systems information security risk with OASoSIS.

The term System of Systems (SoS) is used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, the SoS concept is often misunderstood within operational environments, providing challenges towards the secure design and operation of SoSs. Limitations in existing literature indicates a need for discovery towards identifying a combination of concepts, models, and techniques suitable for assessing SoS security risk and related human factor concerns for SoS Requirements Engineering. In this article, we present OASoSIS, representing an information security risk assessment and modelling process to assist risk-based decision making in SoS Requirements Engineering. A characterisation process is introduced to capture the SoS context, supporting a SoS security risk assessment process that extends OCTAVE Allegro towards a SoS context. Resulting risk data provides a focused means to assess and model the SoS information security risk and related human factors, integrating tool-support using CAIRIS. A medical evacuation SoS case study scenario was used to test, illustrate, and validate the alignment of concepts, models, and techniques for assessing SoS information security risks with OASoSIS, where findings provide a positive basis for future work

System of Systems Characterisation assisting Security Risk Assessment.

System of Systems (SoS) is a term often used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, clarity is needed when using this term given that operational areas may be unfamiliar with the terminology. In this paper, we present an approach for refining System and SoS descriptions to aid multistakeholder communication and understanding; building on previous work, we illustrate an example of characterising a likely SoS. By identifying key stakeholders, systems, management and control, this approach supports the initial steps of a SoS security risk assessment approach using a tool supported framework that supports operational needs towards requirements engineering

Negotiating survival overseas: Exploring the help-seeking processes and support patterns of survivors of adverse childhood experiences from African communities with refugee backgrounds in New South Wales, Australia

Despite the elevated risks of adverse childhood experiences (ACEs) among refugee-background children, there remain gaps in understanding the help-seeking experiences, access to support services, barriers to help-seeking and support patterns among this category of clients. There is an urgent need to understand patterns of service utilisation and how different agencies and support networks respond to ACEs among refugee-background children. This thesis explores the help-seeking processes and the support patterns of refugee-background ACEs survivors among people from African communities in New South Wales, Australia. Using a qualitative micro-ethnographic approach, the research project was guided by intersectionality theory, trauma theories and the Network Episode Model. I collected research data using participant observation, in-depth interviews with 12 non-offending parents, 12 clinical practitioners and two focus group discussions with African community leaders. The research found that ACEs in African-background children involve a vast continuum of co-occurring and multi-layered traumatic experiences. However, parents perceived these experiences in a unidirectional way, focusing more on isolated segments of extrafamilial than intrafamilial ACEs and prioritising immediate practical needs over emotional or psychological support. Based on intersecting personal, cultural, and structural barriers, most survivors sought help in a gradual, context-bound, and crisis-driven way, including episodes of silencing, denial, recantation, disclosure, and service use. Amid limited social capital and a lack of culturally responsive support networks, parents allocated most family resources to the child directly affected by ACEs, thereby facing a drain on the attention and care of the victim’s siblings also experiencing ACEs (vicariously or directly). Service practitioners broadly defined ACEs as being multidimensional and responded in a reactive way, focusing on ACEs starting post-resettlement instead of addressing those the victims experienced before resettlement. These findings suggest that ACEs are crucial social determinants of health, with service accessibility remaining a constant struggle for refugee-background ACEs survivors. The findings address a significant gap in the current literature and will, hopefully, allow communities, service systems and policymakers to garner a nuanced understanding of refugee-background ACEs survivors’ specific needs