Systems engineering is the branch of engineering concerned with the development of large and complex systems, where a system is understood to be an assembly or combination of interrelated elements or parts working together toward a common objective. Past experience has shown that formal systems engineering methodologies have not always been successfully applied to large and complex cybersecurity systems. These complex systems have become commonplace when applying cyberstrategies in cybersecurity operations. The ability to build, operate and maintain such systems is crucial to the effectiveness of cybersecurity operations. Most importantly, a cyberstrategy program must surround these systems on a global scale across multiple inter-related platforms. In this chapter, the authors demonstrate why a systems engineering approach is best suited for large and complex information systems used in cybersecurity, as well as the overall cyberstrategies that must also reside over these systems.
TopBasic Concepts Of Systems Engineering, Cybersecurity, And Interoperability
Systems Engineering. Systems Engineering is defined as an interdisciplinary process that ensures that the customer's needs are satisfied throughout a system's iterative life cycle (seeFigure 1). When the system under consideration is something manufactured, like a computer, then its system life cycle usually has seven phases: (1) requirements development, (2) concept development, (3) full-scale engineering design and development, (4) manufacturing and deployment, (5) system integration and test, (6) operation, maintenance and modification, and (7) retirement, disposal or replacement. The system life cycle is different for different industries, products and customers (Chapman, Bahill and Wymore, 1992; Wymore, 1993; Kerzner, 1995; Shishko, 1995). However, even when a system life cycle is defined within the manufacturing process, the authors still question why requirements development comes before concept development (Figure 1). Concept development is the high-level process of determining and understanding customer needs. Without understanding what the customer wants in the first place, it becomes very difficult to discover system requirements. With apologies to Chapman, Bahill, Wymore, Kerzner, Shishko and other developers of the systems engineering process, there still remains a good argument as to why concept development should come first. Some authors refer to phase 2 as preliminary design rather than concept development. Perhaps this terminology is a better description of what actually happens at this stage of system development, while the task of ‘concept’ development is more closely aligned with phase 1.
Figure 1.
The Iterative Systems Engineering Process from A. T. Bahill and B. Gissing, Re-evaluating systems engineering concepts using systems thinking, IEEE Transaction on Systems, Man and Cybernetics, Part C: Applications and Reviews, 28 (4), 516-527, 1998.
The systems engineering process includes, but is not limited to: understanding customer needs, discovering system requirements, defining performance and cost measures, prescribing tests, validating requirements, conducting design reviews, exploring alternative concepts, sensitivity analyses, functional decomposition, system modeling, system design, designing and managing interfaces, system integration, total system test, configuration management, risk management, reliability analysis, total quality management, project management, and documentation. Very briefly, each of these processes are explained as follows: