Cybersecure Modular Open Architecture Software Systems for Stimulating Innovation

Thumbnail Image
Scacchi, Walt
Alspaugh, Thomas A.
Date of Issue
Monterey, California. Naval Postgraduate School
This research investigated a new approach to stimulate innovation in the acquisition, production and evolution of cybersecure modular OA software systems. These systems increasingly incorporate Web-based, mobile, or low-cost microelectronic devices. Systems of these kinds must combine best-of-breed software components subject to agile, adaptive requirements of multiple parties, while conforming to reusable software products lines. We seek to make this a simpler, more transparent, and more tractable process. Our recent and continuing line of research studies, publications and reports demonstrate how complex OA systems can be designed, built, and deployed with alternative components and connectors resulting in functionally similar system versions, to satisfy overall system capability requirements as well as individual OA system component intellectual property (IP) and cybersecurity requirements. These requirements are surfacing new challenges that can decrease (or increase) software acquisition costs. Our next step addressed here was to initiate investigations the use of smart contracts and associated technologies (e.g., cryptocurrency, domain-specific blockchain transaction languages and computational tools) for specifying shared agreements between multiple parties to acquisition efforts. We believe smart contracts can be computationally enacted during the design, integration, release, deployment, and evolution of cybersecure, modular open architecture software systems in ways that can model, track and analyze the associated contractual obligations and customer rights that drive costs and risks. Smart contracts incorporate computational specifications (i.e., computer programming script code) that enable formal and precise agreements between parties that can entail costing constraints, and production or cybersecurity requirements, that are associated with articulated OA system procurement obligations and rights. The associated technologies for smart contracts are emerging capabilities that enable computational protocols for tracking elemental transactions between multiple parties to a shared contractual agreement. Such agreements can arise, for example, when different commercial firms, non-profit enterprises, program offices, and government agencies decide to share acquisition costs and risks in order to more rapidly assemble, produce, deliver, or evolve innovative cybersecure modular OA software systems. Our research results are documented in this Final Report. Last, our research results have been well received in presentations to different audiences, including academic and industry research groups, the larger Defense community, and the Federal Government more broadly. In particular, throughout 2017 our research results have been presented to audiences at the 2017 Acquisition Research Symposium (Monterey, CA). Other project activities that produced material results include multiple presentations at the new Cybersecurity Policy & Research Institute based at the University of California, Irvine. These presentations have included senior level executives from more than 80 industry and local government agencies, including law enforcement programs now burdened with investigating cybercrimes that entail covert entry, data exfiltration, and extortion based on legacy systems. As can been seen in these chapters, common and differentiated research results found in the chapters represent our efforts at reaching out to different audiences interested in our research, and what advice or guidance it may offer to such audiences.
NPS Report Number
Naval Postgraduate School Acquisition Research Program
Distribution Statement
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.