Assessing Vulnerabilities in Model-Centric Acquisition Programs Using Cause-Effect Mapping

Abstract

Acquisition programs increasingly use model-centric approaches, generating and using digital assets throughout the lifecycle. Recent research supports new model-centric practices, yet in spite of sound practices there are uncertainties that may impact programs over time. The emergent uncertainties (policy change, budget cuts, disruptive technologies, threats, changing demographics, etc.) and related programmatic decisions (e.g., staff cuts, reduced training hours) may lead to cascading vulnerabilities within model-centric acquisition programs, potentially jeopardizing program success. The research objectives included: (1) investigate uncertainties and related decisions that may lead to potential vulnerabilities in model-centric acquisition programs; (2) generate a CEM model for aiding program managers in detecting and assessing vulnerabilities related to the program's model-centric practices and environment; and (3) define a step-wise process for applying the generic model in assessing and mitigating model-centric vulnerabilities. This research seeks to provide program managers with the means to identify model-centric program vulnerabilities and determine where interventions can most effectively be taken. The technical approach for the research began with literature review and gathering results of past research studies of relevance, including studies of model-centric environments and transformations from traditional to model-centric engineering paradigm (sometimes referred to as the digital engineering paradigm), recent workshop findings, and related work on vulnerability assessment that may have implications for this work. Cause-Effect Mapping, a technique developed at MIT, was employed to examine cascading effects between emerging uncertainties and terminal outcomes. Using the results, a CEM was generated and used for discussion with subject matter experts, and information on uncertainties and leading indicators was collected. Analysis was performed to consider the cascading vulnerabilities and potential intervention options. The results were used to refine the CEM and analytic approach to develop a generic model for vulnerability assessment of model-centric programs. Usability of the resulting model was tested with selected research stakeholders. Several analytic approaches were investigated. This research aims to contribute a useful approach for assessing, detecting and mitigating vulnerabilities in acquisition programs, specifically related to the use of model-centric practices and environments. The approach is compatible with existing DoD vulnerability assessment practices and frameworks. Research results are empirically-grounded vulnerabilities of model-centric programs, a Reference CEM for identifying vulnerabilities and interventions, and a step-wise process that program managers can apply on their programs using the CEM to assess, prioritize, and mitigate model-centric vulnerabilities.