Tutorials

Fundamentals of Systems Analysis in the New Millennium

Instructor: Peter Whitehead

Affiliation: MITRE Corporation, USA

Abstract: I am motivated by the many SysCon sessions that I have attended where I have seen a strong reliance on tool and checklist based approaches to systems engineering. In practice, too many systems engineers take a tool-based approach where they start with a tool such as SysML or system dynamics and then try to apply it to the problem at hand. This tutorial will provide a foundation in systems analysis, trace the history of systems analysis to the iChing, and consider how a tool-agnostic approach can improve results. The tutorial would cover basic concepts and involve 3 case studies. These cases studies facilitate hands-on experience with a system that is familiar to the students, yet one that they are unlikely to have considered systemically. I use the book How to do Systems Analysis, Primer and Casebook, by Gibson, et al. Copies would be required for the tutorial attendees. The objectives of the course are: Provide a brief history of systemic thinking and some of the modern concepts such as information economics Introduce an objectives-driven approach to analyzing any system Explain the advantages of a tool-agnostic approach versus the checklist, systematic approaches so popular in systems engineering education and training as promoted by INCOSE and others Encourage the students to look at systems with new eyes, in ways that foster innovation Apply that cognitive paradigm to three sample systems Discuss the case study results in the group Inspire the students to learn more about the concept.

System Security Engineering Tutorial

Instructor: Logan Mailloux

Affiliation: Air Force Institute of Technology & United States Air Force, USA

Abstract: This tutorial provides a detailed introduction to System Security Engineering (SSE), a specialty domain of systems engineering responsible for identifying and managing security vulnerabilities through the application of SSE processes, activities, and tasks. An approach to SSE is presented which focuses on integrating security throughout the entire system life cycle based on the recently released NIST Special Publication 800-160 (November 2016). Participants will be taught the basic concepts of SSE with a focus on the applicability of NIST's SSE processes, activities, and tasks for different types of systems. Additionally, the application of design and architectural security principles will be discussed. This tutorial is applicable to those interested in further understanding the intersection of security and systems engineering.

Security-Informed System Safety Engineering

Instructor: Jeffrey Joyce

Affiliation: Critical Systems Lab Inc., Canada

Abstract: This is a proposal for a tutorial to be presented in two 3-hour sessions at the 12th Annual IEEE International Systems Conference. MOTIVATION: Understanding how a cybersecurity attack could impact safety is an urgent priority across a variety of advanced technology domains including aerospace, autonomous and remotely operated vehicles, mass rapid transit, maritime, industrial robotics, defence, critical infrastructure, "smart" buildings, health information systems and medical devices. Increasing automation, remote operation, cloud-based computing and the inter-connection of "smart" systems are among the technology trends that potentially heighten exposure to cybersecurity threats. Conventional IT measures for information security centered on equipment level mitigations such as firewalls and encryption are unlikely to be a complete solution for the protection of safety-critical systems. Such measures need to be complemented by strategies, processes and techniques that focus on top-down systems-of-system understanding of how cybersecurity threats impact safety. International engineering standards such as RTCA DO-326A (aerospace) and SAE J3061 (automotive) and other forms of guidance published within the last five years aim to help ensure that the potential safety impact of cyber threats is properly addressed by organizational processes. However, a limiting factor for many organizations is the lack of qualified personnel who have the knowledge and skills to cross between the traditionally separate disciplines of safety and cybersecurity. FORMAT AND STRUTURE: The tutorial will consist of lecture-style presentations supplemented by several interactive sessions designed to reinforce key concepts through short group exercises. Session 1 (3 hours): 1. Review of conventional system/software safety methodology and cyber security methodology 2. Survey of relevant standards and guidelines across aerospace, automotive and other industries including RTCA DO-326A and SAE J3061 3. Introduction to a generic safety / cyber security engineering process 4. Identifying security scope Session 2 (3 hours): 1. Combined safety / cyber security analysis techniques 2. Security risk assessments methods 3. Interaction of safety requirements with cybersecurity requirements 4. Extending Safety V&V to take account of cybersecurity vulnerabilities 5. Assurance cases for safety-critical Systems with cybersecurity vulnerabilities This tutorial is a condensed version of a 3-day training course. The presenter(s) are highly experience in both the subject matter and the presentation of complex technical concepts to professional audiences. EXPECTED OUTCOMES: From this training, participants can: 1. learn how cyber-security threats can increase the risk associated with known safety-related hazards 2. become familiar with existing standards and published guidance 3. gain an understanding of a how an existing safety process can be extended to include consideration of cyber-security threats 4. learn about specialized techniques to support the analysis and verification of safety critical systems that have cybersecurity vulnerabilities 5. develop an understanding of how to create and maintain a security-informed assurance case for a safety critical system. The value of this training for employers includes: 1. identifying causes of safety risk that result from security vulnerabilities that might otherwise be overlooked as potential causes of safety risk 2. identifying conflicts between safety mitigations and security requirements and design mitigations that could result in costly changes and delays if not discovered until late in development 3. avoiding wasteful duplication of effort, e.g., safety engineers searching for security vulnerabilities that are already known to the security specialists 4. allocating resources more effectively to mitigate security risks 5. gaining a competitive business advantage in a world marketplace that is increasingly concerned about cybersecurity threats.

ISO 26262 Functional Safety for ADAS and Autonomous Vehicles

Instructor: Jeffrey Joyce

Affiliation: Critical Systems Lab Inc., Canada

Abstract: This is a proposal for a tutorial to be presented in two 3-hour sessions at the 12th Annual IEEE International Systems Conference. MOTIVATION: The conservative concepts, principles and methods that have widely governed the development of safety-critical software are often seen to "get in the way" of the innovative, risk-taking spirit that drives exciting advances in technology, including the emergence of autonomous vehicles, connected cars and related innovations. This seminar considers how consumer's thirst for innovation must be reconciled with society's expectations of safety. Automakers and their Tier 1 suppliers must ensure that the rapid development of software-intensive technologies for automobiles and other road vehicles is accompanied by appropriate measures to address functional safety risk. ISO 26262 is an international standard for functional safety of electrical and/or electronic systems in production automobiles that is broadly accepted across the automotive industry as the basis for addressing functional safety. Many startups based in Silicon Valley and other innovation "hotspots" have travelled with great expectations to Detroit and other traditional centers of automotive engineering with offerings of new technology based on Artificial Intelligence (AI) or other innovations. They are often met with questions about deterministic behavior, diverse redundancy, freedom from interference, control flow monitoring, graceful degradation and other concepts, principles and methods of safety-critical software development. The tutorial is primarily intended for innovators, engineers and other individuals with an interest in understanding how to give innovative software-intensive technology for the automotive industry a competitive advantage by being "ISO 26262 ready" and more generally, developing confidence that adequate steps have been taken to manage residual risk associated with their technology. FORMAT AND STRUCTURE: The tutorial will consist of lecture-style presentations supplemented by several interactive sessions designed to reinforce key concepts through short group exercises. Session 1 (3 hours) 1. Basic concepts, principles and methods of functional safety 2. Introduction to ISO 26262 3. Development of Functional Safety Concept as per ISO 26262 Part 3 4. "System Element out of Context" and other special topics Session 2 (3 hours) 1. System and software aspects of functional safety as per ISO 26262 Parts 4 and 6 2. ASIL Decomposition and other strategies for managing the "cost" of safety 3. Verification and Safety Validation 4. Safety Cases 5. Taking into account cybersecurity threats with references to SAE J3061 In addition to having served on the ISO working group that developed ISO 26262, the presenter is highly experienced in both the subject matter and the presentation of complex technical concepts to professional audiences. EXPECTED OUTCOMES: From this training, participants can: 1. Become familiar with the basic concepts, principles and methods of developing safety-critical software-intensive systems. 2. Gain an understanding of the purpose, scope and structure of ISO 26262. 3. Learn about strategies for achieving compliance with ISO 26262 in an environment designed to support innovation. The value of this training for employers includes: 1. Being prepared to address challenging questions about the suitability of a product for use in a safety-critical application by prospective investors, customers and other stakeholders. 2. Having a "roadmap" for establishing confidence in the safety of a product.