Uncovering Cascading Vulnerabilities in Model-Centric Acquisition Programs and Enterprises

Abstract

Digital engineering changes how systems are acquired and developed through the use of model-centric practices and toolsets. Enterprises face new challenges in this transformation, including potential for emergent vulnerabilities within digital engineering environments. While vulnerability analysis of products and systems is standard practice, examining vulnerabilities within the enterprise itself is less common. This research is responsive to the imperatives of the newly released DoD Digital Engineering Strategy that calls for enterprises to mitigate cyber risks and secure digital engineering environments against attacks from internal and external threats, mitigate known vulnerabilities that present high risk to DoD networks and data, and to mitigate risk posed by collaboration and access to vast amount of information in models. This paper presents progress on the ongoing research that focuses on uncovering cascading vulnerabilities as related to digital engineering practice and supporting environments, with special focus on cybersecurity-related vulnerabilities. The approach uses Cause-Effect Mapping (CEM) as a mechanism for better enabling program leaders to anticipate and respond to vulnerabilities within the enterprise. The current investigation is examining enterprise-level vulnerabilities and investigating potential interventions.