Protecting Information with Cybersecurity

Virtually every system today confronts the cybersecurity threat, and the system architect must have the ability to integrate security features and functions as integral elements of a system. In this chapter, we survey this large, complex, and rapidly evolving subject with the goal of giving the reader a level of understanding that will enable incorporation of cybersecurity within an MBSE process and effective interaction with security experts. We begin by introducing the subject and describing the primary aspects of the current cybersecurity environment. We define fundamental terminology and concepts used in the cybersecurity community, and we describe the basic steps to include cybersecurity risk in an overall risk management process, which is a central SE responsibility. We then list some of the primary sources of information, guidance, and standards upon which a systems engineer can and should draw. Next, we summarize the major aspects of incorporating security controls in a system architecture and design to achieve an acceptable level of security risk for a system. We extend this to the increasingly important world of service-oriented, network-based, and distributed systems. We conclude with a brief presentation of the application of MBSAP to the specific issues of cybersecurity and summarize the characteristics of a Secure Software Development Life Cycle aimed at creating software with minimum flaws and vulnerabilities. We illustrate the application of cybersecurity principles and practices using the Smart Microgrid example. Chapter Objective: the reader will be able to apply the MBSAP methodology to systems and enterprises that require protection of sensitive data and processes against the growing cybersecurity threat and to work effectively with cybersecurity specialists to achieve effective secure system solutions.