TOPIC: Systems Security Engineering: Concepts and Overview Tutorial
WHEN: Saturday, September 30, 2017, 9am-2pm
WHERE: The MITRE Corporation
2401 E. El Segundo BLVD, Suite 460
El Segundo, CA 90245
Directions: The building is located on the northeast corner of Aviation and El Segundo Blvd. It is next to Big 5 Sporting Goods on El Segundo Blvd and Bimbo’s Bakery on Aviation Blvd. There is plenty of parking assigned to the building. A MITRE host will meet attendees at the front door to let them into the building. If the MITRE host is not at the door upon arrival, he can be contacted at 310-297-8453.
$25 for INCOSE-LA Members/
$45 for non-INCOSE Members
Register now, limited to 24 attendees.
Registration Link: CLICK HERE
NOTE: Non-US Citizens will not be allowed to bring electronic devices due to facility security requirements.
System Security as a Design Problem (from NIST SP 800-160) “Providing satisfactory security controls in a computer system is in itself a system design problem. A combination of hardware, software, communications, physical, personnel and administrativeprocedural safeguards is required for comprehensive security. In particular, software safeguards alone are not sufficient.”
The Ware Report
Defense Science Board Task Force on Computer Security, 1970.
Systems security engineering, as an integral part of systems engineering, applies scientific, mathematical, engineering, and measurement principles, concepts, and methods to coordinate, orchestrate, and direct the activities of various security engineering specialties and other contributing engineering specialties (e.g. reliability, safety and human factors) for the system of interest. This provides a fully integrated, system-level engineering perspective of system security. This tutorial will discuss an overview of Systems Security Engineering (SSE) as an increasingly critical part of Systems Engineering (SE).
SE is about meeting stakeholder needs. SSE is about meeting and ensuring sufficient protection of those stakeholder needs. The SSE activities include ensuring a system can function under adverse conditions associated with threats, disruptions and hazards (whether natural, e.g. weather, or man-made and whether malicious, misuse, or accidental). The SSE activities to protect stakeholder assets occur in all the life cycle phases (concept, development, production, utilization, support, and retirement). SSE as a discipline, as a role, as a set of activities across the life cycle to produce secure outcomes, and as a body of knowledge provide for meeting stakeholder protection needs. The tutorial will offer a system-oriented framing of the security perspective with connections to the methods and activities employed as part of a systems engineering project to address stakeholder security concerns.
– SSE as a Discipline: a specialty field and a branch of study in security foundations with open questions for potential research and development initiatives
– SSE as a Role: that is integrated with systems engineering and that leveraging security and other specialties
– SSE as an Activity: to plan, inform and achieve adequately secure outcomes via systems engineering processes as defined within INCOSE Systems Engineering Handbook
– SSE as a Body of Knowledge (BoK): that encompasses the history, vision, key terminology, and key concepts
Mark Winstead (The MITRE Corporation)
Mark had over twenty-five years’ STEM experience before joining the MITRE Corporation in 2014, including stints as a cryptologic mathematician, software engineer, systems engineer, systems architect and systems engineer in addition to being a systems security engineer. He has worked for several defense contractors, an Environmental Protection Agency contractor, a Facebook-like startup, a fabless semi-conductor manufacturer of commercial security protocol acceleration solutions, and a network performance management solutions company. Mark current works with various MITRE sponsors, helping programs with security engineering as well as teaming with others on integrating SSE into the acquisition systems engineering process. He also works with the MITRE Institute on developing materials for internal training courses for SSE. Mark is a graduate of the University of Virginia (PhD, Mathematics) and Florida State University (BS & MS, Mathematics). He resides in Colorado Springs, CO.
Daryl Hild (The MITRE Corporation)
Daryl's career spans 3 decades helping warfighters with engineering solutions that span Army tactical communications networks, Army information technology network and systems management, NORAD/NORTHCOM air warning, NORAD/NORTHCOM missile warning, global positioning system, space systems, and cyberspace security. He currently serves as the Department Head for the Systems Security Engineering department within the MITRE Cyber Security Technical Center. Daryl previously served as Associate Department Head for the Combatant Commands and Air Force Space Command Security department. Within the Cyber Security Technical Center, he has collaborated with the MITRE Institute on developing a Systems Security Engineering (SSE) competency model and an SSE Learning Path. As well, Daryl is developing operational concepts and constructs for engineering defensive and offensive cybersecurity capabilities. Prior to MITRE, Daryl was an Army Signal Officer from 1984 to 1990. He received his bachelor degree in Electrical Engineering from Washington University, St. Louis, MO; and his master and doctoral degrees in Electrical and Computer Engineering from the University of Arizona, Tucson, AZ. In the community, Daryl serves as a BSA Venturing advisor enabling youth to develop leadership skills through community service projects and high adventure experiences.