Analysis of Systems Security Engineering Design Principles for the Development of Secure and Resilient Systems

The increasing prevalence of cyber-attacks highlights the need for improved systems security analysis and engineering in safety-critical and mission-essential systems. Moreover, the engineering challenge of developing secure and resilient systems that meet specified constraints of cost, schedule, and performance is progressively difficult given the trend toward increasing complexity, interrelated systems-of-systems. This paper analyzes the 18 design principles presented in the National Institute of Standards and Technology Special Publication (NIST SP) 800-160 Volume 1 and considers their applicability for the development of secure and resilient systems of interest. The purpose of this work is to better understand how these design principles can be consistently and effectively employed to meet stakeholder defined security and resiliency needs as part of a comprehensive systems security engineering approach. Specifically, this work uses the Design Structure Matrix (DSM) analysis to study the 18 design principles presented in NIST SP 800-160 Vol. 1, Appendix F, along with their intra- and inter-dependencies to develop complex cyber-physical systems that are secure, trustworthy, and resilient. The DSM analysis results increase understanding of the various relationships between the 18 design principles and identifies two clusters for secure systems design: Architecture and Trust. Lastly, this work provides a notional command and control system case study, along with a detailed listing of engineering considerations, to demonstrate how these principles and their groupings can be systematically applied as part of a comprehensive approach for developing cyber-physical systems which are designed to operate in hostile environments.