Security risk assessment in systems of systems.

Abstract

A System of Systems (SoS) is a set of independent systems that interoperate to achieve capabilities that none of the separate systems can achieve independently. The component systems may be independently operated or managed, and this may cause control problems. An area of particular concern is managing security of the large complex system that is the SoS, because development and operation of component systems may be done independently. Security vulnerabilities may arise at the SoS level that are not present or cannot be determined at the component system level. Security design and management processes typically operate only at component system level. Within this thesis, the problem of security risk assessment at the SoS level is examined by identifying factors specific to SoSs, formulating a framework through which it can be managed, and creating a process with visualisation to support risk managers and security experts in making assessment of security risks for a SoS. Humans must be considered as part of the SoS and feature in risks associated with security. A broadly qualitative methodology has been adopted using interviews, case studies, and a scenario method in which prototype framework elements were tested. Two SoS examples, including the Afghan Mission Network (AMN) as a SoS, and a SmartPowerchair SoS were used to identify, combine, and apply relevant elements in a SoS context towards addressing the research problem. For the AMN, this included interviews and focus groups with stakeholders experienced in NATO security, risk, and network-based roles. Whereas, the SmartPowerchair SoS was based on interviews and on-going communication with a single stakeholder representative as the owner and user of the SoS. Based on the findings, OASoSIS has been developed as a framework combining the use of OCTAVE Allegro and CAIRIS to model and assess Information Security risk in the SoS context. The process for applying OASoSIS is detailed within the thesis. The first contribution of OASoSIS introduces a SoS characterisation process to support a SoS security risk assessment. The second contribution modifies a version of the OCTAVE Allegro Information Security risk assessment process to align with the SoS context. Risk data captured during a first-stage assessment then provides input for a third contribution that integrates concepts, models, and techniques with tool-support from CAIRIS to model the SoS information security risks. Two case studies relating to a Military Medical Evacuation SoS and a Canadian Emergency Response SoS were used to apply and validate the contributions. These were validated through input from expert Military Medical stakeholders experienced in NATO operations, and key Emergency Response SoS stakeholders with further input from an expert Emergency Management stakeholder. To further strengthen the validity of the end-to-end application of OASoSIS in future work, it would benefit from being implemented within the SoS design process for other SoS scenarios.