Validating Reliability and Security Requirements in Public Sector Infrastructure Built by Small Companies

Authors

  • Roar E. Georgsen University of South-Eastern Norway, Norway
  • Geir M. Køien University of South-Eastern Norway, Norway https://orcid.org/0000-0002-7363-0076

DOI:

https://doi.org/10.13052/jicts2245-800X.1311

Keywords:

Model-based systems engineering, security by design, ICT dependability

Abstract

Municipal infrastructure in Norway is built primarily by small specialist companies acting as subcontractors, mostly with minimal experience working with information and communication technology (ICT). This combination of inexperience and lack of resources presents a unique challenge. This paper applies model-based systems engineering (MBSE) using the systems modelling language (SysML) to combine validation of reliability and security requirements within a mission-aware interdisciplinary context. The use case is a 6LoWPAN/CoAP-based system for urban spill water management.

Downloads

Download data is not yet available.

Author Biographies

Roar E. Georgsen, University of South-Eastern Norway, Norway

Roar E. Georgsen received his B.Eng. in Computer Engineering and an M.Sc. in Systems Engineering from the University of South-Eastern Norway (USN). Currently, he is the CTO of Aiwell and an Industrial PhD Research Fellow with USN in Horten, Norway. His research interests include model-based systems engineering, digital transformation in small engineering teams, and integrated safety, security and reliability design.

Geir M. Køien, University of South-Eastern Norway, Norway

Geir M. Køien received his PhD from Aalborg University, on access security for mobile systems. He has also worked for many years in industry, including LM Ericsson Norway and Telenor R&D. During these years he worked extensively with mobile systems and with security and privacy. He has also worked with the Norwegian Defence Research Establishment and with Norwegian Communications Authority on various security and communications related projects. Currently, he is a professor with the University of South-Eastern Norway (USN).

References

United Nations Environment Programme. Sustainable infrastructure and finance – How to contribute to a sustainable future. Technical report, United Nations, 2016.

Julie Rozenberg. Beyond the Gap: How Countries Can Afford the Infrastructure They Need While Protecting the Planet. 2019.

United Nations, Department of Economic and Social Affairs, and Population Division. World Urbanization Prospects: The 2018 Revision. 2019.

Statistisk sentralbyrå (SSB). Kommunal vannforsyning. https://www.ssb.no/natur-og-miljo/vann-og-avlop/statistikk/kommunal-vannforsyning. Accessed on 2020-07-01.

Ole Petter Pedersen. 76.000 har E. coli i drikkevannet – sjekk din kommune her. https://www.tu.no/artikler/83-000-har-e-coli-i-drikkevannet-sjekk-din-kommune-her/467719, June 2019.

Jannicke Nilsen. Varaordfører: Høydebassenget stenges for godt. https://www.tu.no/artikler/varaordforer-pa-askoy-hoydebasseng-stengt-for-godt/467738, June 2019.

Frode Skår. Investeringsbehovet fortsetter å øke. https://www.norskvann.no/index.php/10-nyheter/2420-investeringsbehovet-fortsetter-%C3%A5-%C3%B8ke, October 2020.

May Rostad. Finansieringsbehov i vannbransjen 2016–2040. Technical Report 223/2017, Norsk Vann, 2017.

Hilde Ludt and Morten Engebretsen. Sikkerhetskrav i IKT-anskaffelser. Technical Report 01/2019, Oslo Kommune Kommunerevisjonen, 2019.

Øystein Solaas. 1 av 6 ansatte i Bergen kommune ga fra seg passord: Et gjenstridig problem. https://www.digi.no/artikler/kommentar-1-av-6-ansatte-i-bergen-kommune-ga-fra-seg-passord-et-gjenstridig-problem/479522, November 2019.

Heidi Sævold. Fersk rapport: Oslo kommune stilte for dårlige sikkerhetskrav til egne IT-systemer. https://www.digi.no/artikler/fersk-rapport-oslo-kommune-stilte-for-darlige-sikkerhetskrav-til-egne-it-systemer-br/457890, February 2019.

Marius B. Jørgenrud. Nesten hundre norske kommuner har usikre nettsider. https://www.digi.no/artikler/nesten-hundre-norske-kommuner-har-usikre-nettsider/480840, December 2019.

Overordnede risiko-og sårbarhetsvurderinger for nasjonal beredskap i helse- og omsorgssektoren 2019. Technical Report IS-2841, Helsedirektoratet, 2019.

Brian Krebs. What’s Most Interesting about the Florida Water System Hack? That We Heard about It at All. . https://krebsonsecurity.com/2021/02/whats-most-interesting-about-the-florida-water-system-hack-that-we-heard-about-it-at-all, February 2021.

Per Helge Seglsten. Paragrafene som dekker datasikkerhet for kraftverk har 9.826 ord. De for vannverk har 96. https://www.digi.no/artikler/paragrafene-som-dekker-datasikkerhet-for-kraftverk-har-9-826-ord-de-for-vannverk-har-96/507440, March 2021.

Harald Brombach. IT-sikkerheten i vannverk og fjøs får svært lite oppmerksomhet hos tilsynsmyndigheten. https://www.digi.no/artikler/it-sikkerheten-i-vannverk-og-fjos-far-svaert-lite-oppmerksomhet-hos-tilsynsmyndigheten/474093, October 2019.

Harald Brombach. Kontrollpanelet til norsk vannverk lå åpent på internett. https://www.digi.no/artikler/kontrollpanelet-til-norsk-vannverk-la-apent-pa-internett/466822, June 2019.

Statistisk sentralbyrå (SSB). Number of enterprises, by economic activity and size groups. https://www.ssb.no/en/virksomheter-foretak-og-regnskap/statistikker/foretak/aarleg-omsetning-og-sysselsetting/2020-07-09. Accessed on 2020-07-09.

Organisation for Economic Co-operation and Development (OECD). Entrepreneurship at a Glance 2017. Technical report, Paris, France, September 2017.

Leontin K. Grafmüller, Stephan Hankammer, Sarah Hönigsberg, and Hendrik Wache. Developing complex, mass-customized products in SME networks: Perspectives from co-creation, solution space development, and information system design. International Journal of Industrial Engineering and Management, 9(4):215–227, December 2018.

Xuan-Linh Tran. Systems Engineering Tool Selection Framework for Australian Defence Small and Medium Enterprises. PhD thesis, University of South Australia, 2014.

Angela D. Robinson. Very small entities (VSE); The final systems engineering (SE) frontier. In 2018 Annual IEEE International Systems Conference (SysCon), pages 1–4, Vancouver, BC, April 2018. IEEE.

Trusler og Trender 2021. Technical report, NorSIS, 2021.

Systems Engineering Vision 2020. Technical Report version 2.03, International Council on Systems Engineering (INCOSE).

J Stephen Topper and Nathaniel C Horner. Model-Based Systems Engineering in Support of Complex Systems Development. Johns Hopkins APL Technical Digest, 32(1):14, 2013.

Azad M. Madni and Michael Sievers. Model-based systems engineering: Motivation, current status, and research opportunities. Systems Engineering, 21(3):172–190, 2018.

Nadia A Tepper. Exploring the use of Model-based Systems Engineering (MBSE) to develop systems architectures in naval ship design. Technical report, Massachusetts Institute of Technology, Cambridge, MA, 2010.

Chris Paredis. Model-based systems engineering: A roadmap for academic research. Frontiers in Model-Based Systems Engineering, Atlanta, GA, 2011.

Raymond Jorgensen. Defining Operational Concepts using SysML: System Definition from the Human Perspective. INCOSE International Symposium, 21(1):3005–3138, 2011.

Object Management Group (OMG). OMG Systems Modeling Language (OMG SysML), v1.6, 2018.

Systems Modeling Language (SysML) v2 RFP ad/2017-12-02, 2017.

Hans Peter de Koning. What to Expect from SysML v2. In MBSE2020 Workshop, page 19, 2020.

MovGP0. SysML Diagram Taxonomy. https://commons.wikimedia.org/wiki/File:SysML_Diagram_Taxonomy.svg, 22 January 2013, 01:56:32.

Modelica Association. Functional Mock-up Interface for Model Exchange and Co-Simulation – Version 2.0.1, 2019.

Object Management Group (OMG). SysML Extension for Physical Interaction and Signal Flow Simulation – Version 1.0, 2018.

Robert Karban, Nerijus Jankevičius, and Maged Elaasar. ESEM: Automated systems analysis using executable sysml modeling patterns. In INCOSE International Symposium, volume 26, pages 1–24. Wiley Online Library, 2016.

Minjun Seo and Roman Lysecky. Non-intrusive in-situ requirements monitoring of embedded system. ACM Transactions on Design Automation of Electronic Systems (TODAES), 23(5):1–27, 2018.

Sylvia Melzer, Jan Philip Speichert, Oliver C Eichmann, and Ralf God. Simulating cyber-physical systems using a broker-based SysML toolbox. In Proc. 7th Int. Workshop Aircr. Syst. Technol.(AST), pages 411–420, 2019.

Jim Johnson. CHAOS 2020 Beyond Infinity. Technical report, Standish Group International, 2020.

Adam Shostack. Elevation of Privilege: Drawing Developers Into Threat Modeling. In 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14), 2014.

Bjarne E. Helvik, Karin Sallhammar, and Svein J. Knapskog. Integrated Dependability and Security Evaluation Using Game Theory and Markov Models. In Yi Qian, James Joshi, David Tipper, and Prashant Krishnamurthy, editors, Information Assurance, The Morgan Kaufmann Series in Networking, pages 209–245. Morgan Kaufmann, Burlington, January 2008.

Bjarne E. Helvik, Petra Vizarreta, Poul E. Heegaard, Kishor Trivedi, and Carmen Mas-Machuca. Modelling of Software Failures. In Jacek Rak and David Hutchison, editors, Guide to Disaster-Resilient Communication Networks, Computer Communications and Networks, pages 141–172. Springer International Publishing, 2020.

Ivo Friedberg, Kieran McLaughlin, Paul Smith, David Laverty, and Sakir Sezer. STPA-SafeSec: Safety and Security Analysis for Cyber-Physical Systems. Journal of Information Security and Applications, 34:183–196, June 2017.

Bryan T. Carter, Georgios Bakirtzis, Carl R. Elks, and Cody H. Fleming. Systems-Theoretic Security Requirements Modeling for Cyber-Physical Systems. Systems Engineering, 22(5):411–421, 2019.

B. T. Carter, G. Bakirtzis, C. R. Elks, and C. H. Fleming. A Systems Approach for Eliciting Mission-Centric Security Requirements. In 2018 Annual IEEE International Systems Conference (SysCon), pages 1–8, April 2018.

G. Bakirtzis, B. T. Carter, C. R. Elks, and C. H. Fleming. A Model-Based Approach to Security Analysis for Cyber-Physical Systems. In 2018 Annual IEEE International Systems Conference (SysCon), pages 1–8, April 2018.

Edward Huang, Leon F McGinnis, and Steven W Mitchell. Verifying SysML activity diagrams using formal transformation to Petri nets. Systems Engineering, 23(1):118–135, 2020.

Florian Lugou, Letitia W Li, Ludovic Apvrille, and Rabéa Ameur-Boulifa. Sysml models and model transformation for security. In 2016 4th International Conference on Model-Driven Engineering and Software Development (MODELSWARD), pages 331–338. IEEE, 2016.

Rabéa Ameur-Boulifa, Florian Lugou, and Ludovic Apvrille. Sysml Model Transformation for Safety and Security Analysis. In Security and Safety Interplay of Intelligent Software Systems, pages 35–49. Springer, 2018.

Adam Shostack. Elevation of Privilege: Drawing Developers into Threat Modeling. In USENIX Summit on Gaming, Games, and Gamification in Security Education, page 12, 2014.

Adam Shostack. Threat Modeling: Designing for Security. Wiley, Indianapolis, IN, 2014.

Peter M. Shames and Marc A. Sarrel. A modeling pattern for layered system interfaces. INCOSE International Symposium, 25(1):914–927, 2015.

National Institute of Standards and Technology (NIST). National Vulnerability Database (NVD) – CVE-2020-3162. https://nvd.nist.gov/vuln/detail/CVE-2020-3162#range-4768798.

Kishor Shridharbhai Trivedi and Andrea Bobbio. Reliability and Availability Engineering: Modeling, Analysis, and Applications. Cambridge University Press, New York, NY, USA, 2017.

Downloads

Published

2025-06-18

How to Cite

Georgsen, R. E. ., & Køien, G. M. . (2025). Validating Reliability and Security Requirements in Public Sector Infrastructure Built by Small Companies. Journal of ICT Standardization, 13(01), 1–24. https://doi.org/10.13052/jicts2245-800X.1311

Issue

2025: Vol 13 Iss 1

Section

Articles