An actionable framework for system of systems and mission area security engineering

This paper describes an actionable engineering framework for security engineering of a system of systems (SoS). The framework is envisioned as a tool for assessing security risks to critical missions based on the contributing systems and SoS supporting them. An SoS security risk framework is needed to manage the problem of identifying the key elements of risk to SoS missions. The issue is the complexity resulting from the large number of potential logical paths through an SoS that could represent a security risk. Managing this problem then enables the application of security specific analyses to the SoS elements that have been identified as critical. The framework draws on the foundational elements of SoS SE, particularly an understanding of the SoS components, interdependencies and dynamics. The results of the analysis support investment decisions about the constituents of a SoS. The framework is a bridge between the operational and acquisition/engineering communities. While the focus of this framework is on acquisition and engineering materiel solutions, it also accommodates the consideration of non-materiel solutions.