Keywords: system of systems engineering, SoSE, information assurance, vulnerabilities, securability, security capability analysis
Securability for system of systems
As the Department of Defense (DoD) pursues methods within the systems engineering process to combat potential information assurance (IA) vulnerabilities, a new paradigm is required. This paper introduces the concept of securability as a new ility to be considered within the systems life cycle. Alongside the traditional system ilities (i.e., reliability, maintainability, supportability, etc.), securability will establish a standardised, measurable and rigorous approach to ensuring a system meets its mission objectives in a secure manner. DoD systems security capability analysis continues to mature today with the improvement of information assurance controls (DoD 8500 and NIST 800–53), but it is still conducted in a non–standard ad hoc fashion in various phases of the systems life cycle. This paper provides a foundation for the concept of securability which will focus on the technical performance measures of a systems' security from the beginning stages (e.g., concept development) to the end point (e.g., retirement and disposal). The time has come to establish securability as an integral part of the design and operational criteria for systems and the larger more vexing systems of systems through a formal and rigorous engineering approach instead of the current external and ad hoc approach.