Why model-based systems engineering is about more than just compliance

gettyimages.com/ MR.Cole_Photographer

Tracy Gregorio By Tracy Gregorio,
CEO, G2 Ops

By Tracy Gregorio

|

Known as MBSE, model-based systems engineering offers a way to standardize IT systems while increasing cyber resiliency.

Model-based systems engineering is quietly, but consistently, becoming an important part of the design, maintenance, and cybersecurity of the federal government’s most complex IT platforms. MBSE supports the Department of Defense’s push towards digital engineering, and helps designers create more effective and resilient systems of systems.

MBSE is now required in many new DoD contracts, and even skeptics are seeing benefits as MBSE helps projects complete time-intensive Risk Management Framework activities in days rather than weeks or months.

But it’s a mistake to limit MBSE’s impact to documenting RMF compliance.

Model-based systems engineering is a key catalyst in making federal systems truly cyber resilient. MBSE enhances resilience by tackling the challenge of always knowing the current state of a system’s potential attack surface, even when they change month-by-month for obsolescence replacements, capabilities insertion, or software updates.

The challenge of efficiently creating cyber-secure systems grows exponentially when systems like those used by our military, are deployed in dozens, or even hundreds, of different configurations, such as those across the fleet of Arleigh Burke class destroyers. Mastering this configuration management issue is essential for effective cybersecurity assessment and remediation planning.

Unfortunately, we lose effectiveness and efficiency when each federal system program manager creates their own set of siloed MBSE models. To be an effective tool for enhancing cyber-resilience across infrastructures, MBSE models should be standardized, and that isn’t happening fast enough.

Over the past several years, I have seen the value of standardizing MBSE processes across projects and clients, whether for submarine communications, back-office administrative processes, or creating a new smart warehouse.

Cross-model standards are used in setting definitions of common system component types and data model libraries that can then be easily reused across projects. Such standards help to efficiently deliver RMF artifacts, generate common engineering reports, and build reusable cyber-resilience tools.

I encourage federal contractors to standardize their system models, internally and in partnership with others, to improve project delivery across systems.

Standardization of MBSE models, whether for a submarine fleet, a cross-regional regulation system, or another complex system of system, will enable the following:

Transfer skills more easily.

Standardizing MBSE system models can improve transferability of skills among analysts. A common language and representation for the system can promote transparent communication between team members, encouraging a unified design process, with each easily seeing others’ contributions.

A common documentation approach can ease cross-project knowledge transfer and programmatic validation to remove inconsistencies. This improves system analysis and reduces defects that can arise in traditional document-based approaches.

Improve cohesion with collaborating vendors.
Many Federal projects involve collaboration across multiple vendors and/or subcontractors. Maintaining cohesion across them is crucial to ensuring that different system components work together seamlessly. A common MBSE model facilitates a shared understanding of the system's architecture, requirements, interfaces, and behaviors. This helps the various vendors align their work within a unified vision, reducing misunderstandings and conflicts. Standardized modeling languages and notations (e.g., SysML, UML) can reduce ambiguity and make it easier to integrate components. In essence, a common MBSE model acts as a bridge between vendors, facilitating collaboration, communication, and alignment throughout project lifecycles.

Reduce documentation burdens.

A standardized MBSE model can greatly reduce the time and effort required for project documentation. Instead of maintaining separate documents for each aspect of the project, a common MBSE model serves as a central information repository.

This reduces the need to duplicate data across documents. Since the common MBSE model acts as the single source of truth for a project, it ensures that everyone references the same up-to-date information.

One of the most obvious places to standardize MBSE tools is for automated creation of documentation. Automating the creation of RMF artifacts saves time and reduces the chances of human errors in manual documentation.

Compliance auditing is simplified with MBSE models because the entire history of changes, approvals, and decisions are captured within the model. This provides a clear record of who did what and when.
Shorten delivery timelines.

A common model enables early detection of conflicts, inconsistencies, and potential issues in the design. By identifying and addressing these problems early in the project lifecycle, teams can avoid costly delays that would arise if issues were discovered later.

With the streamlined communication of a shared MBSE model, contractors can eliminate the need for lengthy explanations, reduce miscommunication, and save discussion time. Different teams or subcontractors can work on their components in parallel, guided by the common MBSE model.

This concurrent development reduces sequential dependencies and speeds up the overall project timeline. Reusable MBSE model components can capture design patterns, best practices, and functional subsystems. This reusability across projects saves time and effort and avoids reinventing the wheel for each project.

In summary, a common MBSE model optimizes communication, enhances collaboration, supports informed decision-making, and promotes streamlined workflows. These benefits collectively lead to higher quality project delivery by reducing rework, minimizing misunderstandings, and enabling parallel development while maintaining a focus on quality and accuracy.

Tracy Gregorio is the CEO of G2 Ops, Inc, a certified woman-owned small business that provides cloud migration, model-based systems engineering and security engineering solutions to the U.S. Navy, U.S. Coast Guard, U.S. Air Force, and commercial businesses. She is the cybersecurity committee chair of the Virginia Ship Repair Association and a board member of the Virginia Maritime Association and the Commonwealth Cyber Initiative. Ms. Gregorio earned an M.S. in computer science from Old Dominion University, a B.S. in computer science from Virginia Tech and a certificate in cybersecurity: technology, application, and policy from MIT.

NEXT STORY: Are we 30 days from a government shutdown?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.