Risk Assessment For Large Heterogeneous Systems

J. W. Freeman, T. C. Darr & R. B. Neely

This paper describes a security risk assessment process for large, heterogeneous systems of systems, such as C4I or weapon systems. Based on the authors' experience on projects of varying complexity and size, the paper identifies elements of a security risk assessment process that is timely, complete, consistent, cost effective, and understandable by management authorities, which form an effective assessment process.

The paper discusses limitations of subsystem level-only assessments. For example, potential security events may be overlooked or may not be given adequate consideration in such an approach. Such oversights may stem from an attack that does not appear overly risky from an individual component view, but when aggregated across the system yields a significantly larger risk than might be calculated by determining individual subsystem risk values.

The paper discusses the benefits of a top-down, or system-wide approach, including efficient and effective allocation of risk assessment resources (often scarce) at the subsystem level during development and implementation. It also discusses benefits that it provides to decision makers in terms of understandability of results, and for providing the best available data on which to base an approval to operate decision.