<a href="https://colab.research.google.com/github/tsherburne/de-textbook/blob/main/01_SCRE_DE_Textbook.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Digital Engineering (DE) Introduction


*   The crux of digital engineering is the creation of ***computer readable*** models to represent all aspects of the system and to support all the activities for the design, development, manufacture, and operation of the system throughout its lifecycle.
*   These computer models would have to be based on shared data ***schemata*** so that in effect a digital thread integrates all the diverse stakeholders involved in the acquisition of new weapon systems.
*   Model-based systems engineering (MBSE) is a subset of digital engineering. MBSE supports the systems engineering activities of requirements, architecture, design, verification, and validation. These models would have to be connected to the physics-based models used by other engineering disciplines such as mechanical and electrical engineering.
*   Foundation to digital engineering is the representation of the system data in a format sharable between all stakeholders. SysML 2.0 is one of several future developments promising to provide a representation sufficient to support digital engineering. An ontology defining the entities and relationships between them can be used to define the concepts relevant to systems engineering. Such a representation is necessary to create the digital thread linking all the models together in a cohesive and useful manner.

See [SEBoK DE Definition](https://www.sebokwiki.org/wiki/Digital_Engineering) for additional details.


## System Definition Language (SDL)

A ***System Definition Language (SDL)*** is a formal, structured language which avoids the ambiguity inherent in using common English to define or specify a system. The precise meaning of each language concept is fixed and documented to enhance team communication and assure unambiguous interpretation of specifications using this language. SDL is based on the following primitive language concepts:​

*   ***Entities*** correspond to nouns in English. Entities define objects and serve as the basic units in a meta-model (e.g., Component, Function, etc.) ​
*   ***Relationships*** are similar to verbs. Each relationship has a definite subject and object (e.g. a Component performs a Function).​
*    Attributes further describe entities much like adjectives modify nouns. The attributes of an entity serve to define critical properties of entities. (e.g. Component entity includes number and type attributes).  
*   ***Attributed-Relationships*** (i.e., attributes on relationships) correspond to adverbs in English. The attributes of a relationship serve to define critical properties of the relationship. For instance, attributes of a consumes relationship would include the quantity being consumed. ​
*   ***Structures*** provide specification of semantically explicit system control constructs (Concurrency, Iteration, Loop, Multiple Exit, Replication, Selection, and Sequence). Using this explicit notation, the behavior of the system can be validated and executed using a simulator. 

See [A Primer for Model-Based
Systems Engineering](http://www.mbseprimer.com/) (page 34) for additional details.

In [None]:
#@title Top-Level MBSE Meta-Model
from IPython.display import Image
Image(height=300, url='https://raw.githubusercontent.com/tsherburne/de-textbook/main/images/meta-model-foundation.png')

In [None]:
#@title Essential MBSE Meta-Model
from IPython.display import Image
Image(height=400, url='https://raw.githubusercontent.com/tsherburne/de-textbook/main/images/mbse-essential.png')


----

| Entity | Description |
| :---   | :----       | 
| Component | A component is an abstract term that represents the physical or logical entity that performs a specific function <br> or functions.|
| Function | A function is a transformation that accepts one or more inputs (items) and transforms them into outputs (items).|
| Item | An item represent flows within and between functions. An item is an input to or an output from a function.|
| Link   | A link is the physical implementation of an interface. |
| Requirement | A requirement is either an originating requirement extracted from source documentation for a system, a refinement <br> of a higher‐level requirement, a derived characteristic of the system or one of its subcomponents, or a design decision.|
| Structure | Recursive call structure, for example, select, parallel, loop, for each function. |
| Verification Requirement | A Verification Requirement describes what is to be proved (i.e., requirements), at what level the verification will occur, <br>which method of verification should be used, and the current verification status.|

----

# Secure Cyber Resilience Engineering (SCRE)



In [None]:
#@title Resilience Concept
#@markdown * A ***Resilience Mode*** is a distinct and separate method of operation of a component, device, or system based upon a diverse redundancy or other design pattern.
#@markdown * A ***Sentinel*** is a pattern responsible for monitoring and reconfiguration of a system using available Resilience Modes. The Sentinel functions are expected to be far more secure than the system being addressed for resilience.
from IPython.display import Image
Image(height=300, url='https://raw.githubusercontent.com/tsherburne/de-textbook/main/images/resilience-concept.png')

In [None]:
#@title STPA-Sec Methodology Overview
#@markdown > [STPA Guidebook](https://psas.scripts.mit.edu/home/get_file.php?name=STPA_handbook.pdf) (page 14)

#@markdown 1. Defining the purpose of the analysis is the first step with any analysis method. What kinds of ***losses***
#@markdown will the analysis aim to prevent? Will STPA be applied only to traditional safety goals like preventing loss
#@markdown of human life or will it be applied more broadly to security, privacy, performance, and other system
#@markdown properties? What is the system to be analyzed and what is the ***system boundary***? 
#@markdown 2. The second step is to build a model of the system called a ***control structure***. A control structure
#@markdown captures functional relationships and interactions by modeling the system as a set of feedback control
#@markdown loops. The control structure usually begins at a very abstract level and is iteratively refined to capture
#@markdown more detail about the system. This step does not change regardless of whether STPA is being applied to
#@markdown safety, security, privacy, or other properties.
#@markdown 3. The third step is to analyze control actions in the control structure to examine how they could lead to
#@markdown the losses defined in the first step. This step does not change regardless of whether STPA
#@markdown is being applied to safety, security, privacy, or other properties.
#@markdown 4. The fourth step identifies the reasons why hazardous control might occur in the system. Scenarios are
#@markdown created to explain:
#@markdown   * How incorrect feedback, inadequate requirements, design errors, component failures, and
#@markdown other factors (cyber attacks) could cause hazardous control actions and ultimately lead to losses.
#@markdown   * How safe control actions might be provided but not followed or executed properly, leading to a
#@markdown loss.
from IPython.display import Image
Image(height=400, url='https://raw.githubusercontent.com/tsherburne/de-textbook/main/images/stpa-method-overview.png')


In [None]:
#@title Mission Aware (MA) MBSE Incredients
#@markdown * [Essential MBSE](https://colab.research.google.com/drive/1pbX9Yx5C6Kq7bqeIP7fUkzbMqVJwyDRb?authuser=1#scrollTo=90cDfh2hBNbc)
#@markdown * [STPA-Sec](https://colab.research.google.com/drive/1pbX9Yx5C6Kq7bqeIP7fUkzbMqVJwyDRb?authuser=1#scrollTo=s6DTtiPY28Gp)
#@markdown * [Resilience Concept](https://colab.research.google.com/drive/1pbX9Yx5C6Kq7bqeIP7fUkzbMqVJwyDRb?authuser=1#scrollTo=KWIkt5qn30EB)
#@markdown * NIST
#@markdown   * [SP 800-160 Vol. 2](https://csrc.nist.gov/publications/detail/sp/800-160/vol-2/final) Developing Cyber Resilient Systems: A Systems Security Engineering Approach
#@markdown   * [SP 800-53 Rev. 5](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf) Security and Privacy Controls for Information Systems and Organizations
#@markdown   * [RMF](https://csrc.nist.gov/projects/risk-management) Risk Management Framework
#@markdown * MITRE
#@markdown   * [CAPEC](https://capec.mitre.org/)
#@markdown   * [ATT&CK](https://attack.mitre.org/)
#@markdown   * [D3FEND](https://d3fend.mitre.org/)
from IPython.display import Image
Image(height=200, url='https://raw.githubusercontent.com/tsherburne/de-textbook/main/images/mission-aware-mbse-incredients.png')


In [None]:
#@title Top-Level MA MBSE Meta-Model
from IPython.display import Image
Image(height=400, url='https://raw.githubusercontent.com/tsherburne/de-textbook/main/images/ma-meta-model-foundation.png')


In [None]:
#@title Detail MA MBSE Meta-Model
from IPython.display import Image
Image(height=600, url='https://raw.githubusercontent.com/tsherburne/de-textbook/main/images/ma-meta-model-detail.png')


----

| Element | Entity | Description |
| :---    | :---   | :----       | 
| Control Structure | Control Action | A controller provides control actions to control some process and to enforce constraints on the <br> behavior of the  controlled process.|
| | Feedback | Process models may be updated in part by feedback used to observe the controlled process.|
| | Context | The set of process model variables and values.|
| Risk | Loss | A loss involves something of value to stakeholders. Losses may include a loss of human life or <br> human injury, property damage, environmental pollution, loss of mission, loss of reputation, loss <br> or leak of sensitive information, or any other loss that is unacceptable to the stakeholders.|
| | Hazard | A hazard is a system state or set of conditions that, together with a particular set of worst-case <br> environmental conditions, will lead to a loss.|
| | Hazardous Action | A hazardous action is a control action that, in a particular context and worst-case environment, <br>will lead to a hazard.|
| Vulnerability | Loss Scenario | A loss scenario describes the causal factors that can lead to the hazardous control and to hazards. <br> Two types of loss scenarios must be considered: a) Why would hazardous control actions occur? <br>b) Why would control actions be improperly executed or not executed, leading to hazards?|
| | Remediation | The hygiene practice or resilience mechanism to protect against a loss}, hazard}, loss scenario, <br>or attack vector. |
| Mission Aware | Attack Pattern | |
| | Attack Vector | |
| | Hygiene Practice | |
| | Resilient Mode | |
| | Sentinel 

----

In [None]:
#@title Cyber Security Requirements Methodology (CSRM)
from IPython.display import Image
Image(height=600, url='')


In [None]:
#@title Framework for Operational Resilience in Engineering and System Test (FOREST)
from IPython.display import Image
Image(height=600, url='')

# DE Textbook Chapters






*   Mission Engineering
  *   (SCRE) [Operational Risk Assessment](https://colab.research.google.com/drive/1hNEJ7dAmUFhure_p2qRfLbaVF_cFgqBv?authuser=1)
*   Requirements Analysis
*   Behavior Analysis
  *   (SCRE) [Vulnerability Assesment](https://)
*   System Architecture
  *   (SCRE) [Resilience Architecture](https://)
*   Verification and Validation
  *   (SCRE) [Resilience Design Validation](https://)
  *   (SCRE) [Test Support System](https://)