WIXLIB

3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015Integrating Systems Engineering, Cyber Securityand Cyber T&E through MBSEApplying the Digital Engineering StrategyAbstract: 21488 Barry NoL PapkeMagic Inc. Allen, Texas, U.S. bpapke@3ds.com1Michael G. Lilienthal Ph.D, CTEPEWA Government Systems, Inc.571-238-4532MLilienthal@ewa.com

3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015We Should be Motivated - Increasing Cyber Threat with anIncreasing Attack creasedAutomationIncreasedDataExchangesThe need to be able to deliver robust, securesystems will only increase.2

Security Cylinders of Excellence3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015Process Outputs3SystemsEngineering Process OutputsSecurityEngineeringToday, each discipline: Has well established processes and methods SE - Model Based System Architecture and System Design SecE - NIST Risk Management Framework / ATO process CT&E – Cyber Table Top Exercises and Cyber Test Ranges Is at different levels of Model Based/Digital Engineering maturity Operates differently within each program phase Is experiencing advancements in methods and/or toolsCyber T&E

The Systems Engineering PerspectiveContinuing migration from spreadsheets, Visio and PowerPoint to Model BasedSystems Engineering. Modeling tools have significantly advanced.3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015 Processes and methods continue to evolve: Enterprise Architecture Frameworks Modeling Languages AnalysisC4ISR AFV1.0 June1996C4ISR AFV2.0December1997ISR Dataand Synthesis CapabilitiesDODAF V 1.0August 2003Any InformationDODAF V 2.0May 2009DODAF V 1.5April 2007Net-Centric ConceptsAny Operational Work Flow2.01.0201342017

A Related DES Success Story – R&M and FMEASpreadsheet BasedIn 2017, a new group consisting of both industry and academia formedat the OMG to define a new standard profile for UML that addressessafety and reliability aspects of a system.3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015For safety, the RFP calls for support for each of the following domains:5Vendor Specific Implementation Aerospace (DO-178C (RTCA 2012a) and DO-331 (RTCA2012b)), Automotive (ISO 26262 (ISO 2011)), Medical (IEC 62304, IEC 60601-1, and ISO 14971 (IEC 2015a,2015b; ISO 2007)) Railway (EN 50128 (CEN 2012)) domains.For Reliability, the RFP requires support for two analysis techniques: Fault Tree Analysis (FTA) (IEC 61025) Failure Mode and Effects Analysis (FMEA) (IEC 60812) andFMECA (IEC 2006a)The RFP includes model element stereotype definitions for the Profile:

Safety and Reliability Profile With the Safety and Reliability Profile, FMEA data is integrated with the system3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015elements within the architecture.6 The failure elements and modes themselves can be analyzed for taxonomy,frequency, etc. Mitigation can be tracked and unmitigated failure modes can also be tracked andassessed for cost/risk.

The Security Engineering Perspective Security Engineering performs analysis of the system in support of obtaining a Authority toOperate IAW NIST Risk Management Framework:3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015 7 Categorize SystemSelect ControlsImplement ControlsAssess ControlsAuthorize SystemMonitor ControlsThrough the features of SysML, Security Engineers have extended the R&M FMECAprofile to support NIST RMF assessment:

The Cyber T&E Perspective3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015 The Cyber T&E community hasadopted a process called Cyber TableTop Exercises (CTT) to mitigate risk offailure during Cyber OT&E: 4phase low cost, intellectually intensiveassessment process Introduces and explores mission effects ofoffensive cyber operations Helps estimate “Mission Risk” to thesystem, systems of systems or family ofsystemsAdversary or OPFOR Team LeadAttack MethodWhite Team LeadAttack Type 1 Variant 1Possible OutcomeAttack Type 1Attack ResultAssumptionsWhen in the MissionTimelineOperational Blue Team LeadsMission ImpactMission ConsequenceAttack Type 1 Variant 2System / Subsystem 1System / Subsystem 2System / Subsystem 1System / Subsystem 3System / Subsystem 2System / Subsystem 3System / Subsystem 1System / Subsystem 2AttackType 2System / Subsystem 1System / Subsystem 3System / Subsystem 2System / Subsystem 3Starting point to bake in cyber resiliency with new systemsIdentify priorities to improve cyber resiliency of legacy systems88Attack GoalWhite Team LeadAttack Cost / Level ofEffortAttack Success LikelihoodAttack Type 1 Variant 3Attack Type 2 Variant 1System Test LeadsSystem's Information Assurance & Cyber SecurityAttack Type 2 Variant 2MechanismsIn AttackPlaceTypeTodayPlanned for the Future2 Variant 3Recommendations

Wargame Flow: Focus on Threat Mission3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015Operational Team:Mission Planning9Operational Team: Briefmission executionCombined Team: OPFORMission Order #1 - #NOPFOR Team:Review Reconnaissance Data &attack surfaceOPFOR Team: BriefCyber Kill Chainopportunities

3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015AT&L Risk ManagementFramework (RMF) Process Get Authority to Operate (ATO)certificationDOT&E Cybersecurity T&E Process Assesshow the mission can be degraded ordisrupted by exploiting system vulnerabilitiesIs my blood work normal? How many ways can I breakin and kill your mission?10

3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015CTT Inputs and Outputs Map to the SE and RMFProcesses11

Post Wargame Analysis The output of the CTT is a Cyber FMEA.3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015 However: TheCyber Test Community is not integrated into the Digital Engineering Environment Their Noproducts are spreadsheets tossed over the fence to “systems engineering.”traceability to the rest of the system architecture.Opposing Force Team LeadAttack MethodAttack GoalAssumptionsWhen in the Mission TimelineAttack Type 1 Variant 1Attack Type 1Attack Type 1 Variant 2Attack Type 1 Variant 3Attack Type 2 Variant 1Attack Type 2Attack Type 2 Variant 2Attack Type 2 Variant 3Leadership Team LeadPossible OutcomeOperational Team LeadsAttack ResultMission ImpactMission ConsequenceSystem / Subsystem 1System / Subsystem 2System / Subsystem 1System / Subsystem 3System / Subsystem 2System / Subsystem 3Leadership Team LeadSystem / Subsystem 1System / Subsystem 2System / Subsystem 1System / Subsystem 3System / Subsystem 2System / Subsystem 312Attack Cost / Level of EffortAttack Success LikelihoodSystem Test LeadsSystem's Information Assurance & Cyber SecurityMechanismsIn Place TodayPlanned for the FutureRecommendations

Digital Engineering Strategy Goals3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015Formalize the development, integration, and use of models toinform enterprise and program decision making Plan and useProvide an enduring, authoritative source of truth Digital Technical Baseline Controlled over the System LifecycleIncorporate technological innovation to improve the engineeringpractice End-to-End Digital EnterpriseEstablish a supporting infrastructure and environments to performactivities, collaborate, and communicate across stakeholders Tools and ProcessesTransform the culture and workforce to adopt and support digitalengineering across the lifecycle Culture Change and Training13

3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015Goal 1 - Plan for Modeling and Exchange of Data14What data is sharedacross organizationaland processboundaries?What form will it take?Who will produce it?

3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015Goal 2 – Provide the enduring, authoritative sourceof truth.15SystemsEngineeringCONOPSTechnical BaselineRisk and VulnerabilitiesSecurity MitigationsEngineeringCyber T&E

3. Incorporate technological innovation toimprove the engineering practiceExploit existing modelingand tool capabilities.Opposing Force Team LeadAttack MethodAttack GoalAssumptionsWhen in the Mission TimelineAttack Type 1 Variant 13DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015Attack Type 116Attack Type 1 Variant 2Attack Type 1 Variant 3Attack Type 2 Variant 1Attack Type 2Attack Type 2 Variant 2Attack Type 2 Variant 3Leadership Team LeadPossible OutcomeOperational Team LeadsAttack ResultMission ImpactMission ConsequenceSystem / Subsystem 1System / Subsystem 2System / Subsystem 1System / Subsystem 3System / Subsystem 2System / Subsystem 3Leadership Team LeadSystem / Subsystem 1System / Subsystem 2System / Subsystem 1System / Subsystem 3System / Subsystem 2System / Subsystem 3Identifyrequirementsfor new toolcapabilities.Attack Cost / Level of EffortAttack Success LikelihoodSystem Test LeadsSystem's Information Assurance & Cyber SecurityMechanismsIn Place TodayPlanned for the FutureRecommendations

3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 201517Goal 4 - Establish a supporting infrastructureand environments to perform activities,collaborate, and communicate acrossstakeholders. Understand the workflow and theformat and content of eachengineering data exchange. Maximize digital accessby the enduser. Exploit custom reporting features andexport capabilities to bridge the gap tonon-model users.

3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015Goal 5 - Transform the culture and workforce toadopt and support digital engineering across thelifecycle18 Identify non-digital engineering processes and integrate into the digitalenvironment: Addor modify tool features to support new processes Adjustnew processes to match existing tool capabilitiesOpposing Force Team LeadAttack MethodAttack GoalAssumptionsWhen in the Mission TimelineAttack Type 1 Variant 1Attack Type 1Attack Type 1 Variant 2Attack Type 1 Variant 3Attack Type 2 Variant 1Attack Type 2Attack Type 2 Variant 2Attack Type 2 Variant 3Leadership Team LeadPossible OutcomeOperational Team LeadsAttack ResultMission ImpactMission ConsequenceSystem / Subsystem 1System / Subsystem 2System / Subsystem 1System / Subsystem 3System / Subsystem 2System / Subsystem 3Leadership Team LeadSystem / Subsystem 1System / Subsystem 2System / Subsystem 1System / Subsystem 3System / Subsystem 2System / Subsystem 3Attack Cost / Level of EffortAttack Success LikelihoodSystem Test LeadsSystem's Information Assurance & Cyber SecurityMechanismsIn Place TodayPlanned for the FutureRecommendations

3DS.COM Dassault Systèmes Confidential Information 12/20/2018 ref.: 3DS Document 2015An Integrated Engineering CONOPS for CyberCritical SystemsSystemEngineeringSecurityEngineeringCyber T&E19 Recognition of Enterprise Architecture as the a fundamental element of Cyber Critical System Design Application of established patterns and frameworks or Cyber Protection and Cyber Resilience Development of views and viewpoints to support and integrate Security Engineering and Cyber T&E into theSE lifecycle. Inclusion of security features as part of core system functionality Adoption of Model Based Engineering practices Application of Security/Cyber FMEA methods for definition and analysis of RMF controls and mitigations Participation in the Architecture Development process Support definition of Integrated Security Functionality Participation in SE Planning to ensure Cyber T&E activities are included. Integration into the Digital Engineering Environment for access to data and integration of results back intothe digital baseline.