Document

Article Brief

As exemplified in the 2010 Stuxnet attack on an Iranian nuclear facility, attackers have the capabilities to
embed infections in equipment that is employed in nuclear power systems. In this paper, a new systems
engineering focused approach for mitigating such risks is described. This approach involves the develop-ment of a security architectural formulation that integrates a set of reusable security services as an
architectural solution that is an embedded component of the system to be protected. The System-Aware
architectural approach embeds security components into the system to be protected. The architecture
includes services that (1) collect and assess real-time security relevant measurements from the system
being protected, (2) perform security analysis on those measurements, and (3) execute system security
control actions as required. This architectural formulation results in a defense that is referred to as
System-Aware Cyber Security. This includes (1) the integration of a diverse set of dynamically interchange-able redundant subsystems involving hardware and software components provided from multiple ven-dors to significantly increase the difficulty for adversaries by avoiding a monoculture environment, (2) the
development of subsystems that are capable of rapidly changing their attack surface through hardware
and software reconfiguration (configuration hopping) in response to perceived threats, (3) data consis-tency checking services (e.g., intelligent voting mechanisms) for isolating faults and permitting moving
surface control actions to avoid operations in a compromised configuration, and (4) forensic analysis
techniques for rapid post-attack categorization of whether a given fault is more likely the result of an
infected embedded hardware or software component (i.e.,cyber attack) or a natural failure. In this paper
we present these key elements of the System-Aware Cyber Security architecture and show, including an
application example, how they can be integrated to mitigate the risks of insider and supply chain attacks.
In addition, this paper outlines an initial vision for a security analysis framework to compare alternative
System-Aware security architectures. Finally, we summarize future research that is necessary to facilitate
implementation across additional domains critical to the nation’s interest. © 2012 Wiley Periodicals, Inc.
Syst Eng 15: 225–240, 2012