Search
Full Menu and site Navigation
A better world through a systems approach

Systems Security Engineering

Mission & Objectives

This working group’s mission is to provide Systems Engineers and Systems Engineering with effective means and methods for sustainable system functionality under advanced adversarial attack.

This working group believes that system engineering cannot succeed without accepting core responsibility for enabling and facilitating effective system security – partly in system requirements, partly in system trade space recognition, but mainly in system thinking applied to concepts of operations and systems architecture. Sustaining system functionality in the face of intelligent determined attack requires self preservation capabilities that adapt and evolve with equal intelligence, determination, and strength of community. This requires full system awareness and adaptability, and system-of-system relationships. Security engineering alone cannot accomplish this.

It is fitting for INCOSE to tackle Next Generation Security, as the issues are leading edge systems engineering issues: architecture, systems of systems, self organizing systems, security tradeoffs with human factors, systems thinking  – things that are typically high level integrated-system SE issues.

Current system security strategies are inadequate and cannot be fixed by security engineers alone. The reason is evident: attack communities operate as intelligent, multi-agent, self organizing, system-of-systems – with swarm intelligence, tight learning loops, fast evolution, and dedicated intent. With few exceptions, the systems being targeted are alone, senseless and defenseless – relying on outside benevolence for protection, whether this be separate security systems, laws and penalties, or perceived probabilities of being an overlooked target.

This working group's objectives are to instill systems engineering responsibility for sustainable systems functionality in the face of intelligent, determined, and highly competent system adversaries; to facilitate the assimilation and dispatch of that responsibility; and to Instigate self-sustaining cross- community involvement between systems engineers, security engineers, and system security standards..

Participants in this working group’s projects are developing vanguard critical understandings.

Intended Outcomes

  • Fundamental responsibility within systems engineering accepted and integrated.
  • ConOps of actionable next-generation security structures and strategies profiled.
  • Next-generation-enabling security concepts established in the relevant standards bodies.
  • Identification and publication of a relevant body of knowledge appropriate for the Systems Engineering Body of Knowledge (SEBoK).
  • Development and maintenance of appropriate contributions to the INCOSE Systems Engineering Handbook .
  • Socialization of work efforts with papers for INCOSE’s journal of Systems Engineering, papers and tutorials at the International Symposium, INSIGHT theme issues, and educational and tutorial Webinars.
  • Working alliances with other organizations concerned with secure sustainable systems.

Leadership

  • Chair: Rick Dove, Paradigm Shift International, dove@parshift.com
  • Co-Chair: Beth Wilson, Retired Raytheon
  • Co-Chair: Ken Kepchar, Eagleview Associates 
  • Co-Chair: Keith Willett, US DoD

Working Group Products

Webinars
- WG Webinar – Security Are Us, April 2014
- WG Webinar – Lockheed Martin Secure Engineering Assurance Model, June 2014
- WG Webinar – Introduction to the Systems Security Engineering WG, June 2014
- WG Webinar – Natural System Security Patterns, April 2015

Products
- SEBoK maintenance – Systems Security Engineering
- Standards – Participating member of INCITS/CS1, INCOSE Approved TPP
- Standards – Review of NIST SP-800-160, INCOSE-TA-2014-001-01, 28-June-2014
- Standards – Review of NIST SP-800-160, INCOSE-TA-2014-001-02, 29-June-2016
- Standards – Review of NIST SP-800-160, INCOSE-TA-2014-001-03, 21-October-2016
- SE Handbook Section 3.6.4 Case Study, & Section 10.11 Systems Security Engineering – July 2015

Projects
– Next Handbook Revision, POC: Perri Nejib, Dawn Beyer
– SEBoK Systems Security Engineering, POC: Mat French
– SE Requirements Framework for Security, POC: Dawn Beyer, Perri Nejib
– Future of Systems Engineering Security Topic, POC: Rick Dove

INSIGHT Publications
- 2009-Q2, Theme Issue: The Interplay of Architecture, Security & SE
- 2011-Q2, Theme Issue: Systems of Systems & Self Organizing Security
- 2013-Q2, Theme Issue: The Buck Stops Here: SE’s Responsibility for System Security
- 2015-Q2, Article: Needed - Practitioner Attention to Systems Engineering Delivery of Sustainable Value
- 2016-Q2, Theme Issue: Agile Security – Joint project with Agile SE working group
- 2016-Q2, Article: Software and System Integrity Assessment
- 2016-Q2, Article: Cybersecurity & Critical Infrastructure – Are We Missing The Obvious?
 
Recent (only) Papers/Panels/Tutorials
- 2015 Panelist: NSA IAS conference, panel session on security architecture with INCOSE WG Rep
- IS15 Panelist: Have We SEed our Infrastructure for Cyber-Terroris
- IS15 Panel: SE Systems-Security Responsibility: How is this Accepted?
- IS15 Paper: Adaptive Knowledge Encoding for Agile Cybersecurity Operations
- IS15 Paper: Guidance for WG SEBoK Maintenance: With Security WG Example
- IS16 Paper:  On System Dynamics Modeling of Human-Intensive Workflow Improvement – Case Study in Cybersecurity Adaptive Knowledge Encoding
- IS17 Tutorial: Systems Security Engineering - Concepts and Overview
- IS17 Paper: Systems Security Engineering - What Every SE Needs to Know
- IS17 Paper: A Systematic Approach to Influencing System Security Standards
- IS20 Paper: Architecting the Future of System Security
- IS20 Paper; Contextually Aware Agile Security in the Future of Systems Engineering
- IS20 Paper: Social Contracts for Security Orchestration in the Future of Systems Engineering

Collaborations
- CAB Security Priority
- FuSE Security Topic
- NDIA Systems Engineering Division, Systems Security Engineering Working Group
- NDIA Cyber Division
- INCOSE Resilient Systems Working Group
- INCOSE Critical Infrastructure Protection & Recovery Working Group
- INCOSE Product Line Engineering Working Group 
- INCOSE Requirements Working Group

Awards
INCOSE: 2013 Sustained Performance
INCOSE: 2016 Collaboration


Planned Working Sessions at the Next Events

This working group holds workshops every year at the two main INCOSE events: the International Workshop (usually Jan/Feb) and the International Symposium (usually Jun/Jul). All working group members receive schedule and agenda announcements, and all INCOSE members can view the event planning details on the working group web-site. Non-INCOSE members with interest may inquire at the address shown in the Leadership box.

Planned Presentations at the Next Annual Symposium

2020 Mid-Year Systems Security Engineering WG Virtual Workshop
    Repeated for international convenience
Thursday Aug-13, 8:00-10:00 New York US, 13:00-15:00 London, UK
Monday Aug-17, 15:00-17:00 Los Angeles, US, 08:00--10:00 Canberra, AU
Zoom Link Aug 13: https://incose-org.zoom.us/j/97758008866
Zoom Link Aug 17: https://incose-org.zoom.us/j/94817290211

Agenda:

00:00 Convene (times are relative to start times shown above)
  00:00  News and Working Group Overview – Rick Dove
  00:15  New Standards for Linking Cyber Risks with Assets – Robert Relf
  00:30  SSE & PLE WGs Joint INSIGHT Project and Security Symposium Project – Beth Wilson
  00:45  SEBoK/SSS-Symposium/IS20/Resilient-WG Projects – Keith Willett
  01:00  Standards project – Ken Kepchar
  01:15  Handbook Project – Perri Nejib and Dawn Beyer
  01:30  Security Project in the Future of Systems Engineering (FuSE) Initiative – Rick Dove
  01:45  Open Discussion
  02:00  Adjourn (or run a bit over)

Agenda updates at www.parshift.com/t/August-SecurityWG-Agenda.pptx