Using Indicators to Monitor Security Risk in Systems of Systems

Systems of systems are collections of systems interconnected through the exchange of services. Their often complex service dependencies and very dynamic nature make them hard to analyze and predict with respect to quality in general, and security in particular. In this chapter, the authors put forward a method for the capture and monitoring of impact of service dependencies on the security of provided services. The method is divided into four main steps focusing on documenting the system of systems and IT service dependencies, establishing the impact of service dependencies on risk to security of provided services, identifying measureable indicators for dynamic monitoring, and specifying their design and deployment, respectively. The authors illustrate the method in an example-driven fashion based on a case within power supply.