Why model-based systems engineering is about more than just compliance

gettyimages.com/ MR.Cole_Photographer

Known as MBSE, model-based systems engineering offers a way to standardize IT systems while increasing cyber resiliency.

Model-based systems engineering is quietly, but consistently, becoming an important part of the design, maintenance, and cybersecurity of the federal government’s most complex IT platforms. MBSE supports the Department of Defense’s push towards digital engineering, and helps designers create more effective and resilient systems of systems.

MBSE is now required in many new DoD contracts, and even skeptics are seeing benefits as MBSE helps projects complete time-intensive Risk Management Framework activities in days rather than weeks or months.

But it’s a mistake to limit MBSE’s impact to documenting RMF compliance.

Model-based systems engineering is a key catalyst in making federal systems truly cyber resilient. MBSE enhances resilience by tackling the challenge of always knowing the current state of a system’s potential attack surface, even when they change month-by-month for obsolescence replacements, capabilities insertion, or software updates.

The challenge of efficiently creating cyber-secure systems grows exponentially when systems like those used by our military, are deployed in dozens, or even hundreds, of different configurations, such as those across the fleet of Arleigh Burke class destroyers. Mastering this configuration management issue is essential for effective cybersecurity assessment and remediation planning.

Unfortunately, we lose effectiveness and efficiency when each federal system program manager creates their own set of siloed MBSE models. To be an effective tool for enhancing cyber-resilience across infrastructures, MBSE models should be standardized, and that isn’t happening fast enough.

Over the past several years, I have seen the value of standardizing MBSE processes across projects and clients, whether for submarine communications, back-office administrative processes, or creating a new smart warehouse.

Cross-model standards are used in setting definitions of common system component types and data model libraries that can then be easily reused across projects. Such standards help to efficiently deliver RMF artifacts, generate common engineering reports, and build reusable cyber-resilience tools.

I encourage federal contractors to standardize their system models, internally and in partnership with others, to improve project delivery across systems.

Standardization of MBSE models, whether for a submarine fleet, a cross-regional regulation system, or another complex system of system, will enable the following:

Transfer skills more easily.

Standardizing MBSE system models can improve transferability of skills among analysts. A common language and representation for the system can promote transparent communication between team members, encouraging a unified design process, with each easily seeing others’ contributions.

A common documentation approach can ease cross-project knowledge transfer and programmatic validation to remove inconsistencies. This improves system analysis and reduces defects that can arise in traditional document-based approaches.

Improve cohesion with collaborating vendors.
Many Federal projects involve collaboration across multiple vendors and/or subcontractors. Maintaining cohesion across them is crucial to ensuring that different system components work together seamlessly. A common MBSE model facilitates a shared understanding of the system's architecture, requirements, interfaces, and behaviors. This helps the various vendors align their work within a unified vision, reducing misunderstandings and conflicts. Standardized modeling languages and notations (e.g., SysML, UML) can reduce ambiguity and make it easier to integrate components. In essence, a common MBSE model acts as a bridge between vendors, facilitating collaboration, communication, and alignment throughout project lifecycles.

Reduce documentation burdens.

A standardized MBSE model can greatly reduce the time and effort required for project documentation. Instead of maintaining separate documents for each aspect of the project, a common MBSE model serves as a central information repository.

This reduces the need to duplicate data across documents. Since the common MBSE model acts as the single source of truth for a project, it ensures that everyone references the same up-to-date information.

One of the most obvious places to standardize MBSE tools is for automated creation of documentation. Automating the creation of RMF artifacts saves time and reduces the chances of human errors in manual documentation.

Compliance auditing is simplified with MBSE models because the entire history of changes, approvals, and decisions are captured within the model. This provides a clear record of who did what and when.
Shorten delivery timelines.

A common model enables early detection of conflicts, inconsistencies, and potential issues in the design. By identifying and addressing these problems early in the project lifecycle, teams can avoid costly delays that would arise if issues were discovered later.

With the streamlined communication of a shared MBSE model, contractors can eliminate the need for lengthy explanations, reduce miscommunication, and save discussion time. Different teams or subcontractors can work on their components in parallel, guided by the common MBSE model.

This concurrent development reduces sequential dependencies and speeds up the overall project timeline. Reusable MBSE model components can capture design patterns, best practices, and functional subsystems. This reusability across projects saves time and effort and avoids reinventing the wheel for each project.

In summary, a common MBSE model optimizes communication, enhances collaboration, supports informed decision-making, and promotes streamlined workflows. These benefits collectively lead to higher quality project delivery by reducing rework, minimizing misunderstandings, and enabling parallel development while maintaining a focus on quality and accuracy.

Tracy Gregorio is the CEO of G2 Ops, Inc, a certified woman-owned small business that provides cloud migration, model-based systems engineering and security engineering solutions to the U.S. Navy, U.S. Coast Guard, U.S. Air Force, and commercial businesses. She is the cybersecurity committee chair of the Virginia Ship Repair Association and a board member of the Virginia Maritime Association and the Commonwealth Cyber Initiative. Ms. Gregorio earned an M.S. in computer science from Old Dominion University, a B.S. in computer science from Virginia Tech and a certificate in cybersecurity: technology, application, and policy from MIT.