You are here

Unified Cybersecurity System Modeling of Naval Control Systems



OBJECTIVE: Develop a tool that creates a unified model for complex system of systems to enable cybersecurity analysis of Naval Control Systems (NCS). 

DESCRIPTION: Naval Control Systems (NCSs) are comprised of systems of systems divided into enclaves (Hull Mechanical and Electrical, Combat System, etc.). Existing tools allow systems engineers to document and model individual or multiple attributes of an NCS (architecture, physical connections, enclaves, mission threads, cybersecurity threats, etc.) but require system engineers to work across models and other artifacts since they are not connected. Conducting systems of systems analysis across non-connected models and artifacts makes it very difficult to conduct cybersecurity analysis of a system. Currently, systems focus more on modelling of the systems and less on their cybersecurity aspect. Currently, no tools exist that can provide this type of analysis. System engineers need a tool to develop a unified cybersecurity system model that provides the capability to conduct cybersecurity analysis of an NCS. A tool to create a unified cybersecurity system model will incorporate the key system attributes required for cybersecurity analysis of any NCS. This will require portability to any NCS. Attributes include the physical architecture (including both computing hardware and networks), data flows and their performance requirements, and deployed software components and operating environments (including product IDs, versions, etc.). It will also include mission threads executed by the system, mission thread to system component dependencies, system component partitioning (enclaves), system states and modes, system cybersecurity protections, vulnerabilities, posture (CYBERSAFE condition), threats, and penetration pathways. The tool must support the ability to make changes to key system attributes so “what-if” scenarios can be explored in near real time. For example, the model would be able to help a system engineer answer questions like “how do penetration pathways change in the system when the cybersecurity posture is changed” or “how could an emergent vulnerability affect a particular set of hosts within an NCS?” Understanding the potential impact of existing and emergent cybersecurity vulnerabilities and the impact to Navy missions if exploited will result in better system architectures and designs. Optimization of architectures will contribute to reductions in cyber related acquisition and maintenance costs because the overall system contains more efficient cyber functionality and cyber-resilient system designs. Fielding of better cyber capabilities can reduce operational impacts due to cyber attack and improved warfighter workloads system architectures and designs reduce the amount of re-work and maintenance needed after systems are deployed. Tool attributes for leveraging (importing) existing NCS artifacts (system architecture diagrams, vulnerability scan results, Ports, Protocols, Services documentation, network switch configurations, etc.) must be provided to simplify the effort required to create a unified cybersecurity system model for an existing system. Unified cybersecurity systems models created must be scalable to the size of typical combat systems (AEGIS and/or Ship Self Defense System [SSDS]). The models developed should incorporate potential reductions in system lifecycle costs through impact analysis for cybersecurity vulnerabilities, threats, etc., for effective resource prioritization. They should facilitate optimization of the cybersecurity architecture of a system prior to its development to create required Risk Management Framework artifacts. This would enable assessing the potential impact of new vulnerabilities identified. The Phase II effort will likely require secure access, and NAVSEA will process the DD254 to support the contractor for personnel and facility certification for secure access. The Phase I effort will not require access to classified information. If need be, data of the same level of complexity as secured data will be provided to support Phase I work. Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. Owned and Operated with no Foreign Influence as defined by DOD 5220.22-M, National Industrial Security Program Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Security Service (DSS). The selected contractor and/or subcontractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances, in order to perform on advanced phases of this contract as set forth by DSS and NAVSEA in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material IAW DoD 5220.22-M during the advance phases of this contract. 

PHASE I: Define and develop a concept for a software tool that enables the creation of a unified cybersecurity model for complex system of systems that incorporates key system aspects critical to NCS cybersecurity. The concept will show that it can feasibly address the requirements discussed in the description for meeting cybersecurity needs. Feasibility will be established through analysis and modeling. The Phase I Option, if awarded, will include the initial design specifications and capabilities description to build a prototype in Phase II. Develop a Phase II plan. 

PHASE II: Based on the results of Phase I and the Phase II Statement of Work (SOW), develop and deliver a prototype of the software tool for creating a unified cybersecurity system model that enables the cybersecurity analysis of a NCS. The prototype must demonstrate the creation of a unified cybersecurity model for any Navy-specified NCS (such as an AEGIS or SSDS combat system) that incorporates the key cybersecurity-related system attributes defined in the Description section. The prototype must demonstrate that it can utilize existing Navy-specified NCS artifacts to simplify the creation of the model and that system attributes can be modified in the model to answer “what-if” questions. The demonstration will occur at a Government- or company-provided facility. Prepare a Phase III development plan to transition the technology for Navy use. It is probable that the work under this effort will be classified under Phase II (see Description section for details). 

PHASE III: Assist the Navy in transitioning the demonstrated technologies to allow further experimentation and refinement. The cybersecurity model should provide support for AEGIS or SSDS NCSs and the associated system engineering activities of the Program. The technology developed has a high potential for dual use because it should be easily adapted to non-Navy Control Systems such as industrial controls system used for factory automation, power grid control, chemical process control, etc. System modeling for cybersecurity assessment is of high interest to both the DoD and private industry in protecting their networks. Any industry that uses a complicated network can use this technology. 


1: Freedberg, Jr., Sydney. "Navy Rolls Out CYBERSAFE: ‘Our Operational Network Is Under Fire’.", 20 APR 2015.

2:  "Risk Management Framework (RMF) Overview." National Institute of Standards and Technology (NIST), 30 Jan. 2017.

3:  McDonald, Michael J. and Richardson, Bryan T. "Position Paper: Modeling and Simulation for Process Control System Cyber." Sandia National Laboratories, 2009.

KEYWORDS: Cybersecurity Analysis Of An AEGIS NCS; Risk Management Framework Artifacts; System Of Systems Cybersecurity; Unified Cybersecurity System Model; Impact Analysis For Cybersecurity Vulnerabilities; CYBERSAFE Condition 


Judah Nyden 

(202) 781-5326 

Phillip Irey 

(540) 284-0101 

US Flag An Official Website of the United States Government