Cyber Security Requirements Methodology

This report addresses the DoD/Army/SERC-sponsored, UVA-led 9 month research effort to develop a methodology for establishing cyber security requirements at the preliminary design phase of new physical systems programs. The requirements addressed include the integration of cyber attack defense and resilience solutions, as well as security-related software engineering solutions. Referred to as Cyber Security Requirements Methodology (CSRM), the developed process includes six sequential steps conducted by three teams (an operationally focused team, a cybersecurity focused team and a systems engineering team). Model-based engineering tools were utilized to support each of the steps. A trial weapon system use case was conducted to gain an initial evaluation of the methodology. The use case system, referred to as Silverfish, was hypothetical, but deemed as a reasonable representation of a possible weapon system. Results of the trial were promising and point to a number of possible paths for follow-on research including implementing the methodology on a real system and building the necessary tools to scale up the methodology to a real system.