A Systems Approach for Eliciting Mission-Centric Security Requirements
This addresses security as a safety problem for cyber-physical systems, offering a strategic method to identify and mitigate vulnerabilities critical to mission success, though it appears incremental in adapting existing models.
The paper tackles the problem of cyber-physical system security by proposing a systems-theoretic analysis approach that integrates stakeholder perspectives with a modified STAMP model to enhance safety, resilience, and security, as demonstrated in a UAV reconnaissance mission example.
The security of cyber-physical systems is first and foremost a safety problem, yet it is typically handled as a traditional security problem, which means that solutions are based on defending against threats and are often implemented too late. This approach neglects to take into consideration the context in which the system is intended to operate, thus system safety may be compromised. This paper presents a systems-theoretic analysis approach that combines stakeholder perspectives with a modified version of Systems-Theoretic Accident Model and Process (STAMP) that allows decision-makers to strategically enhance the safety, resilience, and security of a cyber-physical system against potential threats. This methodology allows the capture of vital mission-specific information in a model, which then allows analysts to identify and mitigate vulnerabilities in the locations most critical to mission success. We present an overview of the general approach followed by a real example using an unmanned aerial vehicle conducting a reconnaissance mission.