SERC Security Research Workshop: Requirements for a Systems Engineering Security Roadmap

Security tools and techniques have emerged over time in response to new threats and risks to enterprise assets, yet they have typically been bolt-on solutions. As the number and complexity of different types of security threats and risks have grown, systems security measures have grown correspondingly complex, and it is becoming increasingly unaffordable to simply provide a plethora of point defenses. Systems engineers must address a broad set of threats which would degrade or eliminate systems capabilities, and the solutions are selected in a trade-space that includes cost, performance, and quality attributes in addition to security. It is not possible to fully assess how the sum of all point defenses truly protects the enterprise, nor is it possible to fully comprehend the consequences of a security breach. It has become clear that providing targeted countermeasures is no longer a viable approach. The systems engineer’s response to these threats should be to more closely integrate security in the systems engineering process, to holistically identify the target level of 'system' (system is euphemism for a system, system of systems, and collective net-centric set of services) secur [more...]