Assessing Cyber-Worthiness of Complex System Capabilities using MBSE: A
new rigorous engineering methodology
- Stuart Fowler ,
- Keith Joiner ,
- Elena Sitnikova
Abstract
Cyber-worthiness as it is termed in Australian Defence, or
cyber-maturity more broadly, is a necessary feature of modern complex
systems which are required to operate in a hostile cyber environment. To
evaluate the cyber-worthiness of complex systems, an assessment
methodology is required to examine a complex system's or
system-of-system's vulnerability to and risk of cyber-attacks that can
compromise such systems. This assessment methodology should address the
cyber-attack surface and threat kill chains, including supply chains and
supporting infrastructure. A cyber-worthiness capability assessment
methodology has been developed based on model-based systems engineering
concepts to analyse the cyber-worthiness of complex systems and present
a risk assessment of various cyber threats to the complex system. This
methodology incorporates modelling and simulation methods that provide
organisations greater visibility and consistency across diverse systems,
especially to drive cybersecurity controls, investment and operational
decisions involving aggregated systems. In this paper, the developed
methodology will be presented in detail and hypothesised outcomes will
be discussed.