Forum: Innovations in Systems Security Engineering

Chair: Charles Payne

Abstract:

The Systems Security Engineer (SSE) builds the bridge from software assurance to system assurance. What makes for effective system assurance, and why is it different from software assurance? This forum will examine these questions in the context of two recent innovations in systems security engineering.

First, Mr. Michael McEvilley will present the newly created NIST guidance, Special Publication 800-160, Systems Security Engineering: Considerations for a Multi-Disciplinary Approach in the Engineering of Trustworthy Secure Systems, and what it addresses in terms of the role, relationship, and responsibility of systems engineering, and the perspective of security and system. This discussion differs from typical security conversations due to its system-oriented focus.

Presentation

Next, Dr. William Young will present a new security analysis approach for improving mission assurance and security engineering based on systems theory.  He will also discuss how the approach can be used to assess security risk in existing missions and related systems. Building on the foundation of the STAMP (Systems-Theoretic Accident Model and Processes) causality model (Leveson, 2011), the Systems-Theoretic Process Analysis for Security, or STPA-Sec, changes the SSE’s emphasis from preventing attacks to enforcing behavioral security constraints through selection, design and enforcement of controls. STPA-Sec also provides a means to introduce security engineering in the concept stage of the engineering process where changes are most effective and can be conducted at the cheapest cost.  Dr. Young will describe the STPA-Sec and its application in several projects and highlight lessons learned.

Presentation

This forum will explore questions like the following:

• What factors contribute directly to system assurance? What factors should the SSE look for while assessing the overall risk to the system, its mission, and its organization?
• How does our perspective of the problem influence the choice of factors?

About the Speakers:

Michael A. McEvilley is a Principal Computer Scientist in the Systems
Engineering Technical Center at The MITRE Corporation. He supports the
DoD for acquisition of trustworthy secure and resilient weapons systems
and the associated Program Protection.  Michael has over 35 years’
experience in high confidence software-intensive systems and
requirements engineering.  He served in the USAF as officer-in-charge of
computer operations for a tactical intelligence unit, worked in industry
developing software for the Aegis Weapons System and for Command and
Control (C2) of worldwide military airlift operations.  With the MITRE
Corporation, he has supported several DoD programs with focus on
requirements analysis, and system design assurance for safety- and
security-critical aspects of ground, surface, subsurface, and air
weapons platforms. Michael is co-author of NIST SP 800-160 Systems
Security Engineering: Considerations for a Multidisciplinary Approach in
the Engineering of Trustworthy Secure Systems.

Dr. William E. Young, Jr. is a Colonel in the USAF and currently commands the 53^rd Electronic Warfare Group within the 53d Wing at Eglin AFB, Fl.  The 53^rd Electronic Warfare Group operates several laboratories responsible for creating and distributing mission data software for  USAF aircraft.  Prior to taking command, Bill served as the initial Director of the Air Force’s new Cyber College and led Air University’s Cyberspace / Electronic Warfare Research Task Force.  Bill earned his PhD from the Engineering Systems Division at Massachusetts Institute of Technology’s School of Engineering.  While at MIT, he was a member of the Systems Engineering Research Lab.  Bill also worked as a military fellow at MIT Lincoln Laboratory in the Cyber System Assessments Group.  Bill’s research focuses on applying system-theoretic approaches to improve systems engineering, operational design, red teaming, and campaign-level mission assurance in cyberspace.  Bill developed and taught new security analysis methodologies for the US Defense Department including Cyber Protection Teams from the Army, Air Force, and Navy.

Bill commissioned in 1991 after graduating from the United States Air Force Academy.  He earned his wings from Specialized Undergraduate Navigator Training (SUNT).  Bill is a Distinguished Graduate of the US Air Force Weapons School and is a 2006 graduate of the USAF School of Advanced Air and Space Studies (SAASS).  He is also a former Air Force Intern with rotations in the Office of the Secretary of Defense, Air Force Operations Group, and the Air Force CHECKMATE Division.  Bill is an Instructor Electronic Warfare Officer with more than 2,400 flying hours in the EA-6B and B-52.  In addition to a PhD in Engineering Systems, Bill possesses a Bachelor of Science degree in Engineering Science and four Masters Degrees.

References:

Leveson, N. G. (2011). Engineering a Safer World. The MIT Press.