can system readiness level (srl) support an understanding ... · applicationstatemanager 4.80 4.80...
TRANSCRIPT
Can System Readiness Level (SRL) Support an Understanding of Cyber Development Costs? SRL – System Readiness Level Ron Townsen General Dynamics Mission Systems
OMG’s Cybersecurity Workshop, December 6, 2016
What is SRL? System Readiness Level SRL[nxn] = TRL[n]xIRL[nxn]/nc ◦ TRL is Technology Readiness Level (a 1
dimensional matrix) ◦ IRL is the Inter-connection Readiness
Level (a symmetric 2 dimensional matrix of the interconnection of Technologies) ◦ “nc” is a normalization constant
Effort is based on paper published in International Journal of Defense Acquisition Management (Vol. 1 2008)
“A Systems Approach to Expanding the Technology Readiness Level within Defnese Acquisition” by Brian Sauser, Jose Ramires-
Marquez, Romulo Magnaye, Weiping Tan
Current efforts for Army PM UAS General Dynamics Mission Systems has automated the computation
for monitoring SRL. The tools are being exercised on the development of a Product Line of UAV Controllers for Army PM UAS using two (2) scripts: ◦ Script 1
Process makes use of IMS to feed and compute current TRL values for each Software/Hardware and Cyber Security Analysis during development.
Data is registered in DoDAF Model tags ◦ Script 2
Utilizes the TRL values tagged in the DoDAF Model The indicated interconnections between Software/Hardware/Cyber to build the IRL
matrix Computes for a given Product in the Product Line, SRL Computes based on defined Domains and Sub-Domains, overall Product Line SRL
Data Run takes approximately 30 minutes to update and re-compute Supports monitoring of all Software and Hardware
Products/Processes (both commercially purchased as well as developed in-house or by 3rd parties.
Supports Cyber Analysis on a Product by Product basis
OMG’s Cybersecurity Workshop, December 6, 2016
Example IMS Capture Input Task Name Text3 Text2 Text1 Text4 % Complete Next Generation PM UAS Product Line Kickoff 0%
Build 1 - RiskReduction Kickoff 0% Build 2 - Kickoff 0% Build 3 - Kickoff 0% Build 4 - Kickoff 0% Build 5 - Kickoff 0% Spiral 1- DEMO Infrastructure Risk Reduction 0%
PRR 0% Finalization Efforts 0% Mobil PMUAS GCS Controller 0% Program Documents 0% Build 0 - Risk Reduction 0% Architecture 0% SubContractor Support Work 0% Team Training 0% Systems Engineering 0% Safety 0% SRS 0% CF SRS 0% CIS A1 17 F a;.8; 0% Initialization Service A1 16 F a;.8; 0% AMS A1 2 F a;.8; 0% OMS A1 3 F a;.8; 0% Time A1 4 F a;.8; 0% Alert Service A1 5 F a;.8; 0% TSS A1 6 F a;.8; 0%
Intermediate Tracking Workbook Security Functional Area
Name Module Components DAL Integration Build FACE
Domain SRS Data Model Top Level
Design Detail Design Coded
Unit Tested
Functional Testing
System Integ
Systems Integration
Testing Field Testing &
Certification Deployed in
Field
Security SolidCore A 0;A PSSS 100.00% 100.00% 100.00% 100.00% 100.00% 100.00% 100.00% 0%
DDS Security DDS Monitor 0;A 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0%
Security Monitor 0;A 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0%
COMMS Cyber Manager 0;A 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0%
SIEM 0;A 100.00% 100.00% 100.00% 100.00% 100.00% 100.00% 100.00%
Tracker Sheets in Workbook UCS/Other Full Name a: a- App Send Message Sent by non-UApp Applications b: b- Mesg Rec Message Received by non-UApp Applications c: c- UApp Send Message Sent by UApp Applications d: d- UApp Rcv Msg Message Received by UApp Applications A: A- Infra Infrastructure A1: A1-CFS CF Services A2: A2-CFM CF Managers A3: A3-DataModels Data Models A4: A4-Security Security A5: A5-CSw Commercial Software B: B- Display Display B1: B1- DApp Display Applications B2: B2- UApp User Applications C: C- EMC External Messaging & Communications
IMS Capture DoDAF Model
Compute TRL
Intermediate Tracking Workbook
DoDAF Model Tagging
Example of Linking Analysis with Hardware/Software
Mobil GCS Cyber SecurityAnalysis
CommsCyberSecurityMonitoring
«satisfy»
OperatorLoggin
«satisfy»
SecuringMiddlewareSoftware
«satisfy»
SecurityLogging«satisfy»
SIEM«satisfy»
SoftwareWhiteListing
«satisfy»
SystemDisableManager
«satisfy»
SecurityTag Manager
«satisfy»
OMG’s Cybersecurity Workshop, December 6, 2016
Current Date & Time: Tue 2016.10.11 at 12:06:47 PM EDT SRL TRL_Min:(min/max/avg) 0.020408 0.415309 0.226692
205 SRL TRL_Max:(min/max/avg) 0.020408 0.415309 0.226887
SRL TRL_Avg:(min/max/avg) 0.020408 0.415309 0.226837
TRL Min TRL Max TRL Avg ApplicationStateManager
OperationalModeManager LoggingManager
WarningCautionAlertManager
NavigationCoordinationManager
LocalEquipmentManager
VoiceDataRecording
DataRecordingManager
SecurityTag Manager
ConfigurationManager
ApplicationStateManager 4.80 4.80 4.80 ApplicationStateManager 5 0 0 0 0 0 0 0 0 0
OperationalModeManager 4.80 4.80 4.80 OperationalModeManager 0 5 0 0 0 0 0 0 0 0
LoggingManager 4.80 4.80 4.80 LoggingManager 0 0 5 0 0 0 0 0 0 0
WarningCautionAlertManager 4.80 4.80 4.80 WarningCautionAlertManager 0 0 0 5 0 0 0 0 0 0
NavigationCoordinationManager 4.80 4.80 4.80 NavigationCoordinationManager 0 0 0 0 5 0 0 0 0 0
LocalEquipmentManager 4.80 4.80 4.80 LocalEquipmentManager 0 0 0 0 0 5 0 0 0 0
VoiceDataRecording 4.80 4.80 4.80 VoiceDataRecording 0 0 0 0 0 0 5 5 0 0
DataRecordingManager 4.80 4.80 4.80 DataRecordingManager 0 0 0 0 0 0 5 5 0 0
SecurityTag Manager 4.80 4.80 4.80 SecurityTag Manager 0 0 0 0 0 0 0 0 5 0
ConfigurationManager 4.80 4.80 4.80 ConfigurationManager 0 0 0 0 0 0 0 0 0 5
SoftwareWhiteListing 5.80 5.80 5.80 SoftwareWhiteListing 0 0 0 0 0 0 0 0 0 0
SecuringMiddlewareSoftware 4.80 4.80 4.80 SecuringMiddlewareSoftware 0 0 0 0 0 0 0 0 0 0
CommsCyberSecurityMonitoring 4.80 4.80 4.80 CommsCyberSecurityMonitoring 0 0 0 0 0 0 0 0 0 0
SecurityLogging 4.80 4.80 4.80 SecurityLogging 0 0 0 0 0 0 0 0 0 0 SIEM 5.80 5.80 5.80 SIEM 0 0 0 0 0 0 0 0 0 0
Mobil GCS Cyber Security Analysis 1.29 1.29 1.29 Mobil GCS Cyber Security Analysis 0 0 0 0 0 0 0 0 0 0
OperatorLoggin 5.80 5.80 5.80 OperatorLoggin 0 0 0 0 0 0 0 0 0 0
SystemDisableManager 5.80 5.80 5.80 SystemDisableManager 0 0 0 0 0 0 0 0 0 0
RealTimeOperatingSystem 5.80 5.80 5.80 RealTimeOperatingSystem 0 0 0 0 0 0 0 0 0 0
DDS_SecurityMiddleware 5.80 5.80 5.80 DDS_SecurityMiddleware 0 0 0 0 0 0 0 0 0 0
POSIX_Library 5.80 5.80 5.80 POSIX_Library 0 0 0 0 0 0 0 0 0 0
OfficeProducts 5.80 5.80 5.80 OfficeProducts 0 0 0 0 0 0 0 0 0 0 VOIP 5.80 5.80 5.80 VOIP 0 0 0 0 0 0 0 0 0 0
Non_RealTime_OperatingSystems 5.80 5.80 5.80
Non_RealTime_OperatingSystems 0 0 0 0 0 0 0 0 0 0
VM_Software 5.80 5.80 5.80 VM_Software 0 0 0 0 0 0 0 0 0 0 ARINC661 5.80 5.80 5.80 ARINC661 0 0 0 0 0 0 0 0 0 0
Example IRL Two Dimensional Matrix
DoDAF Tagged
Information
Build Computational SRL Workbook with TRL
and IRL Data
SRL Results
Example SRL Tracking Graphic
SRL Data can be tracked against Time, $ Expenditures… OMG’s Cybersecurity Workshop, December 6, 2016
Cyber Monitoring SRL One TRL Entry is for System Cyber
Analysis based on process steps: ◦ State of Cybersecurity Architecture (% Complete)
◦ Modeling of Cybersecurity Architecture (% Complete)
◦ Threat Modeling Development (% Complete)
◦ STIG Analysis (% Complete)
◦ Basic RMF Analysis (% Complete)
◦ Completion of RMF Analysis (% Complete)
This is mapped in DoDAF Model against Related Software and Hardware parts of the Architecture (for IRL values)
OMG’s Cybersecurity Workshop, December 6, 2016
Cyber SRL Tracking We can isolate in the computation, the
Hardware/Software that has inter-connection to the Cyber Analysis through connections formed in the DoDAF.
The use of SRL can support Technical vs. Cost tracking and Gaming to predict best path forward. ◦ What Is the best place to spend money to
advance Technical Cyber Related SRL?
OMG’s Cybersecurity Workshop, December 6, 2016
DoDAF, Threat Modeling, SRL A living DoDAF combined with an
Evolving Threat Model allows understanding of how the Architecture changes can answer Threats.
Using the SRL computations, we can better understand where funding needs to be spent to obtain Technically deployable systems.
SRL is NOT a standalone answer, it is another tool that combined with current/evolving tools helps to give us better understandings.
OMG’s Cybersecurity Workshop, December 6, 2016