Systems Engineering for Mission Assurance
Definition: Mission Assurance (MA) is the ability of operators to achieve their mission, continue critical processes, and protect people and assets in the face of internal and external attack (both physical and cyber), unforeseen environmental or operational changes, and system malfunctions. Systems engineering for mission assurance is the art of engineering into systems: (1) the capabilities for operators to be aware of different and changing adversarial strategies as well as environmental and system conditions, (2) options and alternatives to accomplish a mission under different circumstances, (3) tools to assess and balance advantages and risks of available response options and alternatives, and (4) the ability to transition to a selected option while simultaneously continuing the mission. Systems engineering for mission assurance extends throughout the entire traditional acquisition life cycle, from concept development through deployment and beyond, to include supply chain considerations and field operations.
Keywords: assurance, attack, cyber, dependability, information, mission, operational, quality, resilience, risk, success, supply, threat
MITRE SE Roles & Expectations: MITRE systems engineers (SEs) are expected to be conversant in mission operations, advanced persistent threats, unforeseen environmental changes, and system malfunctions that can cause missions to fail. They are expected to be familiar with the basic principles for building and operating systems that can sufficiently fight or operate through these obstacles. They should be knowledgeable in the effects that the mission/operators are attempting to achieve and the various options and alternatives that systems or combinations of systems can provide to achieve these effects. MITRE SEs need to understand methods for determining vulnerabilities, countermeasures, and residual risks to mission accomplishment based on available system options and alternatives. They are expected to be able to effectively convey these methods and the results of applying them to system stakeholders and decision makers. MITRE SEs are expected to recommend requirements, strategies, and solutions for mission assurance capabilities, including consideration of technical and operational dimensions across all phases of the system life cycle, from concept development through deployment and operations. They are expected to encourage and facilitate active participation of end users and other stakeholders in developing capabilities that will ensure mission success. They are expected to monitor and evaluate contractor mission assurance technical efforts and recommend changes when warranted. MITRE SEs are also expected to keep abreast of the evolving discipline of systems engineering for mission assurance.
The concept of engineering a system that can withstand purposeful or accidental failure or environmental changes has a long history in the discipline of designing systems for survivability. In the Cold War era, designing for survivability meant nuclear hardening of command centers, creating alternate command centers, engineering electronic countermeasures into communications and sensor systems, building redundant backup components, and engineering fallback modes of operation and switchover capabilities among them. More recently, the notion of engineering for mission assurance has been extended to ensuring the ability to effectively operate at the "tactical edge" in an environment with limited, austere, or intermittent communications, by selecting from a variety of communications options in the event that primary means become inoperable. Designing communications systems for survivability meant redundant communications links and factoring in potential adversary actions such as electronic warfare. Although all these are still needed in the Internet era, engineering systems for mission assurance has been further expanded to include engineering for information assurance and cyber security.
In recent years, cyber threats have become the predominant focus of mission assurance. Some worry that such intense focus on "all things cyber" risks losing sight of other dimensions of mission assurance. Others see a tension or conflict between mission assurance's "get the operational job done" ideal of achieving 100 percent mission success every time and the security-focused aims of information assurance, which could at times constrain aspects of operations in order to protect data and systems. Yet others are concerned that the acquisition community does not have a sufficiently mature mission assurance culture or mindset and that we are not yet sufficiently attuned to mission assurance as an "implicit requirement" that needs to be considered for all systems, whether or not it is explicitly demanded.
When we engineer for mission assurance, what essential attribute are we seeking to "engineer in"? Is it robustness, resilience, dependability, risk management, security, agility, flexibility, or adaptability? Is it one of them, some of them, or all of them? What are the tradeoffs and how are they determined? Who is the decision maker—the operator, the overseer, or the accreditor and what role should each play in the decision-making process? What does "systems engineering for mission assurance" look like? The reality is that we don't yet have a complete answer. But we do have partial answers, and we are continuously evolving our understanding and practice of it every day. What we do know is that, taken together, the various dimensions of mission assurance pose some of the most difficult challenges in engineering systems today.
The working definition of "systems engineering for mission assurance" in this guide is rooted in the insight that operational users of military systems are almost always willing to accept some level of risk in accomplishing their missions. It is in the nature of their profession, but to do that, they need the tools to understand the risks they are accepting and the ability to assess and balance available options and alternatives. This suggests that "systems engineering for mission assurance" is the art of engineering systems with options and alternatives to accomplish a mission under different circumstances and the capability to assess, understand, and balance the associated risks. Options and alternatives will likely take the form of a blend of technical and operational elements, which requires systems engineer to have an intimate understanding of the technical details and limitations of the system, the doctrine and operations of the user, and the environmental conditions and threats that will or may be encountered.
Articles Under This Topic
The articles under this topic are focused on what we know today about systems engineering for mission assurance. It is a rapidly evolving field, so check back often for updates and additional material.
Cyber Mission Assurance structures the cyber response discussion around the notion of a system architecture that is resilient in the face of different levels of cyber threat. The article focuses on near-term actions, rooted in actual experience, to begin evolving architectures that reduce their attack surface and are more secure, resilient, understandable, agile, and manageable.
The next three articles step through the elements of the mission assurance engineering (MAE) process. Crown Jewels Analysis (CJA) is a methodology that helps identify the cyber assets most critical to mission accomplishment—the "crown jewels" of a crown jewel analysis—and that begins during system development and continues through deployment. Cyber Threat Susceptibility Assessment (TSA) helps understand the threats and associated risks to those assets. Cyber Risk Remediation Analysis (RRA) is used to identify and select mitigation measures to prevent or fight through cyber-attacks.
Secure Code Review provides an overview of the specialized task of automatically or manually reviewing security-related weaknesses of an application's source code to understand what classes of security issues are present. The goal of a secure code review is to arm the systems engineer and code developer with information to make an application's source code more sound and secure.
Supply Chain Risk Management discusses the threats to and vulnerabilities of commercially acquired information and communications technologies that government information and weapon systems use. It discusses how to minimize the risk to systems and their components from sources that are not trusted or identifiable, or that provide inferior materials or parts.
References & Resources
- MITRE Digest, May 2010, "Mission Not Impossible," The MITRE Corporation.
- Guerro, S. B., and W. F. Toseny, eds., The Aerospace Corporation, 2007, Mission Assurance Guide, TOR-2007(8546)-6018 REV. A.
- National Defense Industrial Association (NDIA) System Assurance Committee, 2008, Engineering for System Assurance, Arlington, VA.
- Gupta, Rahul, 2006, The Need for Mission Assurance, PRTM.