Cyberworthiness Evaluation and Management Toolkit (CEMT): A model-based approach to cyberworthiness assessments

  • Sitnikova, E. (Speaker)
  • Stuart Fowler (Speaker)
  • Keith F. Joiner (Speaker)

Activity: Talk or presentation typesInvited talk

Description

Cyberworthiness is an increasingly important component of complex systems development. Methodologies for demonstrating technical assurance over the cybersecurity attributes of mission critical systems and systems-of-systems are a key component of a comprehensive systems engineering process. This tutorial introduces and demonstrates the Cyberworthiness Evaluation and Management Toolkit (CEMT), which is an open-source SysML profile that simplifies the process of creating cyberworthiness assessments using commercial model-based systems engineering tools.

The CEMT focuses on providing transparent cyberworthiness risk assessments that facilitate a collaborative analysis amongst system stakeholders to ensure that decision makers can make mindful risk decisions, where their accountability is predicated on genuine understanding rather than a deference to opaque and unexplainable expert judgment. This is achieved using graphical modelling techniques that provide clear traceability between potential controls and the identified actions of threat actors in a manner that is consumable by stakeholders with varying levels of cybersecurity expertise. Particular focus is taken to ensure that the models developed using the toolkit are sustainable throughout the system lifecycle and have sufficient modularity and interoperability to ensure that the models can be integrated in a system-of-systems context.

The intended outcomes of this tutorial are to familiarise attendees with the use of model-based systems engineering (MBSE) techniques for cyberworthiness assessments, inform attendees of the existence of the CEMT and demonstrate how these can be leveraged to develop professional cybersecurity assessments that integrate with contemporary worthiness and technical assurance frameworks. Attendees will be provided with the tools to begin applying these techniques to their own complex systems development processes and will be equipped with the knowledge to contribute to the ongoing development and advancement of this critical cyberworthiness methodology.
Period12 Sep 2022
Event titleSystems Engineering & Test and Evaluation Conference: Pre-conference Workshop
Event typeWorkshop
Conference numberISBN number 978-1-925627-68-8
LocationCanberra, Australia, Australian Capital Territory
Degree of RecognitionInternational