Threats, weaknesses, and vulnerabilities across the system’s life cycle, including hardware and software, will alter how the parts management and DMSMS community will fundamentally perform their jobs to address the growing threat on cyber security. The longer that a fielded system is operational, the more likely that new weaknesses and vulnerabilities will apply, which should be of particular concern to the DMSMS community. Cyber Physical Systems Security (CPSS) is an emerging, critical field which includes system security engineering (SSE), program protection, cybersecurity, and technology protection. Components engineers and software engineers are additional stakeholders in the cross-functional CPSS discipline, providing subject matter expertise in hardware assurance (HwA) and software assurance (SwA) across the components’ life cycles. Cross-functional engagement is critical for ensuring quality, reliability, safety, security, and resiliency of cyber physical systems over the lifecycle of these systems.

CPSS provides a holistic view to address risk-based security and assurance, in collaboration with stakeholders, such as parts management and the DMSMS community, to ensure the goals listed above over the entire life cycle of the system and its component parts. Without a risk-based systems engineering approach to CPSS, component parts, replacement parts and sustainment could contain weaknesses and vulnerabilities, such as backdoors or other potential exploits that can compromise mission assurance. Components and replacement components could be compromised, either deliberately or inadvertently, that could lead to system and mission exploitation in integrity, availability, and confidentiality.

Possible topics include, but are not limited to:

• Likelihood and consequences of threats, and the efficacy and cost of proposed mitigations
• Advance and streamline the weakness and vulnerability knowledge base
• Selection of components (software, hardware), taking HwA, SwA, and CPSS into consideration
• Address gaps in security specific to SwA and HwA
• Introduce cost-effective design, development, assessment, verification and validation, and screening methods
• Conducting a DMSMS business case analysis (BCA) on potential resolutions, taking cybersecurity into account
• Development of monitoring plans of functional obsolescence attributed to cybersecurity
• DMSMS technology refresh plans, taking cybersecurity into account
• Best practices for analysis in determining threats and potential mitigations, and how they may change over time
• Best practices for interactions between relevant stakeholder communities, such as intelligence, parts management, maintenance, program protection, cybersecurity, and system security engineering
• Identify best practices for addressing different domains of consideration, including but not limited to:
• Software assurance and application security
• Hardware assurance
• Electronic and physical security
• Information protection, sharing, and reporting
• Data and information security
• Anti-counterfeit and cyber-supply chain risk management
• Life cycle support and DMSMS
• Prognostics, forensics, and recovery plans
• Anti-malicious and anti-tamper
• Traceability and tracking
• Asset management and access control
• Incident management
• Measurable characteristics across the lifecycle, including:
• Data generation and collection
• Risk assessment and risk management
• Metrics for trust, resilience, and assurance
• Assurance mitigations
• Analytics and modeling
• Provenance and traceability
• Immutable recording