Cyber Physical Systems Security, Hardware and Software Assurance

Leads: Dan DiMase and Jay Mendelbaum

Threats, vulnerabilities, and weaknesses in hardware and software will alter how the Parts Management and DMSMS community will fundamentally perform their jobs to address the growing threat on cyber security. Cyber Physical Systems Security (CPSS) is an emerging, critical field which includes system security engineering (SSE) and cross-functional engagement for ensuring quality, reliability, safety, security and resiliency of cyber physical systems over the life-cycle of these systems. Components Engineers and Software Engineers are additional stakeholders in the cross-functional CPSS discipline, providing subject matter expertise in Hardware Assurance (HwA) and Software Assurance (SwA). CPSS provides a holistic view to address risk-based security and assurance, in collaboration with stakeholders, such as Parts Management and the DMSMS community, to ensure the goals listed above over the entire lifecycle of the system. Without a risk-based systems engineering approach to CPSS, component parts, replacement parts and sustainment could contain weaknesses and vulnerabilities, such as backdoors or other potential exploits that can compromise mission assurance. Components and replacement components could be compromised, either deliberately or inadvertently that could lead to system and mission exploitation in integrity, availability, and confidentiality.

Possible topics include but are not limited to:

  • Efficacy and cost of threats and proposed mitigations
  • Advance and streamline the weakness and vulnerability knowledge base
  • Selection of components (software, hardware) taking HwA, SwA and CPSS into consideration
  • Address gaps in security specific to Software and Hardware Assurance (SwA/HwA)
  • Introduce cost-effective design, development, assessment, verification & validation, and screening methods
  • Conducting a DMSMS Business Case Analysis (BCA) on potential resolutions taking cybersecurity into account
  • Development of monitoring plans of functional obsolescence attributed to cybersecurity
  • DMSMS technology refresh plans, taking cybersecurity into account
  • Identify best practices for addressing different domains of consideration, including but not limit to:
    • software assurance & application security
    • hardware assurance
    • electronic & physical security
    • information protection, sharing & reporting
    • data and information security
    • anti-counterfeit & cyber-supply chain risk management
    • life cycle support & DMSMS
    • prognostics, forensics & recovery plans
    • anti-malicious & anti-tamper
    • traceability and tracking
    • asset management & access control
    • incident management
  • Measurable characteristics across the lifecycle, including:
    • data generation and collection
    • risk assessment and risk management
    • metrics for trust, resilience, and assurance
    • assurance mitigations
    • analytics and modeling
    • provenance and traceability
    • immutable recording

Critical Deadlines

Abstract Submission Aug 31
Abstract Notification late Dec
Final Presentation Submitted Feb 14