Making the Case for Cybersecurity
hoc diagrams dominated— SysML offers a common, formal vocabulary for modeling systems in a tool-based environment. These tools do not merely draw diagrams; they store and interlink system information in a central model database, often referred to as the " authoritative source of truth."
These model elements- components, interfaces, functions, scenarios, constraints, and more- when semantically defined, allow for automated reasoning and analysis. Increasingly, SysML models are being reused throughout the lifecycle in cybersecurity applications such as attack surface evaluation, dependency analysis, and risk assessment.
However, SysML’ s flexibility— a strength in bespoke engineering workflows— poses a major challenge when models need to be interpreted by third-party cybersecurity tools. Without standardized semantics, the same concept( e. g. a data flow or computing node) might be represented differently across models, limiting tool interoperability and hindering automation.
In traditional MBSE environments, models are often consumed only by the engineering teams that created them. But cybersecurity is inherently inter-organizational: third-party tools, assessors, acquirers, engineers, intelligence analysts, T & E, and certification authorities must all interpret the same models to reason about risk.
This makes semantic interoperability essential. While SysML v2 improves internal model semantics and introduces better support for ontologies, it does not define what the models mean in terms of real-world cyber risk.
2.2 TAILORING SEMANTICS FOR CYBER-PHYSICAL SYSTEMS
Cyber and cyber-physical systems introduce domain-specific needs beyond what generic SysML captures. These systems involve digital information processing, embedded hardware, software supply chains, and connections to physical environments. Elements are not merely abstract components— they represent processors, buses, protocols, BOMs and SBOMs, and mechanical or electrical subsystems. Connectors often carry data or control signals; exchanges have types, timing constraints, and trust implications.
Moreover, such systems include emergent properties— functions, capabilities, and mission outcomes— that arise from the collaboration between subsystems. Understanding these emergent elements is crucial for assessing mission assurance and cybersecurity posture.
Engineering teams address this by introducing proprietary stereotypes or model extensions, but without a shared standard, these adaptations remain opaque to external tools. As a result, even well-crafted models become inaccessible to cybersecurity analytics, and risk assessment remains disconnected from system design.
42 May 2025