Assessing Vulnerabilities in Model-Centric Acquisition Programs: Phase 2
Loading...
Authors
Rhodes, Donna H.
Reid, Jack
Subjects
Advisors
Date of Issue
2019-08-01
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
en_US
Abstract
Digital transformation changes how systems are acquired and developed
through model-centric acquisition approaches and digital engineering practices and
toolsets. Enterprises face new challenges in this transformation, including emergent
vulnerabilities within digital engineering environments. While vulnerability analysis of
products and systems is standard practice, examining vulnerabilities within the
enterprise itself is less common. This report presents findings and results of a second
phase of research on uncovering cascading vulnerabilities as related to digital
engineering practice and supporting environments, taking a special focus on
cybersecurity-related vulnerabilities. The approach applies Cause-Effect Mapping (CEM) in vulnerability assessment
as a means to better enable program leaders to anticipate and respond to
vulnerabilities within the enterprise. With CEM, vulnerabilities are described using
causal chains, where an external trigger initiates cascading intermediary events that
leads to a terminal event. Interventions can be applied to break the causal chain in
appropriate places.
Type
Technical Report
Description
Series/Report No
Acquisition Research Sponsored Report Series
Department
Organization
Acquisition Research Program (ARP)
Identifiers
NPS Report Number
MIT-AM-19-194
Sponsors
Naval Postgraduate School Acquisition Research Program
Funder
HQ0034-18-1-0013
Format
65 p.
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.