A System-of-Systems Approach to Cyber Security and Resilience

Publication Type:

Journal Article


Information & Security: An International Journal, Volume 37, p.69-94 (2017)


collaboration-oriented architecture, composite cyber risk, cyber picture, cyber resilience, cyber risks, cyber threats, de-perimetrization, Situational awareness, system-of-systems, zero trust model


To address the cybersecurity, safety, and reliability aspects of the entire digitalized ecosystems, we need first to understand and possibly model how the respective computer systems of different participating entities interoperate and collaborate. Modern computer systems and emerging applications are not just largescale and complex in the digitally connected world. We categorize them also as decentralized, distributed, networked, interoperable compositions of heterogeneous and (semi)autonomous systems and/or elements. These new types of composite systems with emergent behavior have been defined as “Systems of Systems” (SoS). This paper explores different types of SoS and analyzes the interdependencies to manage cybersecurity threats and risks and achieve cyber resilience. We review various definitions and types of SoS and the application of SoS approach to situational awareness, threat intelligence, and composite risk assessment. An SoS view on managing the supply/value chain cyber risks is also outlined.

Last updated: Monday, 19 December 2022