NASA Aeronautics Research Mission Directorate System Security Engineering Approaches

System security engineering (SSE) is a set of formal engineering methods and is considered a subset of systems engineering. It is a relatively new development in systems engineering with the initial NIST (National Institute of Standards) standard published in November of 2016 with updates in 2018, and 2022. The guiding principles in our methodology are based in NIST Special Publication 800-160 Vol. 1 “Systems Security Engineering: Considerations For A Multidisciplinary Approach In The Engineering Of Trustworthy Secure Systems” and integrate methodologies from common IT (Information Technology) threat modeling approaches utilizing MBSE (Model-Based Systems Engineering).

The presentation will discuss how our teams utilize SSE and MBSE (Model-Based Systems Engineering) to develop secure architectures for systems under development in our NASA aeronautics research environment. This includes the activities to develop Protection Needs (PN) that, in turn result in security requirements in the design context and policies for the future state operational context for system protection. The process of applying SSE to analyze project architectures and ConOps (Concept of Operations) is intended to ensure the transferred research is both secure and securable in a “real-world” setting.