SATURN 2020

Software is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their missions are also increasing. Traditional cybersecurity approaches rely on addressing security risks during the operation and maintenance of software systems. However, the costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. It is more cost effective to address software security risks as early in the lifecycle as possible.

Software programs should start managing cybersecurity risk early in the system's software lifecycle (e.g., during the requirements, architecture, and design phases). A complicating factor is that most software-intensive systems are networked and must operate within system-of-systems (SoS) environments. While networking offers many operational efficiencies to a system’s stakeholders, it also expands a system’s cyber-risk profile. Cyber attacks with the potential for mission impact can target any system within an SoS environment, creating complex attack vectors that must be considered during cyber-risk analysis. Software-intensive systems must be designed and architected with the knowledge that they must function as intended in an increasingly contested, challenging, and interconnected cyber environment.

For several years, researchers from the CERT Division of Carnegie Mellon University’s Software Engineering Institute (SEI) have been investigating how to enable mission success in SoS environments. The product of this research is the Security Engineering Risk Analysis (SERA) Method, a scenario-based approach for analyzing complex cybersecurity risks early in the system's lifecycle to support development of mission-critical software systems. The SERA Method incorporates a variety of models that can be analyzed at any point in the lifecycle to (1) identify security threats and vulnerabilities and (2) construct security risk scenarios. An organization can then use those scenarios to focus its limited resources on controlling the most significant security risks.

This presentation will describe the SERA Method and provide real-world examples of applying the method to analyze architectural and design weaknesses in complex weapon systems that operate in SoS environments. Attendees will learn how learn the basics of applying the SERA method to identify potential architectural weaknesses that attackers might be able to exploit.