Automate cybersecurity analysis with MBSE workflows enabled by AWS

In today’s rapidly evolving technological landscape, US government customers face numerous challenges in modernizing the design, building, testing, and sustainment of the next generation of major weapon systems. Organizations have relied on a systems engineering approach to design complex systems. Platforms have evolved into tightly integrated systems of systems, which is driving organizations to transform their document-based systems engineering processes into digital engineering and model-based systems engineering (MBSE). MBSE, as described by International Council on Systems Engineering (INCOSE), is the formalized application of modeling to support system requirements, design, and analysis activities during the system’s lifecycle.

Digital engineering fundamentally relies on integrating data across model structures by using a digital thread – an underlying framework for integrating data from across traditionally siloed functions that create a consolidated view of the system’s data throughout its lifecycle.

The cloud is integral to digital engineering by supporting collaboration across geographically dispersed organizations, automating workflows for data connectivity and trade space analysis in a reliable, scalable, and cost-effective manner. Amazon Web Services (AWS) Partner General Dynamics Information Technology (GDIT) develops innovative solutions to address challenging digital engineering requirements for US government customers.

In this blog, we explore how GDIT has used digital engineering in combination with secure and scalable AWS services, to deliver secure IT systems to a large defense program.

Building secure IT systems

Traceability is an important component in ensuring the security of systems and is often required by many government organizations. Traceability is crucial to obtaining an Authorization to Operate (ATO), which authorizes the operation of an information system on behalf of a federal agency based on the implementation of Federal Information Security Management Act (FISMA) standards, cybersecurity Risk Management Framework (RMF), and security controls.

Unfortunately, current cybersecurity practices and tools are often disconnected from IT infrastructure. This results in increased time spent on documenting the security posture of the information system and, consequently, more effort to achieve and sustain an ATO.

By combining digital engineering workflows enabled by AWS services and model-based methodologies, customers can automate the building and monitoring of IT systems infrastructure, and accomplish faster mission outcomes and time to achieve an ATO.

GDIT develops new method to visualize system data

GDIT developed Navigable Relationships (NavRel), a model-based solution, to capture and visualize data using digital threads. The NavRel solution automated the construction of secure cloud infrastructure by creating a digital thread developed using MBSE, AWS CloudFormation templates, and automation orchestrated with AWS Lambda. NavRel provided visibility to data from different domains such as requirements and system configuration.

This continuous awareness of system data has enhanced threat detection and the security of IT systems and reduced time to achieve an ATO. This data is also used by automation processes such as the generation of artifacts supporting RMF and ATO efforts.

We will dive into an RMF review use case to see how GDIT’s NavRel solution helps optimize and improves cybersecurity analysis for organizations.

Improved visibility and reduced lead time for cybersecurity analysis

Continuous monitoring plays a central role in the National Institute of Standards and Technology‘s (NIST) RMF, which provides a structured process for near real-time risk management. It requires an assessment of all security controls.

In this use case of the RMF review process, we examine the control for “system-generated alerts” using a model-based approach. Here, we require a server to run system monitoring software to generate alerts. An IT engineer works alongside a cybersecurity analyst to develop the appropriate solution for this control. Often, this is a manual process where a screenshot is taken by the analyst to form bodies of evidence for the purpose of cybersecurity control satisfaction. This process needs to be repeated when configurations are changed or the server is shut down to perform maintenance.

GDIT uses a model-based approach, using systems modeling language (SysML) profiles with stereotypes for cybersecurity controls along with specific tag values for a variety of planning and design data. It captured requirements with specific tags (such as “status” and “control type”) and design-time decisions within the MBSE model. This allowed for development of automated workflows to support knowledge sharing and provide traceability to key design considerations.

By using GDIT’s NavRel solution, a digital thread was designed to relate each design artifact to its corresponding cybersecurity controls. For example, there is a requirement to deploy a new Amazon Elastic Compute Cloud (Amazon EC2) server to host a security information and event management (SIEM) suite of applications. In this case, NavRel helped the IT engineer trace the requirement to its applicable controls and consider the corresponding design decisions. It also has helped provide the added context of visibility to other related cybersecurity controls impacting the IT solution, such as reporting frequency, server scaling, and server availability.

So, changes made to the server or system configuration were automatically reflected in the MBSE system model along with relevant information, such as the IP address of the AWS server, the instance type, tag values, and its running state. This helped reduce the time consuming and error-prone process of manual documentation.

GDIT’s NavRel approach also offers a visualization solution called NavRel Viz, which exposes the graph database to users through queries, searches, and filters. This allows data from multiple digital thread domains to be visualized in parallel to illustrate how information is connected. By populating a digital thread with cybersecurity data during the lifecycle of an IT system, stakeholders have access to information to make objective analyses, resulting in faster decisions with increased security. This is in contrast to a document-based implementation where this kind of cybersecurity information is typically lost and not preserved.

Cybersecurity dashboards were also developed using NavRel’s digital thread endpoints to display current system information about critical cyber controls such as data from JIRA or AWS. This allowed a cyber analyst to continuously monitor the satisfaction of critical controls and reduce the lead time for reviewing RMF artifact from six months to two weeks.

Conclusion

Digital engineering is transforming industries from weapon systems platforms to enterprise IT. By allowing engineering and security teams to focus on real-time automated data rather than on documents and manual tasks, digital engineering processes built on flexible and scalable AWS Cloud can optimize workflows which dramatically reduces errors and improves performance.

Learn more about implementing MBSE in your agency by exploring the AWS Solutions Library and search MBSE. See how more than 7,500 government agencies around the world use AWS at the AWS for Government hub.