Conceptual Systems Security Requirements Analysis: Aerial Refueling Case Study
In today's highly interconnected and technology-reliant environment, cybersecurity is no longer limited to traditional computer systems and IT networks, as a number of highly publicized attacks have occurred against complex cyber-physical systems such as automobiles and airplanes. While numerous vulnerability analysis and architecture analysis approaches are in use, these approaches are often focused on realized systems with limited solution space. A more effective approach for understanding security and resiliency requirements early in the system development is needed. One such approach, systemtheoretic process analysis for security (STPA-Sec), addresses the cyber-physical security problem from a systems viewpoint at the conceptual stage when the solution trade-space is largest rather than merely examining components and adding protections during production, operation, or sustainment. This paper uniquely provides a detailed and independent evaluation of STPA-Sec's utility for eliciting, defining, and understanding security and resiliency requirements for a notional next generation aerial refueling platform.
Span, M., Mailloux, L. O., Mills, R. F., & Young, W. (2018). Conceptual Systems Security Requirements Analysis: Aerial Refueling Case Study. IEEE Access, 6, 46668–46682. https://doi.org/10.1109/ACCESS.2018.2865736