Classical risk-based or game-theoretic security models rely on assumptions from reliability theory and rational expectations economics that are not applicable to security threats. Additionally, these models suffer from serious deficiencies when they are applied to software-intensive, socio-technical systems. A new approach is proposed in this paper that applies principles from control theory to enforce constraints on security threats thereby extending techniques used in system safety engineering. It is applied to identify and mitigate the threats that could emerge in critical infrastructures such as the air transportation system. Insights are provided to assist systems engineers and policy makers in securely transitioning to the Next Generation Air Transportation System (NGATS).
References
[1]
Anderson, R. (2001) Security Engineering. Wiley Computer Publishing, New York.
[2]
JPDO (2004) Next Generation Air Transportation System Integrated Plan. Joint Planning and Development Office.
[3]
Krenzke, T. (2006) Ant Colony Optimization for Agile Motion Planning. MIT, Cambridge.
[4]
Barlas, S. (1996) Anatomy of a Runaway: What Grounded the AAS. IEEE Software, 13, 104-106. https://doi.org/10.1109/MS.1996.476294
[5]
Laracy, J. (2006) A Systems Theoretic Accident Model Applied to Biodefense. Defense and Security Analysis, 22, 301-310.
https://doi.org/10.1080/14751790600933905
[6]
Apostolakis, G. (2000) The Nuclear News Interview—Apostolakis: On PRA. Nuclear News, 27-31.
[7]
Laracy, J. (2007) Addressing System Boundary Issues in Complex Socio-Technical Systems. Proceedings of the 5th Annual Conference on Systems Engineering Research, Hoboken, NJ.
[8]
Feynman, R.P. (1986) Rogers Commission Report: Appendix F—Personal Observations on the Reliability of the Shuttle. NASA.
[9]
Stamatelatos, M.G. (2002) New Thrust for PRA at NASA.
[10]
Scottberg, E. (2006) NASA Says Shuttle Risk Overstated; Yet Some Risk Unavoidable. Popular Mechanics, 30 June 2006.
[11]
Apostolakis, G.E. (2004) How Useful Is Quantitative Risk Assessment? Risk Analysis, 24, 515-520. https://doi.org/10.1111/j.0272-4332.2004.00455.x
[12]
Parker, D.B. (2007) Risks of Risk-Based Security. Communications of the ACM, 50, 120. https://doi.org/10.1145/1226736.1226774
[13]
Laracy, J.R. (2007) A System-Theoretic Security Model for Large Scale, Complex Systems Applied to the Next Generation Air Transportation System (NGATS). Master of Science Thesis, MIT, Cambridge.
[14]
Bier, V.M. (2005) Game-Theoretic and Reliability Methods in Counter-Terrorism and Security Modern Statistical and Mathematical Methods in Reliability: Series on Quality, Reliability and Engineering Statistics. World Scientific Publishing Co., Singapore.
[15]
Frey, B.S. and Luechinger, S. (2003) How to Fight Terrorism: Alternatives to Deterrence. Defense and Peace Economics, 14, 237-249.
https://doi.org/10.1080/1024269032000052923
[16]
Sandler, T., Daniel, G. and Arce, M. (2003) Terrorism and Game Theory. Simulation and Gaming, 34, 317-337. https://doi.org/10.1177/1046878103255492
[17]
Banks, D.L. and Anderson, S. (2007) Combining Game Theory and Risk Analysis in Counterterrorism: A Smallpox Example. In: Wilson, A.G., Wilson, G.D. and Olwell, D.H., Eds., Statistical Methods in Counterterrorism: Game Theory, Modeling, Syndromic Surveillance, and Biometric Authentication, Springer, New York.
[18]
Tversky, A. and Kahneman, D. (1974) Judgment under Uncertainty: Heuristics and Biases. Science, 185, 1124-1131. https://doi.org/10.1126/science.185.4157.1124
[19]
Fricker, R.D. (2005) Game Theory in an Age of Terrorism: How Can Statisticians Contribute? In: Wilson, A.G., Wilson, G.D. and Olwell, D.H., Eds., Statistical Methods in Counterterrorism: Game Theory, Modeling, Syndromic Surveillance, and Biometric Authentication, Springer, Berlin.
[20]
Schneider, W. (2003) The Role and Status of DoD Red Teaming Activities. Paper presented at the Defense Science Board, September 2003.
[21]
Dzakovic, B. (2003) Statement of Bogdan Dzakovic to the National Commission on Terrorist Attacks upon the United States.
[22]
NCTAUS (2004) 9/11 Commission Report. Paper presented at the National Commission on Terrorist Attacks upon the United States.
[23]
Leveson, N. (2002) System Safety Engineering: Back to the Future. Cambridge.
[24]
Graham, S., Baliga, G. and Kumar, P.R. (2004) Issues in the Convergence of Control with Communication and Computing: Proliferation, Architecture, Design, Services, and Middleware. 43rd IEEE Conference on Decision and Control, 2, 1466-1471.
[25]
Checkland, P. (1981) Systems Thinking, Systems Practice. John Wiley & Sons, New York.
[26]
Ashby, W.R. (1956) An Introduction to Cybernetics. Chapman and Hall, London.
[27]
Senge, P. (2006) The Fifth Discipline. Double Day, New York.
[28]
Sterman, J. (2000) Business Dynamics: Systems Thinking and Modeling for a Complex World. Irwin McGraw-Hill, Boston.
[29]
Kirby, M.W. (2003) The Intellectual Journey of Russell Ackoff: From OR Apostle to OR Apostate. Journal of the Operational Research Society, 54, 1127-1140.
https://doi.org/10.1057/palgrave.jors.2601627
[30]
Richmond, B. (1993) Systems Thinking: Critical Thinking Skills for the 1990s and Beyond. System Dynamics Review, 9, 113-133.
https://doi.org/10.1002/sdr.4260090203
[31]
Gharajedaghi, J. (1999) Systems Thinking: Managing Chaos and Complexity. Butterworth Heinemann, Boston.
[32]
Dulac, N., et al. (2007) Demonstration of a Powerful New Dynamic Approach to Risk Analysis for NASA’s Constellation Program. MIT Complex Systems Research Laboratory Report, Cambridge.
[33]
Rae, A., Fidge, C. and Wildman, L. (2006) Fault Evaluation for Security-Critical Communications Devices. Computer, 39, 61-68.
https://doi.org/10.1109/mc.2006.161
[34]
Leveson, N. (2003) A New Approach to Hazard Analysis for Complex Systems. Paper presented at the International Conference of the System Safety Society, Ottawa.
[35]
Gelernter, D. (2005) The Law of Loopholes in Action. Los Angeles Times, 6 May 2005.
[36]
NCTAUS (2004) The Aviation Security System and the 9/11 Attacks—Staff Statement No. 3. Paper presented at the National Commission on Terrorist Attacks Upon the United States.
[37]
Leveson, N. (2004) A New Accident Model for Engineering Safer Systems. Safety Science, 42, 237-270.
[38]
RMS (2003) Managing Terrorism Risk. Risk Management Solutions, Inc.
[39]
Dulac, N. (2007) A Framework for Dynamic Safety and Risk Management Modeling in Complex Engineering Systems. Ph.D. Thesis, MIT, Cambridge.
[40]
Leveson, N., Dulac, N., Barrett, B., Carroll, J., Cutcher-Gershenfeld, J. and Friedenthal, S. (2005) Risk Analysis of NASA Independent Technical Authority. MIT, Cambridge.
Midkiff, A.H., Hansman, R. and Reynolds, T. (2004) Air Carrier Flight Operations. ICAT Report, MIT, Cambridge.
[43]
Martinez-Moyano, I.J., Rich, E., Conrad, S., Anderson, D.F. and Stewart,T.R. (2005) A Behavioral Theory of Insider-Threat Risks: A System Dynamics Approach. Retrieved from Albany, NY.
[44]
Sterman, J. (2002) All Models Are Wrong: Reflections on Becoming a Systems Scientist. System Dynamics Review, 18, 501-531. https://doi.org/10.1002/sdr.261
[45]
Gonzalez, J.J., et al. (2005) Helping Prevent Information Security Risks in the Transition to Integrated Operations. Telektronikk, 101, 29-37.
[46]
Savage, L.J. (1954) The Foundations of Statistics. Wiley, New York.
