2025網(wǎng)絡(luò)賦能工程需求框架

RequirementsFrameworkforCyber-InformedEngineering

2IdahoNational

2IdahoNationalCyber-InformedEngineering(CIE)ProgramactivitiesaresponsoredbytheU.S.DepartmentofEnergy’sOfficeofCybersecurity,EnergySecurity,andEmergencyResponse(DOECESER)andperformedbyIdahoNationalLaboratoryandtheNationalRenewableEnergyLaboratory.

公室（DOECESER）Page1Page1ofPage1of

致謝 RequirementsScopingand

Intended Primary Secondary Document RequirementsScopingand Writing Modeling

Intended CIERequirementsScopingand and驗 PagePAGE10of Model

文獻.

ExecutiveInanerawherecyberthreatsareincreasinglysophisticatedandpervasive,traditionalengineeringpracticesmustevolvetointegratecybersecurityconsiderationsfromtheoutset.CyberInformedEngineering(CIE)addressesthisneedbyembeddingcybersecurityprinciplesintotheengineeringlifecycle,ensuringthatsystemsaredesignedtobesecureandresilientagainstpotentialcyber-attacks.ThispaperaimstodevelopacomprehensiverequirementsframeworkforCIE,detailinghowtraditionalrequirementsengineeringprocessescanbecustomizedtoincorporatekeyCIEprinciples.Thegoalistoprovideastructuredapproachthatorganizationscanusetoensurethatcybersecurityisanintegralpartoftheirsystemdesignandimplementationprocesses.Theframeworkisdevelopedthroughanin-depthexplorationoftherequirementsengineeringprocess,includingrequirementselicitation,specification,validation,andmanagement.Eachstageistailoredtoaddresscybersecurityconcernsbyintegratingactivitiessuchasformalreviews,prototyping,andmodelchecking.Specifictechniquesforeliciting,writing,modeling,reviewing,andvalidatingrequirementsaredetailed,withafocusonquantifyingthefeasibilityofimplementingCIEprinciples.Byintegratingcybersecurityconsiderationsintotherequirementsengineeringprocess,theproposedframeworkensuresthatsecurityisnotanafterthoughtbutafundamentalcomponentofsystemdesign.Thisapproachenhancestheresilienceandsecurityofengineeredsystems,helpingorganizationsproactivelymitigatecyberthreatsandreduceambiguity.Theframeworkservesasavaluabletoolforengineersandcybersecurityprofessionals,providingasystematicwaytoembedrobustsecuritypracticesintotheengineeringlifecycle.ThisworkwasauthoredbytheNationalRenewableEnergyLaboratory,operatedbyAllianceforSustainableEnergyLLC,fortheU.S.DepartmentofEnergyunderContractNo.DE-AC36-08GO28308,andbyIdahoNationalLaboratory,operatedbyBattelleEnergyAllianceLLC,fortheU.S.DepartmentofEnergyunderDOEIdahoOperationsOfficeContractDE-AC07-05ID14517.FundingprovidedbytheU.S.DepartmentofEnergyOfficeofCybersecurity,EnergySecurity,andEmergencyResponse.TheviewsexpressedinthearticledonotnecessarilyrepresenttheviewsoftheDOEortheU.S.Government.TheU.S.Governmentretainsandthepublisher,byacceptingthearticleforpublication,acknowledgesthattheU.S.Governmentretainsanonexclusive,paid-up,irrevocable,worldwidelicensetopublishorreproducethepublishedformofthiswork,orallowotherstodoso,forU.S.Governmentpurposes.

網(wǎng)絡(luò)知情工程（CIE）通過將網(wǎng)絡(luò)安全原則嵌入工程生命周期，解決了這一需求，確保系統(tǒng)被DE?AC36?08GO28308為美國能源部工作，并由愛達荷國家實驗室撰寫，該實驗室由貝特DE?AC07?05ID14517為ListofFigure1:Purelinearmodel Figure2:Linearwithiterationsbetweenactivitiesmodel Figure3:Iterativerequirementmodel Figure4:Effectiverequirementengineeringprocessmodel Figure5:Requirementframeworkfor

1[24]3[26]5：CIE11Intoday'sinterconnecteddigitallandscape,cybersecurityisnotjustatechnicalnecessitybutafoundationalelementofmodernengineering.Thefrequencyandsophisticationofcyber-attacksareincreasing,posingsignificantthreatstocriticalinfrastructure,enterprises,andindividualusers.Traditionalengineeringpracticesoftenconsidersecurityasanadd-on,leadingtosystemsthatareinherentlyvulnerabletocyberthreats.CyberInformedEngineering(CIE)isatransformativeapproachthatmitigatescybersecuritychallengesthroughengineeringmeansthroughoutthesystemengineeringlifecycle,ensuringthatsystemsaredesignedwithsecurityandresilienceattheircore.Theneedforaproactiveapproachtocybersecurityhasneverbeenmoreurgent.Cyber-attackscanhavedevastatingconsequences,fromfinanciallossesandoperationaldisruptionstotheerosionofcustomertrustandeffectsonnationalsecurity.Despitethegrowingrecognitionoftheserisks,manyorganizationsstruggletointegratecybersecurityeffectivelyintotheirengineeringprocesses.WhileexistingguidessuchasCIEimplementationguideintegratecybersecurityintotheengineeringprocess,thereremainsagapinthepracticalimplementationofCIEprinciples.ManyengineeringteamslackastructuredframeworktoguidetheincorporationofCIEprinciplesthroughoutthedevelopmentlifecycle.Thisgapcancontributetosystemsthatarelessresilienttoevolvingcyberthreats,potentiallyincreasingtheriskoffinanciallosses,compromiseddataintegrity,andoperationaldisruptions.Addressingthisgapiscriticalforenhancingthesecurityandresilienceofengineeredsystems.ThepurposeofthispaperistoprovideadetailedandactionablerequirementsframeworkforincorporatingCIEprinciplesinthesystemengineeringlifecycle.Bysystematicallyembeddingcybersecurityprinciplesintoeachstageoftherequirementsengineeringprocess,thisframeworkaimstobridgethegapbetweentraditionalengineeringpracticesandthedemandsofmoderncybersecurity.Theimpactofthisdocumentisfar-reaching,offeringapracticalguidefororganizationsacrossvariousindustriestoenhancetheirsecuritypostureandmitigatetherisksposedbycyberthreats.Themethodologyemployedinthispaperinvolvesin-depthcustomizationofthetraditionalrequirementsengineeringprocesstoincorporateCIEprinciples.Thisincludesdetailedactivitiesforrequirementselicitation,specification,validation,andmanagement,eachtailoredtoaddressspecificcybersecurityconcerns.Techniquessuchasformalreviews,prototyping,andmodelcheckingareemployedtoensurethattherequirementsarebothpracticalandeffective.QuantifiablemetricsareintroducedtoassessthefeasibilityofimplementingCIEprinciples,providingaclearandmeasurableframeworkfororganizationstofollow.Chapter2describesrequirementengineeringprocess,requirementmodelsused,andbackgroundaboutcyber-informedengineering.Chapter3describestheintendedaudienceforthisframework.Chapter4describestherequirementsframeworkforcyber-informedengineering.Finally,Chapter5concludestherequirementframeworkpaper.

CIECIEThissectionprovidesbackgroundontherequirementsengineeringprocess,requirementmodelsinliterature,andanoverviewofCIE.ReadersfamiliarwithrequirementprocessesandCIEmayconsiderskippingthissection.RequirementsEngineeringRequirementsengineeringinvolvesseveralinterconnectedsteps,eachcriticaltothesuccessfuldevelopmentofaproject.REQUIREMENTSThegoalofthisstepistogathercomprehensiveinformationfromstakeholderstounderstandtheirneedsandconstraints.Thisprocessisachievedbyseveralapproachessuchas:Interviews:Theinterviewscanbeeitherstructuredorunstructured.Thestructuredinterviewsinvolvepredefinedquestionstoensureallaspectsarecoveredandunstructuredinterviewsinvolveopen-endeddiscussionstoexplorebroaderSurveys/Questionnaires:Thesurveys/questionnairesareusefulforbroaderreachtocollectdatafromalargernumberofusers.Workshops:Theworkshopsinvolvecollaborativesessionsforstakeholderstodiscussandbrainstormrequirements.Observation:TheobservationinvolvescontextualinquirytoobserveusersintheirDocumentanalysis:Thedocumentanalysisinvolvesreviewingthecurrentsystems,manuals,andbusinessprocesses.REQUIREMENTSSCOPINGANDThegoalofthisstepistoscope,prioritize,andresolveconflictsamonggatheredrequirements.ThisprocessisachievedbyClassifyingrequirements:Theclassificationofrequirementsinvolvescategorizingneedsbasedonbusinessrequirements[1],user/stakeholderrequirements[2],architecturalrequirements[3],structuralrequirements[4],behavioralrequirements[5],functionalrequirements(solution)[6],non-functionalrequirements(qualityofservice)[7],implementationrequirements[8],andregulatoryrequirements[9].Prioritization:Theprioritizationinvolvesranking[10]basedonMoSCoWmethod[11]ofMusthave,Shouldhave,Couldhave,andWon’thavethistime.SomeoftheotherprioritizationtechniquesareRanking,NumericalAssignments(Grouping),BubblesSortTechniques,HundredDollarMethod,AnalyticHierarchyProcess(AHP),KanoAnalysis,FiveWhys,PrioritizationBasedonValue,Cost,andRisk,PairwisecomparisonConflictresolution:Theconflictresolutioninvolvesreconcilingpotentiallyincompatiblerequirementsthroughstakeholderdiscussions[12].

REQUIREMENTS需求分類：需求分類涉及根據(jù)業(yè)務(wù)需求[1],[2],架構(gòu)需求[3],結(jié)構(gòu)需求[4],行為需求[5],功能需求（解決方案）[6],非功能需求（服務(wù)質(zhì)量）[7]實施需求[8],以及監(jiān)管需求[9]MoSCoW方法[10]進行排序，即必須有、應(yīng)該有、可以元法、層次分析法（AHP）、卡諾分析、五個為什么、基于價值、成本和風險的優(yōu)先排序、REQUIREMENTSThegoalofthisstepistodocumenttherequirementsinaclearanddetailedmannertoensuretheyareunderstoodandagreeduponbyallstakeholders.ThisprocessisachievedbyWritingrequirements:Therequirementsshouldbewritteninacleanandpreciselanguageavoidingambiguity[13][14][15].Requirementsshouldalsobecapableofstandingaloneandnotcombinedsuchthattheycanbevalidatedindependently.Modelingrequirements:Therequirementscanbemodeledusingvariousmethods,likecreatingausecasediagramthatvisuallyrepresentsthesysteminteractionoradataflowdiagramthatillustratesdatamovementwithinthesystem[16][17].Reviewingandvalidating:Thisinvolvesregularstakeholdersreviewstoensurerequirementsarecorrectlycaptured[18].REQUIREMENTSThegoalofthisstepistoensurethatthedocumentedrequirementsareaccurate,complete,andfeasible.ThisprocessisachievedbyFormalreviews:Thisinvolvesstep-by-stepwalkthroughreviewoftherequirementsandinspectionsthroughdetailedexaminationoftherequirementsdocument.Prototyping:Theprototypinginvolveseitherhigh-fidelityprototypesthatareinteractivelow-fidelityprototypesthatinvolvessimplesketchesModelchecking:Themodelcheckingisaformalmathematicaltechniquetoensurethatrequirementsarelogicallysoundandimplementable[20].REQUIREMENTSThegoalofthisstepistomanagechangestotherequirementsandmaintaintheirconsistencythroughouttheprojectlifecycle.ThisprocessisachievedbyChangemanagement:Thechangemanagementinvolvesprocessessuchasformalchangerequestsforproposingchangesandimpactanalysistoassesstheimplicationsofchanges[21].Traceability:Thetraceabilityinvolvesusingarequirementstraceabilitymatrix(RTM)[22]tolinkrequirementstotheiroriginsandimplementation.Versioncontrol:Versioncontrolinvolvesdocumentingversionstomaintainversionsoftherequirementdocument[23].RequirementsEngineeringTherearemanyengineeringmodelsdescribedinliterature.Someofthemsuchasapurelinearmodel,linearwithiterationsbetweenactivitiesmodel,iterativerequirementmodel,andfinallyaneffectiverequirementengineeringprocessaredescribed.Thesemodelsarehelpfulinunderstandingthestepsintherequirementsprocess.

編寫需求：需求應(yīng)使用簡潔和精確的語言編寫，避免含糊不清[13][14][15]。需求或創(chuàng)建數(shù)據(jù)流圖以說明系統(tǒng)內(nèi)部的數(shù)據(jù)流動[16][17]?，F(xiàn)的[20]?？勺匪菪裕嚎勺匪菪陨婕笆褂眯枨罂勺匪菪跃仃嚕≧TM）[22]將需求與其來源和實現(xiàn) Figure1Puremodel Figure2LinearwithiterationsbetweenactivitiesmodelFigure3Iterativerequirementmodel

1 23 Figure4EffectiverequirementengineeringprocessmodelTable1SummaryoftheThepurelinearmodelisshowninFigure1.Thepurelinearmodelisasequentialapproachwhereeachphasemustbecompletedbeforethenextstepbegins.Thismodelisstraightforwardandeasytomanage,makingitsuitableforprojectswithwell-definedrequirementsthatareunlikelytoLinearwithThelinearwithiterationsbetweenactivitiesmodelisshowninFigure2.Thismodeldevelopsthesystemthroughrepeatedcycles(iterative)andinsmallerportionsatatime(incremental).Itallowsforpartialimplementationandsubsequentrefinement,makingiteasiertoadapttochangesinrequirements.TheiterativerequirementmodelisshowninFigure3.Thismodelisaflexible,iterativeapproachthatpromotescontinuousfeedbackandadaptiveplanning.Itemphasizescollaborationandcustomersatisfactionthroughthedeliveryofsmall,functionalincrementsoftheproduct.TheeffectiverequirementengineeringprocessmodelisshowninFigure4.Thismodelisarobustrequirementsengineeringmodelaimedatgeneratinghigh-qualityrequirementsforsoftwaredevelopment.Emphasizingindependentrequirementmanagementandplanningphases,itadoptsaniterativetoenhancebothinitialrequirementengineeringandsubsequentAsperthenationalcyber-informedengineeringstrategyoutlinedin[28],CIEisanemergingframeworkthatintegratessecuritycontrolsdirectlyintothedesignofsystemsfromthe

412迭代方法，促進持續(xù)反饋和適應(yīng)性規(guī)劃。 requirementmanagementandplanningphases,itadoptsaniterativeapproachtoenhancebothinitialrequirementengineeringandsubsequentmaintenance.根據(jù)[28],中概述的國家網(wǎng)絡(luò)賦能工程戰(zhàn)略，CIEbeginning.Itcombinesboththephysicsandmechanicsofengineeringwithdigitalprotectionstoenhancethesecurityofthenation'senergysystemsandothercriticalinfrastructures.Thisapproachtargetssystemswithdigitalconnectivity,monitoring,orprocesscontrol,ensuringtheyaresecurefromtheearlieststagesofdevelopment.Unliketraditionalmethods,whichoftenfocusonsecuringsystemsafterdeployment,CIEemphasizesproactivesecurityintegrationduringtheinitialdesignphase.Thisproactiveapproachensuresthatsecurityisinherentinthesystem'sfoundation,ratherthananafterthought.CIEachievesthisbyleveragingdesignchoicesandengineeringcontrolstoeithereliminateormitigatevulnerabilitiesthatcouldbeexploitedincyberattacks.CIEprinciplescontributetodeterminingthecriticalfunctionsthatthesystemdeliversandpreventingundesirableoutcomesthroughconsequence-drivendesign,usingengineeringcontrolstominimizevulnerabilities,safeguardingtheintegrityofvitaldatawithsecureinformationarchitecture,streamliningthedesignbyremovingunnecessaryelementstoachievedesignsimplification,establishingarobustsetofsystemdefensestoensureresilientlayereddefenses,andproactivelydefendingthesystemagainstthreatsthroughactivedefense.Additionally,thesystemcanhaveanimpactonothersystemsorbeimpactedbythem,whichrequiresinter-dependencyevaluation.Gainingaclearunderstandingofthepresenceandfunctioningofdigitalassetsensuresdigitalassetawareness,whileensuringthatsupplychainprovidersadheretosecuritystandardssupportscyber-securesupplychaincontrol.Converting’whatifs’into’evenifs’fostersplannedresilience,safeguardingtheknowledgeofthesystemtopreventitfromfallingintothewronghandsthroughengineeringinformationcontrol,andensuringthateveryone’sbehavioranddecisionsalignswiththeoverarchingsecuritygoalspromotesacybersecurity-awareculture.IntendedTherequirementsframeworkforCIEisdesignedtoassistandenhancetheexistingsystemengineeringlifecycle,nottocreateanewmethodologyfordevelopingrequirements.CIEleveragesestablishedengineeringprocessesandframeworks,integratingitsprinciplestohelpengineersandstakeholdersthinkcriticallyaboutthedigitalconsequencesoftheirdesignsandsystems.ByincorporatingCIE,thefocusisonimprovingthequalityofrequirementsthroughaconsequence-drivenapproach,ensuringthatengineeringsolutionsproactivelymitigatepotentialdigitalvulnerabilities.Thisway,CIEsupportsandstrengthensthetraditionalrequirementsprocesswithoutreinventingit.Theintendedaudiencefortheframeworkcanbeclassifiedintoprimaryandsecondaryaudience.PrimaryTheaudiencewhowillusethisframeworkthroughoutthesystemengineeringlifecyclefordevelopingasystemthatissecurebasedontheCIEprinciples.SystemEngineersandDevelopers:Professionalsinvolvedindesigningandbuildingsystemswhoneedtointegratecybersecuritymeasuresthroughoutthedevelopment

CIE最小化漏洞，通過安全的信息架構(gòu)保護重要數(shù)據(jù)的完整性，通過移除不必要元素來簡化設(shè)計以實現(xiàn)設(shè)計簡化，建立一套強大的系統(tǒng)防御措施以確保彈性分層防御，并通過主動防御積極防御系統(tǒng)免受威脅。CIEProjectManagers:IndividualsoverseeingsystemdevelopmentprojectswhoneedtoensurethatcybersecurityisaprioritizedandintegratedcomponentoftheprojectlifeQualityAssuranceandTestingTeams:ProfessionalstaskedwithverifyingthattheimplementedsystemmeetsthespecifiedsecurityrequirementsandisresilienttocyberSecondaryTheaudiencewhowillbeconsultedbytheprimaryaudiencetosuccessfullybuildthesystemthroughouttheengineeringlifecycleinaccordancewithCIEprinciples.CybersecurityExperts:Specialistsresponsibleforidentifying,analyzing,andmitigatingcyberthreatswhocanprovideinsightsandvalidationforsecurityrequirements.Policymakers,RegulatoryOfficials,andComplianceOfficers:Personnelresponsibleforensuringthatsystemsmeetregulatory,andcompliancestandardsrelatedtoBusinessStakeholdersandExecutives:Decision-makerswhoneedtounderstandtheimportanceofembeddingcybersecurityintoengineeringpracticestoprotectorganizationalassetsandmaintaincustomertrust.AcademicandResearchCommunities:Scholarsandresearchersstudyingcybersecurityandengineeringmethodologieswhocanbenefitfromastructuredframeworkforintegratingcybersecurityprinciplesintosystemdesignanddevelopment.RequirementFrameworkforFigure5Requirementframeworkfor

CIE需求框架圖5CIETherequirementframeworkforCIEisshowninFigure5.Theelicitation,scoping,anddeconflictingrequirementsareinitialstepsinformingrequirements.Therequirementsspecificationsaretheactualrequirementsthatwillbeusedinthesystemengineeringlifecycle.TherequirementsvalidationandmanagementareusedthroughoutthesystemengineeringlifecycletodevelopthesystemaccordingtotherequirementsspecifiedandlogalltherequirementRequirementsWhenusingCIE,therequirementselicitationphaseiscriticaltoensurethatwelookatarequirementintheroundandteaseoutalltheneedsforengineering-basedprotectionsandlayereddefenses.Thisstageensuresthatallrelevantsecurityconcernsareidentifiedandconsideredfromtheoutset,formingthefoundationforasecuresystemdesign.Theelicitationprocessinvolvesmultipletechniques,includinginterviews,surveys/questionnaires,observations,anddocumentanalysis.Eachtechniqueprovidesuniqueinsightsandcomplementstheotherstocreateacomprehensiveunderstandingofthecybersecurityrequirements.MostofthequestionshereareforexamplesandacomprehensivelistisintheCIEimplementationguide[29].Interviewsareadirectandeffectivewaytogatherdetailedinformationfromstakeholders.ForCIE,interviewsshouldfocusonunderstandingthebroaderoperationalandengineeringprotectionsnecessarytomitigatethepotentialforcybersabotage.Thestakeholderstobeinterviewedincludebusinessowners,theoperationalteam,engineers,ITpersonnel,cybersecurityexperts,andend-users.Thekeyquestionstoaskmightincludethefollowing.BusinessOwners:Whatarethemostcriticalassetsandfunctionsthatneedprotection?Whatarethepotentialoperationalconsequencesofacyber-attackontheseassets?Howdoyoucurrentlyensureresilienceagainstsystemdisruptions?OperationalTeams:Whatoperationalprocessesandfunctionsaremostsusceptibletodisruptionfromexternalthreats?Howdoyoucurrentlymanageresilienceandcontinuityincriticaloperations?Whatimpactwouldafailureinengineering-baseddefenseshaveonsystemperformance?Engineers:Whatengineeringcontrolsareinplacetopreventsystemdisruptionsandfailures?Howcanthesecontrolsbestrengthenedtominimizetheriskofcybersabotage?Aretherespecificvulnerabilitiesinthesystem'sdesignthatcouldbeITStaff:Whatsecurityprotocolsanddefensesareintegratedwithengineeringsystems?Whatvulnerabilitiesinthecurrentsystemcouldimpactcriticalfunctions?Howdoyouhandleincidentsthatcanaffectoperationaltechnology(OT)?CybersecurityExperts:Whatarethelatestthreatsandattackvectorsrelevanttoourindustry,particularlythosethattargetoperationaltechnologies?Howdowealigncybersecuritymeasureswithengineeringprotectionstopreventsystemsabotage?Whatbestpracticescanimproveresiliencethroughthedesignofthesystem?

使用CIE時，需求獲取階段至關(guān)重要，以確保我們?nèi)鎸徱曅枨?，并提取所有基于工程保護的分層防御需求。此階段確保從一開始就識別并考慮所有相關(guān)安全問題，為安全系統(tǒng)設(shè)計奠定基礎(chǔ)。獲取過程涉及多種技術(shù)，包括訪談、調(diào)查/并相互補充，以全面理解網(wǎng)絡(luò)安全需求。這里的大多數(shù)問題都是示例，完整列表在CIE實施指南CIE，訪談應(yīng)側(cè)重于理解必ITIT員工What安全 and防御措施are集成 with工程 當前系統(tǒng)中的哪些漏洞可能會影響關(guān)鍵功能？如何處理可能影響運營技術(shù)（OT）的 專家：Whatarethe最新威 and攻擊向 相關(guān)的toPagePAGE13ofIncludingthesebroaderperspectivesensuresthatinterviewsaddressbothoperationalandengineeringneeds,capturingtherequirementsnecessarytobuildprotectionfromcybersabotagethroughCIEprinciplesratherthanrelyingsolelyontraditionalITsecuritymeasures.Surveysandquestionnairesareusefulforgatheringinformationfromalargergroupofstakeholders,providingabroaderperspectiveoncybersecurityrequirements.Thesetoolscanbeusedtocollectquantitativeandqualitativedataonsecuritypriorities,userexperiences,andperceivedrisks.Questionsmightinclude:WhatarethesystemsthatperformandsupportcriticalfacilityWhatconsequencesoffailureormaloperationaretheengineeredcontrolsdesignedtoWhatengineering-basedprotectionandverificationcouldensurethatkeydatahavenotbeenWhatlayersofengineeredcontroldefensesexistinasystemandassesstheirinterdependencefromotherdefensesandareaofeffect?WhattemporaryoperationalchangescanbemadeinresponsetoaperceivedWhatoutputsdoesthesystemprovidethatarecriticalinputstootherbusinesssystemsorinfrastructures?Surveyscanalsoincludescenario-basedquestionstogaugestakeholderresponsestopotentialsecurityincidents.Thishelpsinunderstandingstakeholderexpectationsandpreparednessforvarioussecurityscenarios.Observingstakeholdersintheirnaturalenvironmentprovidesvaluableinformationonhowtheyinteractwiththesystemandcanrevealpotentialvulnerabilitiesthatmaynotbeapparentthroughinterviewsordocumentation.ForCIE,observationsshouldfocusonhowsystemoperatorsinteractwithandmanagecriticalassets,howengineersandoperationalstaffimplementandmaintainengineering-basedprotections,andhowroutinetasksareperformedinareal-worldcontexttoensuresystemresilience.Keyobservationsmightincludethefollowing.Howcanmultipleconcurrentcompromisesofalreadyin-placemitigations(i.e.,n-2,n-x)contributetomoresevereconsequences?Howareengineeringcontrolsmonitoredandreassessedtoidentifychangesfromevolvingoperationsthatmayweakentheireffectiveness?HowundesiredmanipulationofimportantdataisHowarefeaturesofthesystemthatarenotnecessarytoachievethecriticalfunctionsInsteadoffocusingonITstaffmanagingsecurityprotocols,theemphasiscouldbeonhowoperationalcontrolsandengineeringmeasuresareappliedandadaptedindailyactivitiestopreventpotentialdisruptionsorsabotage.ThisapproachalignswiththeCIE’sgoalofengineeringoutvulnerabilitiesandenhancingoperationaldefenses.

ITCIEPagePAGE14ofDOCUMENTDocumentanalysisinvolvesreviewingkeyartifactsthatareintegraltothesystemengineeringlifecycle,suchassystemsecurityplans,interfacecontroldocuments,andsystemdesigndocuments.Thesedocumentsprovidecrucialinsightsintotheexistingengineeringframework,operationalcontrols,andhowsecuritymeasuresareintegratedintosystemarchitecture.ForCIE,importantdocumentstoreviewmightinclude:SystemSecurityPlan:Whatsecuritymeasuresareinplace,andhowaretheyintegratedintothesystem’soveralldesignandoperation?Doestheplanaddresspotentialvulnerabilitiesengineeredintothesystem?InterfaceControlDocuments:Howdodifferentsystemcomponentsinteract?Arethereanyinterfacevulnerabilitiesthatcouldbeexploited?SystemDesignDocuments:Howisthesystemarchitected?Arethereengineeredredundanciesordefensesthatminimizethepotentialimpactofacyber-attack?Analyzingthesedocumentshelpsprovideacompleteunderstandingofthedesign,operationalprocedures,andprotectionsofthesystem,allowingidentificationofareaswhereadditionalsecurityorresiliencemeasuresmayberequired.ThisensuresalignmentwithCIEprincipleswhileaddressinggapsinthesystem'soverallsecurityposture.INTEGRATINGIntegratinginsightsfrominterviews,surveys,observations,anddocumentanalysisisacriticalandcomplexstepintherequirementselicitationprocess.Thisprocessinvolvesnotonlycollectingdata,butalsosynthesizingandanalyzingittoensurethatallperspectives,operational,engineering,andcybersecurity,arerepresentedinthefinalsetofrequirements.Todothiseffectively,itisimportanttodevelopastructuredapproachthatfocusesoncategorizingandcorrelatingtheinformationgatheredfromdifferentsources.Aneffectivestrategyistouseathematicanalysis,wherethedataisgroupedintothemessuchasassetprotection,operationalreliability,supplychainintegrity,andbuilt-indefenses.Byidentifyingrecurringthemes,theteamcanensurethatthesystem’smostcriticalcomponentsandfunctionsareprotectedbyappropriateengineeringandsecuritymeasures.Forexample,interviewswithsystemoperatorsmightrevealkeyinsightsintooperationaldependencies,whiledocumentanalysiscoulduncoverarchitecturalvulnerabilitiesthatneedtobeaddressed.Cross-functionalworkshopscanalsohelpintegrateinformationbybringingtogetherstakeholdersfromdifferentdomains:operations,engineering,IT,andsecurity,allowingthemtocollectivelyreviewthefindingsandvalidatetheemergingrequirements.Theseworkshopsshouldfocusonreconcilinganyconflictsbetweenoperationalneedsandsecurityrequirements,ensuringthatsolutionsarebalancedandfeasiblewithintheconstraintsofthesystem.Finally,prioritizingrequirementsbasedontheiralignmentwithCIEprincipleshelpstoensurethatthemostcriticalaspectsofthesystemareaddressedfirst,supportingbothresilienceandsecurityfromthestartofthedesignprocess.Thisstructured,multi-perspectiveapproachenablesamorecompleteandcohesivesetofrequirements,ensuringthatsecurityisembeddeddeeplyintothesystem’sarchitectureandoperations,andnottreatedasanafterthought.

CIE，需要審查的重要文檔可能包括：RequirementsScopingandWhenusingCIE,therequirementsscopinganddeconflictionstageispivotal.Itinvolvesdissectingthegatheredrequirementstounderstandtheirimplications,prioritizingthembasedonvariouscriteria,andresolvinganyconflictsthatmayarisebetweendifferentstakeholderneeds.Thisstageensuresthatcybersecurityrequirementsarenotonlycomprehensive,butalsofeasibleandalignedwiththeoverallgoalsofthesystem.DETAILEDThefirststepinthisstageistothoroughlyanalyzetherequirementselicited.Thisinvolvescategorizingrequirementsintofunctional(requirementsthatdirectlyimpactkeysystemfunctions)andnon-functional(requirementsrelatedtoresilience,supplychainintegrity,orculturalconsiderations)requir