Advertisement

Towards Educational Guidelines for the Security Systems Engineer

  • Suné von Solms
  • Annlizé Marnewick
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 531)

Abstract

Industry 4.0 will impact the systems engineering landscape and cybersecurity in the future. The education needs of system engineers working in these environments will change as the system landscape adapt to the Industry 4.0 changes. This research aims to explore the impact of Industry 4.0 on systems engineering and security requirements which must be catered for in future in this changing Industry 4.0 landscape. Although it is not certain yet how the landscape will change, this research starts to explore what the potential education needs could be for system engineers to understand all future cybersecurity requirements. The results of this research indicate that security requirements engineering will be needed in the first requirements stage of the systems development life cycle. Secondly, a new set of expert engineering skills will be required to identify future threats and vulnerabilities which could impact the system landscape. These results can be used as a guideline to start thinking how system engineers should be educated for the future.

Keywords

Engineering education Security Security requirements engineering Industry 4.0 Systems engineering 

References

  1. 1.
    Kiel, A.: What do we know about “Industry 4.0” so far? In: Proceedings of the International Association for Management of Technology (IAMOT 2017) (2017)Google Scholar
  2. 2.
    Hermann, M., Pentek, T., Otto, B.: Design principles for Industrie 4.0 scenarios. In: 49th Hawaii International Conference on System Sciences (HICSS), pp. 3928–3937 (2016)Google Scholar
  3. 3.
    Waslo, R., Lewis, T., Hajj, R., Carton, R.: Industry 4.0 and cybersecurity: managing risk in an age of connected production. Deloitte University Press (2017). https://www2.deloitte.com/insights/us/en/focus/industry-4-0/cybersecurity-managing-risk-in-age-of-connected-production.html. Accessed 18 Apr 2018
  4. 4.
    Motyl, B., Baronio, G., Uberti, S., Speranza, D., Filippi, S.: How will change the future engineers’ skills in the Industry 4.0 framework? A questionnaire survey. Procedia Manuf. 11, 1501–1509 (2017)CrossRefGoogle Scholar
  5. 5.
    Dove, R., Bayuk, J., Wilson, B., Kepchar, K.: INCOSE System Security Engineering Working Group Charter (2016). https://www.incose.org/docs/default-source/wgcharters/systems-security-engineering.pdf?sfvrsn=cc0eb2c6_8. Accessed 21 Apr 2018
  6. 6.
    Kim, Y.: Activities of security engineering in system development life cycle: security engineer’s view. Presented at the 14th International Conference on Applications of Computer Engineering (ACE 2015), Seoul, South Korea, 5–7 September 2015Google Scholar
  7. 7.
    Shreyas, D.: Software Engineering for Security: Towards Architecting Secure Software (2001). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.3.4064&rep=rep1&type=pdf. Accessed 05 May 2018
  8. 8.
    Haridas, N.: Software Engineering – Security as a Process in the SDLC. SANS Institute InfoSec Reading Room (2007)Google Scholar
  9. 9.
    Morgan, S.: IBM’s CEO on Hackers: Cyber Crime is the Greatest Threat to Every Company in the World (2015). https://www.forbes.com/sites/stevemorgan/2015/11/24/ibms-ceo-on-hackers-cyber-crime-is-the-greatest-threat-to-every-company-in-the-world/#1baf053373f0. Accessed 21 May 2018
  10. 10.
    Tamura, E.: Hewlett Packard Enterprise Leads Transformation of Cyber Defense with “Build it In” and “Stop it Now” (2016). http://www8.hp.com/us/en/hp-news/press-release.html?id=2184147#.WtlU5S6uyUl. Accessed 21 May 2018
  11. 11.
    Newhouse, W., Keith, S., Scribner, B., Witte, G.: National Initiative for Cybersecurity Education (NICE) cybersecurity workforce framework. In: Special Publication 800-181, NIST 2017 (2017)Google Scholar
  12. 12.
    Kissel, R.L., Stine, K.M., Scholl, M.A., Rossman, H., Fahlsing, J., Gulick, J.: Security considerations in the system development life cycle. In: NIST Special Publication 800-64, NIST 2018 (2018)Google Scholar
  13. 13.
    Dawson, M., Burrell, D., Rahim, E., Brewster, S.: Integrating software assurance into the Software Development Life Cycle (SDLC). J. Inf. Syst. Technol. Plan. 3(6), 49–53 (2010)Google Scholar
  14. 14.
    Mailloux, L.O., Garrison, C., Dove, R., Biondo, R.C.: Guidance for working group maintenance of the Systems Engineering Body of Knowledge (SEBoK) with systems security engineering example. In: INCOSE International Symposium, vol. 25, no. 1, pp. 1004–1019 (2015)CrossRefGoogle Scholar
  15. 15.
    Salini, P., Kanmani, S.: Survey and analysis on security requirements engineering. Comput. Electr. Eng. 38(6), 1785–1797 (2012)CrossRefGoogle Scholar
  16. 16.
    Evans, S., Heinbuch, D., Kyle, E., Piorkowski, J., Wallner, J.: Risk-based systems security engineering: stopping attacks with intention. IEEE Secur. Priv. 2(6), 59–62 (2004)CrossRefGoogle Scholar
  17. 17.
    ISO, ISO/IEC/IEEE International Standard - Systems and software engineering – System life cycle processes. ISO/IEC/IEEE 15288 First edition 2015–05–15, pp. 1–118 (2015)Google Scholar
  18. 18.
    Parnell, G.S., Driscoll, P.J., Henderson, D.: Decision Making in Systems Engineering and Management. Systems Engineering and Management, p. 497. Wiley, Hoboken (2011)Google Scholar
  19. 19.
    Sage, A.P., Rouse, W.: Handbook of Systems Engineering and Management. Wiley Series in Systems Engineering and Management. Wiley, Chicester (2009)Google Scholar
  20. 20.
    Walden, D.D., Roedler, G.J., Forsberg, K.J., Hamelin, R.D., Shortell, T.M.: INCOSE Systems Engineering Handbook: A Guide for System Life Cycle Processes and Activities. Wiley, Hoboken (2015)Google Scholar
  21. 21.
    Nejib, P., Beyer, D., Yakabovicz, E.: Systems security engineering: what every system engineer needs to know. In: INCOSE International Symposium, vol. 27, no. 1, pp. 434–445 (2017)CrossRefGoogle Scholar
  22. 22.
    Zemrowski, K.M.: NIST bases flagship security engineering publication on ISO/IEC/IEEE 15288:2015. Computer 49(12), 86–88 (2016)CrossRefGoogle Scholar
  23. 23.
    Türpe, S.: The trouble with security requirements. In: IEEE 25th International Requirements Engineering Conference (RE 2017), pp. 122–133 (2017)Google Scholar
  24. 24.
    National Institute of Standards and Technology (NIST), Guide for Conducting Risk Assessments, NIST 800-30 (2012)Google Scholar
  25. 25.
    Blanchard, B.S., Blyler, J.E.: System Engineering Management. Wiley, Hoboken (2016)CrossRefGoogle Scholar
  26. 26.
    Bayuk, J.L., Horowitz, B.M.: An architectural systems engineering methodology for addressing cyber security. Syst. Eng. 14(3), 294–304 (2011)CrossRefGoogle Scholar
  27. 27.
    Johns Hopkins Whiting School of Engineering, Systems Engineering. https://ep.jhu.edu/programs-and-courses/programs/systems-engineering. Accessed 26 July 2018
  28. 28.
    University of Maryland, Baltimore County, Systems Engineering. http://se.umbc.edu/mssecyber.php. Accessed 26 July 2018
  29. 29.
    von Solms, S., Futcher, L.: Towards the design of a cybersecurity module for postgraduate engineering studies. In: Eleventh International Symposium on Human Aspects of Information Security and Assurance (HAISA 2017), Adelaide, Australia (2017)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  1. 1.Department of Electrical Engineering ScienceUniversity of JohannesburgJohannesburgSouth Africa
  2. 2.Postgraduate School of Engineering ManagementUniversity of JohannesburgJohannesburgSouth Africa

Personalised recommendations