Dinner Meeting – Wednesday 20 April 2011 Why and How to Defend Software Applications from Threats Dr. Rudy Spraycar, Ph.D; Chief Systems Engineer; TASC, Inc
Presentation: DCID 6/3, ICD 503, and NIST 800-53 reflect the need for Cyber Security in software, and the annual “CWE/SANS Top 25 Most Dangerous Errors Leading to Vulnerabilities” list documents the most common causes of application vulnerabilities. 80% or more of cyber attacks focus on applications. The DoD, the IC, and industry are all looking for objective and independent assessments of application vulnerabilities, and for guidance for developers to follow in minimizing vulnerabilities in new code. COTS products proposed for use also must be analyzed before their deployment.
We have been developing and applying a complex of automated and manual tactics for identifying significant security vulnerabilities in applications by means of static analysis techniques, as well as for guiding mitigations of vulnerabilities that are found in the software analyzed. Working with partners in industry and academia, our research continues to seek means to increase the proportion of these activities that can be automated.
Speaker: Dr. Rudy Spraycar is Chief Systems Engineer in the Office of the Director of National Intelligence’s Enterprise Engineering Group. He also plays a role on the Software Code Analysis Services team at TASC. In his 28 years in IT, he has served various employers and clients as systems engineer, software engineer, computer scientist, data modeler, corporate trainer, task leader, and SETA, as well as manager of software development, and manager of cartographic and geocoding services. Spraycar earned a Master of Engineering Science in Computer Science from Loyola University Maryland, a Ph.D. in Languages from Cornell University, and a B.A. cum laude with Highest Honors in English from Williams College. Holder of PMP and ITIL certifications, he has just passed the examination for the CSEP designation.
– By website: Credit card via PayPal, go to our >>Registration Page<< for details on the presentation, more about the panelists, cost details, cancellations, and directions
Presentation ONLY: FREE (no reservations necessary)
The purpose of the Chesapeake Chapter is to foster the definition, understanding, and practice of world class systems engineering in industry, academia, and government. In light of that goal, every month at our dinner meeting we have a drawing for the latest in Systems Engineering literature. So come on out for a chance to win.
This month’s door prize is: Something Good
Come to the meeting to find out
The President’s Corner
INCOSE Planning: Where is GEN-X?
As you already know, the INCOSE Chesapeake Chapter (INCOSE.CC) is highly participatory. On the third Wednesday of every month we have an outstanding technical talk. We try for a mixture of panels, techniques, applications, research, training, tools, and policy-makers. We also cross-list talks from NASA, JHUAPL, IEEE, and AIAA. We sponsor certification talks and courses. We run study groups like OOSEM, foundation work like ISO/IEC 15288, and hot tutorials like MBSE. As a member, you can take advantage of any of these programs. Our website has a LIBRARY and ARCHIVES where you can find most of the slides and all the flyers for meetings dating all the way back to 2001. Look around … I’m sure you’ll find something of interest.
If you want new and different topics, tell us about it! If you have seen programs that might be of interest to the chapter, tell us about that too. Please e-mail me firstname.lastname@example.org.
Underneath it all are the formal planning tools. You can participate in these as well. The formal foundations lie in Robert’s rules of order and the bylaws. On top of them are the strategic and operational plans. Right now we are publishing the Strategic and Operational plans for your consideration and approval. Just click >>HERE<< and you will be able to review both documents. If you want to make changes, follow the instructions and we will integrate your changes with the existing documents.
The existing programs work well for senior systems engineers who can attend Wednesday meetings and are free on weekends. The programs have been expanded recently and the results are very good. We are getting almost 50% better attendance at meetings!!!
But there is a lingering question: Where is Generation-X? How can INCOSE.CC better serve the younger generations with families, a need to learn, job pressures, technical sophistication, and ambition? Part of the challenge is marketing what we have. Part of it is changing the content and delivery of our resources to meet Gen-X requirements. How should we do that? Let’s open up a dialog and discuss.
Figure 1. Flag Day Review June 14, 1944,
at Peover Hall, Knutsford , UK
Lieutenant General and later General George S. Patton, USA, is a familiar name and face to most Americans. What is not so familiar is the important role that systems engineering concepts played in his successful leadership of the Third U.S. Army during the historic 10 months in WWII that began soon after this picture was taken.
To explain this role, we must gain some perspective into the situation. Consider just how many men General Patton commanded on this moderately cool English summer day on June 14, 1944? The Normandy Invasion had just begun on June 6, and the Third US Army was preparing for its own deployment into combat against the German Army.
The answer from the official records of the period state that the 3rd Army reported a total strength of 253,352 military personnel. These were organized into fighting divisions and support groups and were further augmented by Army Air Corps Tactical Fighter units.
A systems engineer thinking about this huge enterprise would be expected to wonder: just how does Patton with a staff of approximately 20, organize, train, equip, deploy, support, and control the combat activities in an organization of that size? This is especially true for the
U.S Army since the total size of the pre-war army was about 50% of the
deployed total in the European theater in 1944-1945.
Where did Patton or his contemporaries learn to effectively create, govern and control such large organizations? It doesn’t take a systems engineer to realize that scalability of existing process may not hold up when the numbers grow to this size. The answer was to quickly develop, apply and enforce processes that could enable the organization to perform all its functions in a very standardized and repeatable manner. Obviously, a large organization – military or otherwise – could not survive without clearly documented processes. There was some existing regulation framework from the Army that they had available to assist them however most of this was ad hoc and untested on such a large scale.
The life cycle of an army at war begins with training, and moves to mastering deployment, creating a logistics capability, maneuvering against the enemy, and providing operational support, services such as medical, signaling, graves registration, administration, public affairs and so on.
ISO 15288, the bedrock of current systems engineering practice, when mapped into the Third Army’s written processes and higher-level Army policy would very likely appear to be completely anticipated. Everything the soldier needed was provided for and staff officers at all levels in the command worked long hours to make sure the system worked as was set down in writing. The Army way was to follow instructions. Obviously, in combat changes and exceptions were made but the interesting thing was that even this was controlled and exceptions led to better rules and figured in compiling many important life saving lessons learned.
Panel: Understanding the INCOSE SE Professional Certification Program
Paul Martin giving an overview of INCOSE’s Systems Engineering Certification program. He only got as far as explaining the various Multi-Level Certifications offered by INCOSE before Don York, Programs Director, intervened in order to provide time for the panel members to explain their experience with INCOSE Certifications. Dave Alldredge, CSEP, and Ken Zemrowski, CSEP, both review INCOSE Certification applications. They provided tips on creating an application to help the reviewers. Mike Berendt, ASEP, actually isn’t a Systems Engineer but an Executive level Program Manager. He took the Certification exam to show with the right preparation of class time and studying will get you through. He feels once these SE Certifications take off, in the same way the PMI Program Management Certifications have, then having a SE certification will be a real individual discriminator for a person’s career. Dave Fadeley, ESEP, explained what he did to obtain the Expert Systems Engineer designation. Steve Sutton, CSEP, explained how his Certification differs from his Professional Engineer license. The entire panel had great information to share and the audience of almost 50 was very appreciative of the material.
Get more details by downloading Paul’s presentation slides here >> <<.
Book Reviews NBC is now GNR due to a RMAs. Are we Ready?
Mark Kaczmarek Wired for War: The Robotics Revolution and Conflict in the 21st Century by P.W. Singer;
Director of the 21st Century Defense Initiative
This book is an exhaustive study of the future of high tech machinery built for war in the 21st century. The author indicates that he spent over 4 years accumulating information that he presented in this book – over 400 pages worth. Back in 1999 I starting working on a UAV program and the photo on the front cover of the book, an X-45 UCAV (Unmanned Combat Air Vehicle) drew me in – hook, line and sinker. A lot of questions that I had were answered in this book.
The author indicates that the old model was NBC (Nuclear, Biological and Chemical), but has now been transformed to GNR (Genetics, Nanotechnology and Robotics). This is a paradigm shift for the military known as RMAs – Revolutions in Military Affairs.
This review is a bit difficult since I have dozens of snippets I would like to share. But here are a few. Singer includes such infamous people like Mr. Singularity himself, Ray Kurzweil and his “Law of Accelerating Returns” indicating that all technology areas are growing at an exponential rate, similar to Moore’s Law. Some of the technologies have different rates, but the emergent nature of these technologies have produced significant strides in warfare. Ex:
“The same exponential change in how we fight has also gone on in the short time that war has taken place in the air. During World War II, roughly 108 planes were needed to take out a single target. By the time of the airstrikes over Afghanistan in 2001, the ratio had flipped; each plane was destroying 4.07 targets on average per flight“, pg 100.
Another area covers is that just because you have significant technical advantage (known as asymmetric warfare), one may not necessarily win the war. The latest conflicts have been described as “The Jetsons meet The Flintstones”. Yet we still have numerous terrorist cells and activities all around the world.
The author also included Col. Ralph Peters (Ret) into his portfolio. Col Peters is one of the world’s authority on terrorism, and he shows that the tough economic conditions have driven some to use violence as a means to their end and gives a discussion on the psychology of war, manned and unmanned.
Ethics. Robot ethics. Another area of discussion. You or I today probably face fewer rules and regulations than what a modern war fighter (human or robotic) has to consider on a day-to-day basis.
Overall, this is a good read, a bit tough due to the length, however it is very comprehensive. No equations that I recall, so no quiz at the end. Singer did provide footnotes and an index as well. I would enjoy an exchange of comments after you have read this book.
This is the monthly newsletter for INCOSE Chesapeake, a local chapter of INCOSE International. We are a not-for-profit organization dedicated to providing a forum for professionals practicing the art and science of Systems Engineering in the Northern & Central Maryland & Southern Pennsylvania area.
The Chesapeake Chapter is always looking for volunteers to speak at our upcoming meetings! Please contact our Programs Director, Mr. Donald York, if you would like the opportunity to speak or can recommend someone.
The Chesapeake Chapter of INCOSE is proud to recognize the following organizations for sponsoring our endeavors to expanding the understanding and appreciation of Systems Engineering in the local area:
Mark your Calendars with these upcoming Chapter events:
Wednesday 18 May 2011 Why and How to Defend Software Applications from Threats Harry J. Foxwell, Ph.D; Principal Consultant; Oracle Corp
It has now been more than six decades since systems engineering methodologies and practices began to emerge to address the complex and challenging systems we now face on a regular basis. Much has been accomplished in that time and the value of systems engineering is not only unquestioned, but standards such as ISO/IEC 15288 and ANSI/EIA 632 are now widely recognised to be appropriate guidance to acquirers and suppliers for the creation of products and services. The theme of SETE2011 is therefore ‘Systems Engineering in the Next Decade’.
May 01 – 05, 2011
Detroit, MI Department of Defense Intelligence Information Systems (DoDIIS) Worldwide Conference
Hosted annually by the DIA Directorate for Information Management (DS) and Chief Information Officer, DoDIIS Worldwide provides a unique opportunity for defense intelligence community members and industry peers to come together for knowledge sharing, training and discussion of current and future information technology (IT) challenges and requirements.
The conference’s 2011 theme, Secure and Collaborative Intelligence in Defense of the Nation, highlights the DIA Chief Information Officer’s commitment to developing and maintaining secure and reliable networks for Department of Defense personnel, services and information technology customers.
May 02 – 04, 2011 Canberra, Australia SETE2011 The Systems Engineering Test and Evaluation Conference
SETE2011 (Systems Engineering Test and Evaluation) is a conference co-organized by The Systems Engineering Society of Australia (SESA), The Southern Cross Chapter of The International Test and Evaluation Association (ITEA) and INCOSE Australia. The theme of SETE2011 is ‘Systems Engineering in the Next Decade”
The INCOSE International Symposium is the premier international forum for Systems Engineering. Participants network, share ideas, knowledge and practices, and learn more about the most recent innovations, trends, experiences and issues in Systems Engineering.
Paper authors, panelists and tutorial presenters are encouraged to address ways in which Systems Engineering principles and perspectives are performed today and how Systems Engineering may influence our future. Topics of value include technology insertion, process improvements, and organizational governance of the systems we make, manage, operate and maintain over their life cycle, to the benefit of mankind.
Discover Systems Engineering
Read the current issue free on-line for a limited time: Click Here
Copyright (c) 2011 Wiley Periodicals, Inc., A Wiley Company
As a member of INCOSE you have online Access to the current and past issues of The Journal of Systems Engineering via the Wiley InterScience site. Search the archives and download papers of interest. Registration on the Wiley site is required. Instructions for accessing the SE Journal can be found in INCOSE Connect
With Connect you can also download the Dec 2010 Issue of INSIGHT Systems Development in Extreme Environments from Deep Sea to Deep Space
This Newsletter is to serve our members and is open to all for contributions. Do you have an interesting idea for an article? A review of a new book related to engineering? Let us know. We’d love to hear about. It may wind up in a future issue of our Newsletter.
Keep up with the latest news and events. Find out about our new Board of Directors. Explore our extensive library of previous lectures from our Monthly Dinner Meetings. Learn of the Benefits of Joining INCOSE. Check out Systems Engineering education in the local area. All this and more awaits you at our INCOSE Chesapeake Chapter Website.