Systems Security Engineering (SSE) is an element of Systems Engineering (SE) that applies scientific and engineering principles in a standardized, repeatable, and efficient manner to identify security vulnerabilities, requirements, and methods of verifications that minimize risks. SSE delivers systems that satisfy stakeholder security needs for weapon system operation in today’s cyber-contested environments. [1]
Definition: Systems security engineering is a specialty engineering field strongly related to systems engineering. It applies scientific, engineering, and information assurance principles to deliver trustworthy systems that satisfy stakeholder requirements within their established risk tolerance.
Purpose of Systems Security Engineering (SSE)
The purpose of SSE is to prevent or delay the exploitation of Critical Program Information (CPI) in U.S. defense systems and may include Anti-Tamper (AT) activities. It supports the development of programs and design-to-specifications providing life-cycle protection for critical defense resources.
Benefits of Systems Security Engineering (SSE)
The benefit of SSE is derived after the acquisition is complete by mitigation of threats against the system during deployment, operations, and support. SSE may also address the possible capture of the system by the enemy during combat or hostile actions.
Security Guidebook
The United States Air Force (USAF) Weapons System Program Protection (PP) and Systems Security Engineering (SSE) Guidebook v2.0 was developed by the USAF Cyber Resiliency Office for Weapon Systems (CROWS). It implements Cyber Security and Cyber Resiliency policies for all USAF weapon systems. It provides a single source for guidance on SSE within the USAF weapons system acquisition community but is applicable and tailorable to other systems as well.
Guidebook: USAF Weapon System PP and SSE Guidebook v2.0
The guidebook assists program offices in performing the engineering analysis needed to understand the cyber-related aspects of their systems. The guidebook encompasses a holistic look at different aspects of System Engineering for cyber (e.g., Cyber Security, Trusted Systems and Networks, Anti-Tamper, Information Protection, Cyber Resiliency), and outlines a single workflow process to better integrate PP and SSE activities into the traditional Systems Engineering processes. [1]
Roles in Systems Security Engineering (SSE)
The Program Manager (PM) is responsible for employing SSE practices and preparing a Program Protection Plan (PPP) to guide the program’s efforts and the actions of others. The Systems Engineer and/or System Security Engineer is responsible for ensuring a balanced set of security requirements, designs, testing, and risk management are incorporated and addressed in their respective trade spaces.
AcqLinks and References:
- Defense Acquisition Guidebook (DAG) – Chapter 3 & 9
- [1] USAF Weapon System PP and SSE Guidebook v2.0
Updated: 9/19/2021
Rank: G6.2