Developing a Model-Based Systems Engineering Tool for Cybersecurity Risk Management of Micro-Electronic Devices

Authors

  • James Leland IV
  • Collin Chilton
  • Brett Schraeder
  • James Walliser
  • Sathyamurthi Sadhasivan

DOI:

https://doi.org/10.37266/ISER.2025v12i2.pp121-126

Keywords:

Model-Based Systems Engineering, Risk Analysis, Micro-Electronics, Mitigation, Optimization

Abstract

Cyber-security threats to micro-electronic components can drive significant cost into a program over its lifecycle. Cost savings can be achieved by selecting an appropriate mitigation strategy, but this requires a method for quantifying risks and countermeasures. This project developed a mathematical approach to quantify cybersecurity risk and implemented the solution in a model-based systems engineering product, called the Cyber-security Risk Assessment and Mitigation (CRAM) Tool. Users of the CRAM tool can select a set of cyber-security threats and visualize them in a 5x5 risk matrix, then explore the effectiveness of various countermeasures in reducing overall risk. The CRAM Tool produces the residual risk for a specific micro-electronic component that can be used to compare the effectiveness of threat-countermeasure combinations, allowing the user to develop a cost-effective mitigation strategy. Application of this mathematical risk quantification method and the CRAM Tool is demonstrated for hardware-trojan horse threats to a field-programmable gate array.

References

Agrafiotis, I., Nurse, J. R. C., Goldsmith, M., Creese, S., & Upton, D. (2018). A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity, 4(1).

Aslan, O., & Samet, R. (2017). Mitigating Cyber Security Attacks by Being Aware of Vulnerabilities and Bugs. 2017 International Conference on Cyberworlds, 222–225.

Dorta, T., Jiménez, J., Martín, J. L., Bidarte, U., & Astarloa, A. (2009). Overview of FPGA-Based Multiprocessor Systems. 2009 International Conference on Reconfigurable Computing and FPGAs, 273–278.

Friedenthal, S., Griego, R., & Sampson, M. (2009). INCOSE Model Based Systems Engineering (MBSE) Initiative.

Mencer, O., Allison, D., Blatt, E., Cummings, M., Flynn, M. J., Harris, J., Hewitt, C., Jacobson, Q., Lavasani, M., Moazami, M., Murray, H., Nikravesh, M., Nowatzyk, A., Shand, M., & Shirazi, S. (2020). The History, Status, and Future of FPGAs: Hitting a nerve with field-programmable gate arrays. Queue, 18(3), 71–82.

Orlando, A. (2021). Cyber Risk Quantification: Investigating the Role of Cyber Value at Risk. Risks, 9(10), Article 10. https://doi.org/10.3390/risks9100184

Sunkavilli, S., Zhang, Z., & Yu, Q. (2021). New Security Threats on FPGAs: From FPGA Design Tools Perspective. 2021 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), 278–283.

Vosatka, J. (2018). Introduction to Hardware Trojans. In S. Bhunia & M. M. Tehranipoor (Eds.), The Hardware Trojan War: Attacks, Myths, and Defenses (pp. 15–51). Springer International Publishing.

Walliser, J., Tossell, C., Burcham, S., Haasl, C., Cabo, A., Kotter, C., & Bearden, K. (2023). Model-Based Systems Engineering Cybersecurity of Field Programmable Gate Arrays for Future Weapons Systems.

Wolthuis, R., Phillipson, F., Jongsma, H.-J., & Langenkamp, P. (2021). A framework for quantifying cyber security risks. Cyber Security: A Peer-Reviewed Journal, 4(4), 302–316.

Published

2025-05-12

How to Cite

Leland IV, J., Chilton, C., Schraeder, B., Walliser, J., & Sadhasivan, S. (2025). Developing a Model-Based Systems Engineering Tool for Cybersecurity Risk Management of Micro-Electronic Devices. Industrial and Systems Engineering Review, 12(2), 121-126. https://doi.org/10.37266/ISER.2025v12i2.pp121-126

Issue

Vol. 12 No. 2 (2025): Industrial and Systems Engineering Review - GDRKMCC24 Special Issue

Section

Articles

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

The copyediting stage is intended to improve the flow, clarity, grammar, wording, and formatting of the article. It represents the last chance for the author to make any substantial changes to the text because the next stage is restricted to typos and formatting corrections. The file to be copyedited is in Word or .rtf format and therefore can easily be edited as a word processing document. The set of instructions displayed here proposes two approaches to copyediting. One is based on Microsoft Word's Track Changes feature and requires that the copy editor, editor, and author have access to this program. A second system, which is software independent, has been borrowed, with permission, from the Harvard Educational Review. The journal editor is in a position to modify these instructions, so suggestions can be made to improve the process for this journal.

Crossref
Scopus
Google Scholar
Europe PMC