Search
Full Menu and site Navigation
A better world through a systems approach

Systems Security Engineering

Mission & Objectives

This working group’s mission is to provide Systems Engineers and Systems Engineering with effective means and methods for sustainable system functionality under advanced adversarial attack.

This working group believes that system engineering cannot succeed without accepting core responsibility for enabling and facilitating effective system security – partly in system requirements, partly in system trade space recognition, but mainly in system thinking applied to concepts of operations and systems architecture. Sustaining system functionality in the face of intelligent determined attack requires self preservation capabilities that adapt and evolve with equal intelligence, determination, and strength of community. This requires full system awareness and adaptability, and system-of-system relationships. Security engineering alone cannot accomplish this.

It is fitting for INCOSE to tackle Next Generation Security, as the issues are leading edge systems engineering issues: architecture, systems of systems, self organizing systems, security tradeoffs with human factors, systems thinking  – things that are typically high level integrated-system SE issues.

Current system security strategies are inadequate and cannot be fixed by security engineers alone. The reason is evident: attack communities operate as intelligent, multi-agent, self organizing, system-of-systems – with swarm intelligence, tight learning loops, fast evolution, and dedicated intent. With few exceptions, the systems being targeted are alone, senseless and defenseless – relying on outside benevolence for protection, whether this be separate security systems, laws and penalties, or perceived probabilities of being an overlooked target.

This working group's objectives are to instill systems engineering responsibility for sustainable systems functionality in the face of intelligent, determined, and highly competent system adversaries; to facilitate the assimilation and dispatch of that responsibility; and to Instigate self-sustaining cross- community involvement between systems engineers, security engineers, and system security standards..

Participants in this working group’s projects are developing vanguard critical understandings.

Intended Outcomes

  • Fundamental responsibility within systems engineering accepted and integrated.
  • ConOps of actionable next-generation security structures and strategies profiled.
  • Next-generation-enabling security concepts established in the relevant standards bodies.
  • Identification and publication of a relevant body of knowledge appropriate for the Systems Engineering Body of Knowledge (SEBoK).
  • Development and maintenance of appropriate contributions to the INCOSE Systems Engineering Handbook .
  • Socialization of work efforts with papers for INCOSE’s journal of Systems Engineering, papers and tutorials at the International Symposium, INSIGHT theme issues, and educational and tutorial Webinars.
  • Working alliances with other organizations concerned with secure sustainable systems.

Leadership

  • Chair: Rick Dove, Paradigm Shift International, dove@parshift.com
  • Co-Chair: Beth Wilson, Retired Raytheon
  • Co-Chair: Keith Willett, US DoD
  • Co-Chair: TBD, open position, contact Rick Dove with interest

Working Group Products

Webinars
- WG Webinar – Security Are Us, April 2014
- WG Webinar – Lockheed Martin Secure Engineering Assurance Model, June 2014
- WG Webinar – Introduction to the Systems Security Engineering WG, June 2014
- WG Webinar – Natural System Security Patterns, April 2015
- WG Webinar – What is System Security, March 2018

Products
- SEBoK maintenance – Systems Security Engineering
- Standards – Participating member of INCITS/CS1, INCOSE Approved TPP
- Standards – Review of NIST SP-800-160, INCOSE-TA-2014-001-01, 28-June-2014
- Standards – Review of NIST SP-800-160, INCOSE-TA-2014-001-02, 29-June-2016
- Standards – Review of NIST SP-800-160, INCOSE-TA-2014-001-03, 21-October-2016
- Standards – Review of NIST SP-800-160 v1 rev 1, 10-November-2021
- SE Handbook Section 3.6.4 Case Study, & Section 10.11 Systems Security Engineering – July 2015

Projects
– Handbook v5 Revision, POC: Perri Nejib
– SEBoK Systems Security Engineering, POC: Keith Willett
– SE Requirements Framework for Security, POC: Dawn Beyer, Perri Nejib
– Future of Systems Engineering Security Topic, POC: Rick Dove

INSIGHT Publications
- 2009-Q2, Theme Issue: The Interplay of Architecture, Security & SE
- 2011-Q2, Theme Issue: Systems of Systems & Self Organizing Security
- 2013-Q2, Theme Issue: The Buck Stops Here: SE’s Responsibility for System Security
- 2015-Q2, Article: Needed - Practitioner Attention to Systems Engineering Delivery of Sustainable Value
- 2016-Q2, Theme Issue: Agile Security – Joint project with Agile SE working group
- 2016-Q2, Article: Software and System Integrity Assessment
- 2016-Q2, Article: Cybersecurity & Critical Infrastructure – Are We Missing The Obvious?
- 2020-Q3, Theme Issue: Cyber Secure and Resilient Approaches with Feature-Based Product Line Engineering
 
Recent (only) Papers/Panels/Tutorials
- 2015 Panelist: NSA IAS conference, panel session on security architecture with INCOSE WG Rep
- IS15 Panelist: Have We SEed our Infrastructure for Cyber-Terroris
- IS15 Panel: SE Systems-Security Responsibility: How is this Accepted?
- IS15 Paper: Adaptive Knowledge Encoding for Agile Cybersecurity Operations
- IS15 Paper: Guidance for WG SEBoK Maintenance: With Security WG Example
- IS16 Paper:  On System Dynamics Modeling of Human-Intensive Workflow Improvement – Case Study in Cybersecurity Adaptive Knowledge Encoding
- IS17 Tutorial: Systems Security Engineering - Concepts and Overview
- IS17 Paper: Systems Security Engineering - What Every SE Needs to Know
- IS17 Paper: A Systematic Approach to Influencing System Security Standards
- IS20 Paper: Architecting the Future of System Security
- IS20 Paper; Contextually Aware Agile Security in the Future of Systems Engineering
- IS20 Paper: Social Contracts for Security Orchestration in the Future of Systems Engineering
- IS21 Paper: Security in the Future of Systems Engineering (FuSE) - a Roadmap of Foundation Concepts
- IS21 Paper: Security as a Functional Requirement in the Future of Systems Engineering

Collaborations
- CAB Security Priority
- FuSE Security Topic
- NDIA Systems Engineering Division, Systems Security Engineering Working Group
- NDIA Cyber Division
- INCOSE Resilient Systems Working Group
- INCOSE Critical Infrastructure Protection & Recovery Working Group
- INCOSE Product Line Engineering Working Group 
- INCOSE Requirements Working Group

Awards
INCOSE: 2013 Sustained Performance
INCOSE: 2016 Collaboration


Planned Working Sessions at the Next Events

This working group holds workshops every year at the two main INCOSE events: the International Workshop (usually Jan/Feb) and the International Symposium (usually Jun/Jul). All working group members receive schedule and agenda announcements, and all INCOSE members can view the event planning details on the working group web-site. Non-INCOSE members with interest may inquire at the address shown in the Leadership box.

Planned Presentations at the Next Events

The System Security Engineering WG will have two events at IW22: On Monday Jan 31 we will be reviewing 10 articles for the June INSIGHT Issue; on Tuesday Feb 1 we will have a 2-hour general meeting. Agendas for both events follow.

Systems Security Engineering INSIGHT Article Reviews
Theme: System Security in the Future of Systems Engineering (FuSE)
Monday January 31, 2022, 09:15-17:00 Pacific Standard Time (PST)
Room: Salon F
09:15  Rick Dove: Intro and Review Process Explained
09:30  Holly Dunlap: Cyber Supply Chain Risk Management a System Security Specialty in the FuSE
10:00  Break
10:30  Juan José López García, Daniel Pereira: An STPA MBSE Profile for Performing Security Risk Assessment
11:00  Roar Georgsen, Geir Køien: How Outsourcing Risk to the Supply Chain is Placing SSE on a Clay Foundation
11:30  Adriana D'Souza: Providing Truth, Trust, and Traceability to Modeling
12:00  Lunch
13:00  Matthew Hause: Problemeering vs Solutioneering - Prioritizing Stakeholder Needs Over Requirements
13:30  Adam Williams: Multilayered Network Models for Security: Enhancing System Security Engineering with Orchestration
14:00  Michael McEvilley, Mark Winstead: Functionally Interpreting Security
14:30  Aleksandra Scalco: Modeling Uncertainty of Agreement to Achieve Stakeholder Alignment
15:00  Break
15:30  Open discussion 
16:00  Anthony Adebonojo: Cybersecurity Benefits for Systems Engineers: A Personal Perspective
16:30  Making the Puzzle Pieces Fit – Utilizing UAF to model cybersecurity SOS
17:00 Adjourn

Systems Security Engineering General Meeting
Working Group and Projects Review
Tuesday February 1, 2022, 08:00-10:00 Pacific Standard Time (PST)
Room: Pier 9
08:00  News and Working Group Overview – Rick Dove
08:15  Status of NIST SP 800-160 vol 1 rev 1 – Mark Winstead
08:30  Cross Working Group Security & Resilience Project – Jimmie McEver
08:45  Space Vehicle Cybersecurity Risk Assessment – Bob Brouwers
09:00  Security in the Future of Systems Engineering (FuSE) – Rick Dove
09:30  Open Discussion
10:00  Adjourn